Thanks Yann. I am on ubuntu 16.04 and apache 2.4.8, and looks like the MPM module I have right now is "event", which seems to be default for modern OSs. It seems like in 2.4 I can load different MPM modules at run time, and don't have to recompile apache. Do you agree? If yes, can I switch back and forth between prefork and event easily, or do I need to plan for anything (other than MPM prefork using more resources, is it going to corrupt any other dependencies?), as this is in production, and am using this in conjunction with mod security.
Deanna On Thu, Nov 9, 2017 at 3:07 PM, Yann Ylavic <[email protected]> wrote: > Hi Deanna, > > On Thu, Nov 9, 2017 at 6:24 PM, Deanna Stevenson <[email protected]> > wrote: > > > > After researching it turned out to be related with maintaining persistent > > connections. > > For NTLM to work through a reverse proxy, client connections need to > be associated with backend ones (1:1), that is the proxy must (re)use > the same backend connection for the requests arriving on the same > client connection (NTLM authenticates connections, not requests...). > > > So, I added "KeepAlive On" to the virtual hosts config file, > > but this doesn't seem to have helped. > > > > I see many posts talking about these issues, but nothing recent. Could > > anybody please help/advise? > > The only way (I'm aware of) to let NTLM pass through Apache httpd is > to use MPM prefork, to indeed set "KeepAlive on" (globally), and > finally to add "SetEnv proxy-initial-not-pooled" in the reverse proxy > VirtualHost (if any, otherwise globally). > > There were patches proposed to make it work with other MPMs, but they > are not up to date (while the above should work with vanilla httpd). > > > Regards, > Yann. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
