3

I use an application behind a reverse proxy using Apache 2.4 (mod_jk).

When I request some page, it takes forever to load, and won't eventually load at all.

After investigation, I discovered some subtle JavaScript errors that are absent when accessed directly (no reverse proxy).

Delving further, it turned out that a specific .js file wouldn't complete loading, and I get a client side error: ERR_CONNECTION_RESET with a partially loaded .js file.

I noticed that Apache2 and Tomcat both work smoothly together, which is not the case between Apache2 and Jetty 7.3.

PS: This error occurs only when external static IP addresses are involved.

It feels like there is a timeout somewhere.

The logs below are related to a single .js resource request only (the one that causes the major problem).

access.log:

client-ip-address - - [13/Jan/2016:15:35:14 +0000] "GET /mifos/webcontent/birt/ajax/lib/prototype.js HTTP/1.1" 200 47603

error.log (with LogLevel debug and ProxyHTMLLogVerbose On):

    [Wed Jan 13 15:35:14.688949 2016] [authz_core:debug] [pid 31137:tid 3011484480] mod_authz_core.c(835): [client client-ip-address:53033] AH01628: authorization result: granted (no directives)
    [Wed Jan 13 15:35:14.689058 2016] [proxy:debug] [pid 31137:tid 3011484480] mod_proxy.c(1163): [client client-ip-address:53033] AH01143: Running scheme http handler (attempt 0)
    [Wed Jan 13 15:35:14.689071 2016] [proxy_ajp:debug] [pid 31137:tid 3011484480] mod_proxy_ajp.c(710): [client client-ip-address:53033] AH00894: declining URL http://server-local-ip-address:8080/mifos/webcontent/birt/ajax/lib/prototype.js
    [Wed Jan 13 15:35:14.689083 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2140): AH00942: HTTP: has acquired connection for (server-local-ip-address)
    [Wed Jan 13 15:35:14.689093 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2193): [client client-ip-address:53033] AH00944: connecting http://server-local-ip-address:8080/mifos/webcontent/birt/ajax/lib/prototype.js to server-local-ip-address:8080
    [Wed Jan 13 15:35:14.689104 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2394): [client client-ip-address:53033] AH00947: connected /mifos/webcontent/birt/ajax/lib/prototype.js to server-local-ip-address:8080
    [Wed Jan 13 15:35:14.689158 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2636): AH00951: HTTP: backend socket is disconnected.
    [Wed Jan 13 15:35:14.689590 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2771): AH02824: HTTP: connection established with server-local-ip-address:8080 (server-local-ip-address)
    [Wed Jan 13 15:35:14.689628 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2923): AH00962: HTTP: connection complete to server-local-ip-address:8080 (server-local-ip-address)
    [Wed Jan 13 15:35:15.141686 2016] [proxy:debug] [pid 31137:tid 3011484480] proxy_util.c(2155): AH00943: http: has released connection for (server-local-ip-address)

mod-jk.log (nothing interesting except one repeated line ):

[Wed Jan 13 15:03:22 2016][30041:3075380928] [info] init_jk::mod_jk.c (3383): mod_jk/1.2.40 initialized
Mohamed Ennahdi El Idrissi
  • 2,931
  • 2
  • 19
  • 32
  • Please provide us httpd, mod_jk and tomcat log – Ghayel Jan 13 '16 at 08:34
  • Jetty doesn't cope well with Apache2. – Mohamed Ennahdi El Idrissi Jan 13 '16 at 15:46
  • do you have any firewall settings? – Ghayel Jan 14 '16 at 17:43
  • Well, I have noticed that it works with Firefox and Safari with some WiFi networks with both static and dynamic IP addresses. In most cases, It won't work at all with Chrome with static IP addresses. I tried to make WiFi networks have Home Location settings (rather than Work or Public), no apparent effects. By the way, I've added the worker for Jetty as well (better performance). Most importantly, when it doesn't work, it's just because of a ~40KB file that is partially loaded (~10KB posted only). – Mohamed Ennahdi El Idrissi Jan 14 '16 at 22:17
  • It means mod_jk is working properly but problem is with your network – Ghayel Jan 15 '16 at 09:15
  • Sure thing is that all networks with Dynamic IP worked. Therefore the problem is related to networks with Static IP. – Mohamed Ennahdi El Idrissi Jan 15 '16 at 20:26
  • 1
    Please check these links: [Link-1](http://stackoverflow.com/questions/23725085/failed-to-load-resource-neterr-network-io-suspended) [Link-2](http://stackoverflow.com/questions/22083453/console-errors-failed-to-load-resource-neterr-insecure-response) [Link-3](http://stackoverflow.com/questions/24931566/getting-error-in-console-failed-to-load-resource-neterr-connection-reset) – Ghayel Jan 17 '16 at 09:28
  • Thank you Ghayel for your support. – Mohamed Ennahdi El Idrissi Jan 19 '16 at 11:21

2 Answers2

1

I've finally solved the issue.

The breakthrough occured when I followed @john ktejik's directives:

Failed to load resource under Chrome

I came to realize that the involved resource was encompassed within a .jar file. Therefore, I had to tell Apache2 to explicitely use "SetOutputFilter INFLATE;proxy-html;DEFLATE".

That's when I started to make some progress.

Since The inflate/deflate directive disables some links, I had to make it exclusive for javascript files:

"AddOutputFilterByType DEFLATE application/x-javascript".

Also, I needed an extra tweak which is to activate mod_expires and mod_headers (source).

Finally, I would rather clear cache before testing in different machines.

Clearly, the problem is related to Cache expiration and Static IP, which I can't really understand.

More importantly, the problem is solved (tested on different machines with different browsers with static and dynamic IP)!

Community
  • 1
  • 1
Mohamed Ennahdi El Idrissi
  • 2,931
  • 2
  • 19
  • 32
1

Had this issue on 250 Server 2012/2016 systems.

2012 and up - Issue: Cannot access NuGet repositories. Cannot access Bing.Com. Cannot access MSN.Com. Certain websites do not load properly such as TMobile.com W3Schools

Cause - The TCP ECNCapability protocol is causing Windstream to drop the packets. Windstream will neither fix nor acknowledge the issue.

Fix: From an elevated command prompt, type the following command and hit enter. Bing.Com should immediately begin working.

netsh int tcp set global ecncapability=disabled

Christopher Watson
  • 11
  • 1