Apache Timeout/KeepAlive

Question

I run several apache web servers on CentOS 5.x and they all seem to have the same problem. It is typically fast but at times the browser will just sit there waiting forever and it never fails or goes through. Typically if you open a new tab and try again it goes through. I have keepalive turned off in httpd.conf. The servers that have this issue are behind a Cisco ASA firewall.

Has anyone else seen these problems? Is it worth trying to turn on KeepAlive? It doesn't happen all the time but I have noticed every night at about 7 PM for about 5 minutes the one web server is unavailable.

There could be a million reasons why this could be happening. Random guesses as to whether Keep Alive might help won't be very useful -- if you have a hypothesis, test it. — womble, Aug 21 '11 at 02:42
Sounds like your keep-alive was disabled before the issue occured? Why? — Shane Madden, Aug 21 '11 at 04:31

score 0 · Answer 1 · answered Aug 21 '11 at 04:23

0

I have seen this problem before with Cisco ASAs where the fixup was killing the connection because it thought data in the connection was trying to cause an exploit. You can pretty easily prove this by running tcpdump on either side of the ASA (possibly with a SPAN port off your switch). You can also try just turning off fixup/inspect on the ASA temporarily and see if it goes away. Here is more info from cisco on the inspect command on the ASA:

http://www.cisco.com/en/US/docs/security/asa/asa81/command/ref/i2.html#wp1717991

answered Aug 21 '11 at 04:23

polynomial

3,968
13
24

I think it is ASA related but i'm not sure. It almost seems like apache still thinks it is connected to the mysql server but when the ASA gets the packet it is saying there is no connection. – memoryisram Aug 24 '11 at 15:49
Did you try to turn off inspect yet? – polynomial Aug 24 '11 at 22:16

Apache Timeout/KeepAlive

1 Answers1