Conditionally disable keepalives

Is it possible to conditionally disable keep-alives via some sort of
configuration? I have a customer with a buggy proxy that they cannot
fix short-term, but I do not want to disable keepalives entirely for
every user. With keepalives enabled, they intermittently see “raw”
HTTP streams in the browser, headers and all. Thousands of other
customers have no issues, of course, as they aren’t using this
particular proxy (Trend Micro Viruswall 6).

The “keepalive_timeout” directive will not accept a variable value.

Right now I have a configuration that conditionally adds a
“Connection: close” header based on $remote_addr, but that gets sent
in addition to the “Connection: keepalive” header set by nginx. While
it seems to work for this particular buggy proxy, sending multiple
“Connection” headers is also an HTTP specification violation, I think.

The only other thing I can think of to do is a rewrite to a different
server or location with “keepalive_timeout 0” specified, but will that
even work, or are keepalives handled at the connection layer?

nginx 0.7.65 on Ubuntu 10.04

RPM

On Fri, 2010-09-17 at 11:27 -0500, Ryan M. wrote:

Right now I have a configuration that conditionally adds a
“Connection: close” header based on $remote_addr, but that gets sent
in addition to the “Connection: keepalive” header set by nginx. While
it seems to work for this particular buggy proxy, sending multiple
“Connection” headers is also an HTTP specification violation, I think.

The only other thing I can think of to do is a rewrite to a different
server or location with “keepalive_timeout 0” specified, but will that
even work, or are keepalives handled at the connection layer?

nginx 0.7.65 on Ubuntu 10.04

Or you could run a second Nginx instance between them and the main Nginx
instance.

Cliff

On Fri, Sep 17, 2010 at 11:34 AM, Cliff W. [email protected] wrote:

Or you could run a second Nginx instance between them and the main Nginx
instance.

I thought about that… I suppose I could even have the same nginx
instance proxy to itself, as the source IP would change to localhost
on the subrequest, but it seems wasteful and potentially brittle.

They cannot configure their proxy to send HTTP 1.0 requests, even
though it clearly does not support HTTP 1.1 correctly. And of course
they say “they have no problems with other sites”, which I think
likely not true.

I could, I suppose, even give them a different hostname to work with,
but that would likely require many application-layer changes as well.


RPM

On 17/09/2010 17:27, Ryan M. wrote:

Is it possible to conditionally disable keep-alives via some sort of
configuration?
I would suggest putting the keepalive_timeout directive inside an if
block, but it’s not permitted.

Igor/Maxim : Is there a good reason why keepalive_timeout cannot be set
inside a server or location if block?

Cheers,

Marcus.

On Fri, Sep 17, 2010 at 12:20 PM, Ryan M. [email protected]
wrote:

On Fri, Sep 17, 2010 at 11:34 AM, Cliff W. [email protected] wrote:

Or you could run a second Nginx instance between them and the main Nginx
instance.

I thought about that… I suppose I could even have the same nginx
instance proxy to itself, as the source IP would change to localhost
on the subrequest, but it seems wasteful and potentially brittle.

So, the “proxy back to another nginx” (in this case the same instance)
Cliff suggested seems to be working, and I get a “Connection: close”
header for the IPs I am interested in, and keepalives seem to be off.

However, I do not get see the header I add in my special location,
even though I know it is hitting that location via rewrite. Is
proxy_pass http://127.0.0.1 treated specially by nginx somehow? I
would also expect to see two entries in the log files for every
request, but I do not.

Here is what I have (streamlined config)

server {

if ($remote_addr ~ “^(111.111.111.111|222.222.222.222)$”) {
rewrite ^(.*)$ /nokeepalive$1;
}

location /
#and and many other locations

location /nokeepalive {
keepalive_timeout 0;
add_header “X-NoKeepalive-Proxy” “true”;
proxy_set_header Host $host;
#proxy back to myself at original request URI
rewrite /nokeepalive(.*)$ $1;
proxy_pass http://127.0.0.1;
}
}


RPM

Hello!

On Fri, Sep 17, 2010 at 06:45:33PM +0100, Eugaia wrote:

On 17/09/2010 17:27, Ryan M. wrote:

Is it possible to conditionally disable keep-alives via some sort of
configuration?
I would suggest putting the keepalive_timeout directive inside an if
block, but it’s not permitted.

Igor/Maxim : Is there a good reason why keepalive_timeout cannot be
set inside a server or location if block?

There is a good reason to disable anything but rewrite directives
in “if” blocks.

http://wiki.nginx.org/IfIsEvil

Maxim D.

On 17/09/2010 19:47, Maxim D. wrote:

nside a server or location if block?
There is a good reason to disable anything but rewrite directives
in “if” blocks.
I know about the ‘if is evil’ idea, but so long as you know what will
happen (i.e. that if blocks don’t behave like you might expect them to),
is there any other inherent problem caused?

Was the decision to not allow many statements inside if blocks basically
made because to do so would probably mean that configurations might do
something unconventional (and other than what the administrator probably
would expect them to do), rather than for any other inherent problem?

Thanks,

Marcus.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs