Re: Dropped connections with tcp_tw_recycle=1

2009-09-20 Thread Nick Loman
Hi Sven, I don't know the basis precise for it, but I can vouch for the fact that tcp_tw_recycle is incompatible with NAT on the server side. I would guess it is because the NAT gateway keeps a connection tracking list and is unhappy that the webserver is trying to reuse the same ip:port hash

Apache DoS - is Varnish affected?

2009-06-19 Thread Nick Loman
I would guess that Varnish isn't affected by this, but does anyone know for sure? Does Varnish protect against this attack in all cases if you have Apache as your backend? http://isc.sans.org/diary.html?storyid=6601 Many thanks, Nick. ___

Re: Theoretical connections/second limit using Varnish

2009-04-30 Thread Nick Loman
Michael S. Fischer wrote: I've done that for a specific reason relating to backend PHP processes. I don't dispute your reasoning; my employer does this as well. KeepAlive with Apache/PHP can be a recipe for resource starvation on your origin servers. Hi Michael, Precisely, we only have

Theoretical connections/second limit using Varnish

2009-04-29 Thread Nick Loman
Hi there, Has anyone come to a satisfactory solution to the issue of running out of local port numbers when Varnish makes a connection to the backend server? Under Linux, my understanding is the number of available port numbers can be increased to a maximum of 64511 by setting

Re: Theoretical connections/second limit using Varnish

2009-04-29 Thread Nick Loman
Michael S. Fischer wrote: On Apr 29, 2009, at 9:22 AM, Poul-Henning Kamp wrote: In message 49f87de4.3040...@loman.net, Nick Loman writes: Has Varnish got a solution to this problem which does not involve time-wait recycling? One thing I've thought of is perhaps SO_REUSEADDR is used

Re: Weird log entries

2009-02-09 Thread Nick Loman
Alecs Henry wrote: Those are coupled with: 127.0.0.1 - - [09/Feb/2009:19:39:46 +] (null) (null) (null) 200 39678 - - I can see an object in the page that has that size (image) -- through firebug, but the object didn't load into the browser until I hit reload. I've seen log entries

Re: Varnish keep-alive problem

2009-01-06 Thread Nick Loman
Tollef Fog Heen wrote: | Varnish is a very good web accelerator, and i find it support KeepAlive. | The default keep-alive is on. I want to turn off the keep-alive, but i don't know how to do it. | Please tell me how to turn off the keep-alive. I don't believe that's possible out of the

Re: Ticket #250 (POST error when using Opera)

2008-10-11 Thread Nick Loman
Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], Nick Loman writes: Hi there Just to update you on my experience with Varnish 1.1.2, [...] At this point we _really_ urge everybody to upgrade to Varnish 2.0. The release candidate 1 was released this week, and we are ready to cut

Re: Ticket #250 (POST error when using Opera)

2008-10-11 Thread Nick Loman
Poul-Henning Kamp wrote: In message [EMAIL PROTECTED], Nick Loman writes: I started on Varnish 2.0-rc1, which was 99% great, but we experienced a problem which was unfortunately a show-stopper. See my post on the 9th October, Mac connection problem with Varnish 2.0-rc1. If it wasn't

Mac connection problem with Varnish 2.0-rc1

2008-10-09 Thread Nick Loman
Hi there, A client using Mac version of Safari complains of intermittent errors kCFErrorDomainCFNetwork error 302, perhaps every other page, on dynamically generated pages. This is a stock install of varnish-2.0-rc1, with default.vcl and default configuration values. Everything works

Keep-Alive acceleration, is this possible?

2008-09-25 Thread Nick Loman
Hi there, On our platform we have had to disable Keep-Alive support on our Apache/FastCGI/PHP setup because it holds open too many backend processes under load even with KeepAliveTimeout set low. I am looking at Varnish as a web accelerator (it looks great!), and I wonder if it is possible to

Re: Keep-Alive acceleration, is this possible?

2008-09-25 Thread Nick Loman
Poul-Henning Kamp wrote: I was thinking it might be possible to strip out the Connection: Close header returned by Apache, [...] You don't need to do anything. Connection: is a hop-by-hop header, so Varnish already deletes it before sending the reply to the client Perfect! Many