From nobody@hyperreal.com Mon Feb 24 09:45:59 1997 Received: by taz.hyperreal.com (8.8.4/V2.0) id JAA16077; Mon, 24 Feb 1997 09:45:59 -0800 (PST) Message-Id: <199702241745.JAA16077@taz.hyperreal.com> Date: Mon, 24 Feb 1997 09:45:59 -0800 (PST) From: Jerry Morrison Reply-To: jerry@placeware.com To: apbugs@hyperreal.com Subject: "IdentityCheck on" can make the server inaccessible X-Send-Pr-Version: 3.2 >Number: 190 >Category: documentation >Synopsis: "IdentityCheck on" can make the server inaccessible >Confidential: no >Severity: non-critical >Priority: medium >Responsible: apache >State: closed >Class: doc-bug >Submitter-Id: apache >Arrival-Date: Mon Feb 24 09:50:00 1997 >Last-Modified: Tue Mar 25 12:36:08 PST 1997 >Originator: jerry@placeware.com >Organization: >Release: 1.2b6 >Environment: Solaris 2.5.1 >Description: I turned on the IdentityCheck feature make server logs more informative. (The identity info has a place in the standard server log format.) This worked fine on our server that's inside our firewall. But it made our server that's outside our firewall inaccessible, at least from inside the firewall. E.g. it didn't answer requests for server info. Perhaps the IdentityCheck feature makes it wait forever on some info that's blocked by the firewall. >How-To-Repeat: >Fix: I'd have been happy with a bold note in the documentation on IdentityCheck. I have no idea if the software could be changed to log the identity info when available and not get stuck on it when not available >Audit-Trail: State-Changed-From-To: open-analyzed State-Changed-By: marc State-Changed-When: Tue Feb 25 12:33:39 PST 1997 State-Changed-Why: As was stated in email by someone, this is just the (overly) long timeout of 60 seconds per connection. We are discussing reducing this to 10 or 30, but it is still slow. A configurable timeout should be added, but not until after 1.2. State-Changed-From-To: analyzed-closed State-Changed-By: dgaudet State-Changed-When: Tue Mar 25 12:36:07 PST 1997 State-Changed-Why: Documented the expense of using identitycheck on public servers. >Unformatted: