RE: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Message d'origine- De : Plüm, Rüdiger, VF-Group [mailto:[EMAIL PROTECTED] Envoyé : lundi 10 septembre 2007 12:02 À : dev@httpd.apache.org Objet : Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers -Ursprüngliche Nachricht- Von: Nick Kew Gesendet: Montag, 10. September 2007 11:29 An: dev@httpd.apache.org Betreff: Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers Does this open the way to a DoS? If a rewriterule[P] enables backends to be derived from the request URI, then you're creating unlimited numbers of workers, which may never be used. Where are the limits on that? Also the scoreboard is a limiting factor for this. The number of available scoreboard entries is determined during the configuration phase of the startup (it cannot even be changed during graceful starts, this is why we add some additional entries to the number of workers we have counted in the configuration). To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. I believe I have addressed your concerns in a new patch posted for PR#43308 in which I introduce a new configuration directive that limits the number of dynamically created workers. During configuration I also increment proxy_lb_workers by the value of ProxyMaxAddtlWorkers in order (at least I hope) for additional scoreboard entries to be allocated... BR -ascs
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Mon, 17 Sep 2007 11:33:16 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. Indeedie. I believe I have addressed your concerns in a new patch posted for PR#43308 in which I introduce a new configuration directive that limits the number of dynamically created workers. During configuration I also increment proxy_lb_workers by the value of ProxyMaxAddtlWorkers in order (at least I hope) for additional scoreboard entries to be allocated... Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), wouldn't it be better to introduce a configuration directive to create your choice of those extra workers at startup? If your config is such that specifying the workers isn't going to work, then managing them dynamically in a useful manner is going to be a complex job that should probably have its own separate module, based on a reslist and a usage-counting strategy to drop little-used workers. Or something like that. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
RE: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Message d'origine- De : Nick Kew [mailto:[EMAIL PROTECTED] Envoyé : lundi 17 septembre 2007 12:59 À : dev@httpd.apache.org Objet : Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers On Mon, 17 Sep 2007 11:33:16 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), wouldn't it be better to introduce a configuration directive to create your choice of those extra workers at startup? That configuration directive already exists: it's called ProxyPass. RewriteRule / http://server/ [P] ProxyPass / ! ProxyPass / http://server/ Been there, done that. Works well provided you have an exhaustive list of backends at the time the server is started. The list of our backends resides in a RewriteMap so that approach is not practical. If your config is such that specifying the workers isn't going to work, then managing them dynamically in a useful manner is going to be a complex job that should probably have its own separate module, based on a reslist and a usage-counting strategy to drop little-used workers. Or something like that. A separate pool of dynamically created workers, of limited size known at configuration time, with a LRU replacement strategy whenever we run out of workers would indeed be a very elegant solution. I do not really see why this should be done in another module, though. BR -ascs
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Sep 17, 2007, at 6:58 AM, Nick Kew wrote: Instead of limiting the number and thus creating them randomly (according to what traffic happens to hit the server first), That is part of, I think, both Rüdiger's and my concern. The benefits are this are really really fuzzy when applied to the real world. If you know enough about how the proxies will be used, then trying to figure out how to do it with ProxyPass (esp. now with the Match version) is likely better. If not, then creating a limit means that the ones created first get the benefits and the ones after the limit don't. To me, this implies some sort of staleness factor should be implemented, such that if older ones haven't been used they should be removed to make space for newer ones...
