Janno Sannik zei: > We would like to use Keepalive with peruser and possibly fix it if > needed, but we can't seem to find a problem (by just roughly testing it) > why it shouldn't work. > > Could someone explain us a little how to reproduce possible security > breach or some other malfunction then using keepalive. We would gladly > try to produce a workaround. > With simple test using Keepalive on and using 5 domains no problems seem > to occur. All requests get handled correctly. Also apache server-status > shows 5 keepalive connections. One for each vhost. >
Hi Janno, The problem is kinda by design. It can't really handle this situation: If a HTTP-client first sends a host-header for one vhost after that sending an other request over the same connection for an other vhost. Because the socket-descriptor is passed to the vhost-child-process, but it doesn't get passed back to the parent process. Obviously that would also be the solution, but the question is, would this then still be secure. You can probably work around the problem with having each vhost on a seperate IP-address, the browser would know it's talking to the same server. PS If I remember correctly, because this is what it is for the metux-mpm. > Janno Sannik > > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser > _____________________________________ New things are always on the horizon. _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
