Thanks Dave, much appreciated! So, has anybody compiled the "ultimate BrowserMatch list" for ModSSL-Apache? In my regular Apache I've had the following in for some time now: BrowserMatch "Mozilla/2" nokeepalive BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 I build my regular Apache separately from my ModSSL-Apache so that I can run the ModSSL version at nice level -20, so that it appears to be as fast as possible. I would assume that the "ultimate BrowserMatch list" for ModSSL-Apache would be different and more inclusive than one for regular Apache? This is a great dialog, I appreciate the active responses. By the way, I run mine stuff on BSDI 2.1, 4.0.1 and 4.1 boxes without problems. Thanks, -Chris WSO At 03:05 PM 6/20/2001 -0700, you wrote: >> -----Original Message----- >> From: [EMAIL PROTECTED] >> [mailto:[EMAIL PROTECTED]]On Behalf Of WSO Support >> >> Does solving this problem with sweeping wildcard BrowserMatch >> statements adversely affect the functionality of Apache and ModSSL? > >No. Everything will function fine. > >> What I getting at is, why don't we just BrowserMatch everything >> and call it a day? What are be losing when we downgrade or >> force 1.0? > >Performance. By downgrading to HTTP 1.0 and disabling keep alives, the >client has to negotiate a new connection on every hit. If your site >contains many small images, your clients will definately notice a slowdown >if they are on a slow link (dial up, across the ocean, etc). Pages will >take longer to load. You may also notice a slight increase in server load, >but also see that more httpd processes are needed (since they will be tied >up longer waiting for the client to send something over the pipe instead of >disconnecting immediately after sending a response). > >But some browsers are simply broken with regards to SSL, keep alives and >HTTP 1.1. All versions of MSIE older than 5.0 are known to be problematic, >and now it appears that Netscape on Macintosh is also broken. > >For more info related to this, search the archives for the thread "KeepAlive >and IE, again...". > >-Dave > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