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Mon, 17 Sep 2007 13:29:44 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: I do not really see why this should be done in another module, though. How about: 1. It's a well-defined task (isn't it)?, and therefore a natural candidate for a module in a modular server. 2. Because it's a lot of extra complexity, it should remain optional. 3. Separating it out will help maintainability. Or rather, failing to do so will tend to be a maintenance nightmare. 4. If we get around to refactoring mod_proxy to provide separate forward and reverse proxy modules, a worker management module will be a useful optional extra for both to have. -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
RE: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Message d'origine- De : Jim Jagielski [mailto:[EMAIL PROTECTED] Envoyé : lundi 10 septembre 2007 14:00 À : dev@httpd.apache.org Objet : Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers On Sep 10, 2007, at 6:01 AM, Plüm, Rüdiger, VF-Group wrote: Also the scoreboard is a limiting factor for this. The number of available scoreboard entries is determined during the configuration phase of the startup (it cannot even be changed during graceful starts, this is why we add some additional entries to the number of workers we have counted in the configuration). To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. I agree... Thanks for your feedback. The issues mentioned in this thread are exactly what I was a little worried about. However: 1. I do not really see how that could be used in a DOS attack as long as the client cannot specify the address of the backend connection ( e.g. a rewrite rule that retrieves the backend address in some query parameter, but that would represent a security issue under any circumstances ). 2. For all practical purposes the number of backends is rather limited ( a dozen ), at least in the configurations that we use. 3. Comparative load tests we have made with and without persistent client connections show that there is a significant performance gain when using persistent connections, both in terms of response times and in terms of reduced load on the backend servers. There is no reason to believe that a similar gain in performance cannot be achieved also with persistent backend connections. The problems you mention can be limited or eliminated by putting a configurable limit on the number of proxy workers created dynamically, the default being 0 (none). One could even imagine adding an equivalent number of slots to the scoreboard. I therefore suggest supplementing the previously described mechanism with an additional configuration directive, e.g. ProxyAddtlWorkersMax, default 0, with which one can specify the maximum number of implicitly created workers. An equivalent number of additional scoreboard entries will be allocated during the configuration phase. I hope this is enough to address your concerns. BR -ascs
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Tue, 4 Sep 2007 14:19:23 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: I will create a Bugzilla report for this issue. That'll be PR#43308, in which you wrote: In Apache 2.2.x a worker, and the associated backend connection pool, is created for each ProxyPass directive. In that case the backend connections will by default be persistent (reusable). (chop - RewriteRule [P]) I therefore suggest to modify ap_proxy_pre_request() in order to create new workers as needed in the event of requests that do not match an existing worker. Does this open the way to a DoS? If a rewriterule[P] enables backends to be derived from the request URI, then you're creating unlimited numbers of workers, which may never be used. Where are the limits on that? -- Nick Kew Application Development with Apache - the Apache Modules Book http://www.apachetutor.org/
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
-Ursprüngliche Nachricht- Von: Nick Kew Gesendet: Montag, 10. September 2007 11:29 An: dev@httpd.apache.org Betreff: Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers On Tue, 4 Sep 2007 14:19:23 +0200 Axel-Stéphane SMORGRAV [EMAIL PROTECTED] wrote: I will create a Bugzilla report for this issue. That'll be PR#43308, in which you wrote: In Apache 2.2.x a worker, and the associated backend connection pool, is created for each ProxyPass directive. In that case the backend connections will by default be persistent (reusable). (chop - RewriteRule [P]) I therefore suggest to modify ap_proxy_pre_request() in order to create new workers as needed in the event of requests that do not match an existing worker. Does this open the way to a DoS? If a rewriterule[P] enables backends to be derived from the request URI, then you're creating unlimited numbers of workers, which may never be used. Where are the limits on that? Also the scoreboard is a limiting factor for this. The number of available scoreboard entries is determined during the configuration phase of the startup (it cannot even be changed during graceful starts, this is why we add some additional entries to the number of workers we have counted in the configuration). To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. Regards Rüdiger
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Sep 10, 2007, at 6:01 AM, Plüm, Rüdiger, VF-Group wrote: Also the scoreboard is a limiting factor for this. The number of available scoreboard entries is determined during the configuration phase of the startup (it cannot even be changed during graceful starts, this is why we add some additional entries to the number of workers we have counted in the configuration). To be honest I am still not convinced that the dynamic creation of workers is a good idea at all. I agree...
Re: [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers
On Sep 4, 2007, at 8:27 AM, Axel-Stéphane SMORGRAV wrote: -Message d'origine- De : Axel-Stéphane SMORGRAV Envoyé : mardi 4 septembre 2007 14:19 À : dev@httpd.apache.org Objet : [PATCH] Apache 2.2.x: Implicit creation of new proxy_workers I will create a Bugzilla report for this issue. On second thought I will not create a report in Bugzilla - I thought suggestions for improvements could be filed that way... How can we move forward on this issue ? I would still file it under BUGZ.