Lighttpd

Hi,

It is possible for lighttpd to "leak" connections if response content handlers expect more data from the upstream server, but never get it. This seems to happen most frequently when using lighttpd as a reverse proxy in front of Tomcat. Tomcat sometimes fails to send a complete chunked response through mod_proxy_backend_http.c, and the FSM in that file never marks the request as finished. The connection stays in CON_STATE_WRITE_RESPONSE_CONTENT forever, and it is never timed out, because the write_request_ts is updated even though no data are written.

We found that around 1 in every 10,000 requests caused a connection to go into this loop, so we accumulated (at our traffic levels) around 1,000 dead connections per day, leading to gradually increased CPU usage and so forth. The mod_status handler would show thousands of connections that had been in the 'W' state for days. We ended up having to restart lighttpd on a fairly regular basis to keep this problem at bay.

-dave