You are here

Client Connection Handling / Keepalive (Apache MPM Modules)

Description: 

Airlock Gateway uses Apache HTTP Server as web acceptor for incoming HTTP connections. By default the Apache MPM event module is used for request processing. In rare cases this module can cause problems in environments with high load and special clients. This page describes when switching to the MPM module worker should be considered.

The MPM module defines how client connections/requests are processed by the system regarding thread-, process- and event-models. The MPM event module handles some connections in an asynchronous way and is the best fit and therefore the default module for most Airlock Gateway setups. In some cases the module terminates active HTTP keep-alive connections which could cause problems in combination with certain clients.

If you observe one of the following problems, we recommend to test whether the problem is mitigated by switching to the MPM worker module.

  • Connection problems under high load when NTLM passthrough is used. NTLM relies on consecutive HTTP requests that are performed on a stable TCP connection, and termination of them due to lack of resources can cause problems.
  • Connection problems under high load in combination with HTTP clients not being able to handle premature closing of HTTP keep-alive connections. Common browsers are not affected. 

Switching to the worker module may introduce other drawbacks and should only be done when measures like fixing the HTTP client to deal with TCP connection reestablishment can not be applied:

  • Bottleneck in scaling. The event module usually scales better than the worker module in the number of clients/requests due to the asynchronous event model.
  • Lower capability of handling HTTP keep-alive connections
  • More susceptible to Denial-of-Service (DoS)
Workaround: 

The following global Apache Expert setting must be set to switch from MPM event to MPM worker module.

Define USE_MPM_WORKER

 

Knowledge Base Categories: