RE: [squid-users] Squid2.4 supports persistent connection, but why Squid2.5 or Squid3.0 not.

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 12 Dec 2003 00:31:33 +0100 (CET)

On Thu, 11 Dec 2003 sun@rty.co.jp wrote:

> I really want the persistent connection between Squid and my server because
> my server dosen't support application level session ID and I use TCP
> connection ID (socket) to keep talk to my client application until the
> server or client close the connection.

This will by definition NOT WORK when the client is using a HTTP proxy. If
you make this assumption in your application then it is not HTTP compliant
as HTTP does not guarantee there is a TCP session <-> end user relation,
and even encourages that there should be no such relation in order to make
more efficiently use of the network resources. See RFC 2616 section 8.1.3
Persistent Connections and Proxy Servers.

Squid does supports persistent connections per the specifications. HTTP
persistent connections are a hop-by-hop feature of HTTP and is negotiated
separately client<->proxy and proxy<->server. For each hop the connections
is to be used as efficiently as possible while at the same time not
violating the non-indempotent request requirements.

What this means is that

 a) A proxy may have a number of persisitent connections open to the
server. When a client request is to be forwarded (regarless on how this
request was received by the proxy) the first available persistent
connection to the requested server will be selected. This means that the
server will and MUST expect to receive requests from multiple clients on
the same connection, and requests from the same client connection may be
forwarded on different server connections depending on the total traffic
pattern, timing and whatever else may influence how the proxy selects
which persistent connection to forward the request on.

 b) POST and other non-indempotent request methods will always be sent on
a new connection to the server by the proxy. This due to the fact that
persistent connection are not reliable and may be closed by the server at
any time while idle and the fact that proxy is not allowed to retry
non-indempotent requests even if sending the request over a persistent
connection fails due to the server closing the connection while the
request is being sent by the proxy. Because of this the proxy can not
reuse a persistent server connection for a POST request without risking
failing the request in ways not acceptable by the HTTP specification.

If you really need to make the above assumption about client connections
then you should use https. Due to the nature of running ontop of SSL
https gives a sort of guaranteed TCP connection <-> end user relation.
(SSL garantees this even if the HTTP which runs ontop of the SSL
connections does not)

Regards
Henrik
Received on Thu Dec 11 2003 - 16:31:41 MST

This archive was generated by hypermail pre-2.1.9 : Thu Jan 01 2004 - 12:00:10 MST