1)any improvement regarding the error rate before and after the change?
No yesterday I got 10 errors between 0am and 7 pm
Today I got 9 errors from 0am and 7 pm
2)any URL pattern or method(GET or POST) which is easier to trigger the error or just random ?
It seems random, I don't have many POST requests so it's not likley to happen with a POST request. It happens randomly on images / html / PHP requests. (about 1 for every 1000 requests)
3)will the same error happen between T-WAF proxy and other web server(apache, nginx etc)?
An ASL developper has just told me that they have never seen this issue before and protect nginx servers without issues. Apache servers generaly integrate mod_security directly so they don't need the T-WAF.
again, it'll be much helpful if can work out a test case which can easily reproduce the error
Yes it would, but I've even tried benchmarking (siege) it without managing to create an error. It doesn't seem to happen so much when the server is under more stress.
If this variable is set no pooled connection will be reused if the client connection is an initial connection. This avoids the "proxy: error reading status line from remote server" error message caused by the race condition that the backend server closed the pooled connection after the connection check by the proxy and before data sent by the proxy reached the backend. It has to be kept in mind that setting this variable downgrades performance, especially with HTTP/1.0 clients.
Last edited by Monarobase; 02-01-2013 at 11:20 AM..
so can you set the environment variable on T-WAF ?
I'm giving it a try to see if it makes any difference. I will let you know if it removes the errors.
ASL said I should set the T-WAF (mod_security) to enforce non compressed data because this could cause issues and also prevent mod_security from analysing the data transmitted.
I've given this (disabling compression) a try but it doesn't help either (I still get errors). I think I will activate gzip compression in the T-WAF so it can analyze the data given by litespeed and see what the performance impact is.
I wil reactive keep-alive once I've finished the test with
setEnv proxy-initial-not-pooled 1
Last edited by Monarobase; 02-02-2013 at 01:41 AM..