My favorites | Sign in
Project Home Wiki Issues Source
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 356: Sites with HTTPS users and no HTTPS mod_pagespeed configuration get log spew
4 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Closed:  Dec 2011

Sign in to add a comment
Project Member Reported by, Dec 5, 2011
Prior to 0.10.19.*, mod_pagespeed would never initiate a rewrite for HTTPS resource because CreateInputResource would return NULL based on the scheme of the resource.

Now it will go through the entire rewriting flow until the fetch.  The fetcher will fail reasonably fast, but at a minimum it will log the failure in error.log, which causes system load.

I think we can get back to a situation where there's a pretty fast failure earlier in the flow, if we do something like this:

1. Add "bool UrlAsyncFetcher::SupportsHttps(), base-class returns false.  Existing fetchers will not override.  Alternatively, have "bool UrlAsyncFetcher::PrevalidateUrl(const GoogleUrl&)", base-class checks .scheme=="http".  It could also check the syntax of the domain & the req headers or something; not sure what's best here.  The idea here is that this is a syntax check: no system-calls should be made or threads should be spawned.

2. CreateInputResource will do an origin-map / lookup in LoadFromFile map, and determine whether we'd ever be able to fetch such a resource using PrevalidateUrl or SupportsHttps.

Dec 5, 2011
Project Member #1
I repro'd this as follows:
* Use local Apache installation
* Disable any https -> http mapping in pagespeed.conf
* Add "ModPagespeedDomain https://*/ to pagespeed.conf [authorizes https resource URLs]
* Create /usr/local/apache2/htdocs/mod_pagespeed_test/https.html:

    <title>HTTPS test</title>
    <link rel="stylesheet" type="text/css" href="https://localhost:8443/mod_pagespeed_test/invalid.css
    Try fetching a resource using https.
* Run Apache (in gdb if desired)
* wget --no-check-certificate http://localhost:8080/mod_pagespeed_test/https.html

You get an error in /usr/local/apache2/logs/error_log when FINALLY gets around to NAKing the request.

Now working on short-circuiting this. Either as above or in Domain Lawyer logic.
Domain Lawyer is really only used by Apache and this issue is really Apache specific (AFAIK), so it's a possible place to do it, though the problem actually lies in the fetcher being used and once the SERF fetcher is changed to support https this would stop it from working so it's not the correct place to do it. Investigating.
Dec 23, 2011
Project Member #2
This issue was resolved in

Status: Fixed
Dec 23, 2011
Project Member #3
 Issue 353  has been merged into this issue.
Jan 26, 2012
Project Member #4
(No comment was entered for this change.)
Labels: release-note
Sign in to add a comment

Powered by Google Project Hosting