Should I enable KeepAlive on Apache backend with Varnish as frontend?

apache-2.2 varnish

Solution 1:

Pro:

  • TCP handshake between Varnish and Apache not needed for every single request, reducing overhead.

Con:

  • If your Varnish service wanted to DoS your Apache service with connection exhaustion, it's easier for it to do so..?

Can you clarify what's prompting this question? HTTP connection keep-alive is implied in HTTP 1.1 and on by default in every major web server for a good reason; it's a performance improvement (though it will be a very small one with no latency between services), with a couple of denial-of-service-related caveats that aren't applicable when Apache's only client is Varnish.

I'd even recommend increasing Apache's KeepAliveTimeout higher than the default of 5 seconds, to let Varnish continue to re-use the same pool of connections.

Related

Measuring cumulative network statistics per user or per process
DD wrt bandwidth usage by user
How can I create a scheduled task from the command line that only runs on demand?
Can I send CTRL-BREAK and/or CTRL-C to a running process in Windows?
Why has VMWare ESXi 5 slow access to IBM M1015 / LSI 9240-8i RAID?
Keep Windows Installer from using largest drive for temporary files
How do you get AWS VPC EC2 instances to be able to see the AWS APIs?
rpm -Uvh authenticated proxy access ... just hangs?
EXT4 "No space left on device (28)" incorrect
Keep ssh running as long as possible on server shutdown
Automatic wake on LAN in Linux when accessing remote filesystem
Is there a way to fix Cluster-SSH windows positions automatically?