ok, but what about adding a similar implementation as mpm-itk uses: simulate timeout and close connection so browser would reconnect. It is said to work well in practice and to be compliant with RFC2616
Leen Besselink wrote: > Janno Sannik zei: > >> We would like to use Keepalive with peruser and possibly fix it if >> needed, but we can't seem to find a problem (by just roughly testing it) >> why it shouldn't work. >> >> Could someone explain us a little how to reproduce possible security >> breach or some other malfunction then using keepalive. We would gladly >> try to produce a workaround. >> With simple test using Keepalive on and using 5 domains no problems seem >> to occur. All requests get handled correctly. Also apache server-status >> shows 5 keepalive connections. One for each vhost. >> >> > > Hi Janno, > > The problem is kinda by design. > > It can't really handle this situation: > > If a HTTP-client first sends a host-header for one vhost after that > sending an other request over the same connection for an other vhost. > > Because the socket-descriptor is passed to the vhost-child-process, > but it doesn't get passed back to the parent process. > > Obviously that would also be the solution, but the question is, would > this then still be secure. > > You can probably work around the problem with having each vhost on a > seperate IP-address, the browser would know it's talking to the same > server. > > PS If I remember correctly, because this is what it is for the metux-mpm. > > >> Janno Sannik >> >> _______________________________________________ >> Peruser mailing list >> [email protected] >> http://www.telana.com/mailman/listinfo/peruser >> >> > > > _____________________________________ > New things are always on the horizon. > > > _______________________________________________ > Peruser mailing list > [email protected] > http://www.telana.com/mailman/listinfo/peruser > _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
