I think this is part "feature request", part "optimization workaround"..
I've been optimizing a server for best performance when a site desires to always serve content via HTTPS. HTTP keep-alive is especially important to HTTPS, as the TLS handshake can add an additional 200-300ms per request (based on my unscientific tests). During this optimization, I noticed this default code in httpd.conf for SSL hosts:
I did a bit of searching... and it appears this is a hack to solve an issue with IE 5 and earlier. (Correct me if that's wrong, please.) The problem is that this affects *ALL* versions of IE. Now, I'm of the mind that people using even IE 6 shouldn't be on the internet, so using a hack that hurts performance for every IE user for the sake of IE 5 users just seems asinine. But perhaps my assumptions are wrong, in which case I stand corrected...
Anyway, if we *must* have this code for every SSL host by default, could it be a bit more specific, so as not to negatively effect the performance of *every* IE user? I found this suggested replacement at the following site:https://blogs.msdn.com/b/ieinternals/archive/2011/03/26/https-and-connection-close-is-your-apache-modssl-server-configuration-set-to-slow.aspx?Redirected=true
It looks like cPanelTristan's instructions in the following post would also be a suitable workaround for those who don't care about IE 5 users at all. Just don't do step #3 unless you really mean to disable mod_setenvif.
https://forums.cpanel.net/f5/disable-mod_setenvif-254932.html#post1076032
**EDIT** Better instructions!:
I realized after posting this that the instructions I linked are suboptimal, since they require rebuilding Apache (and were written for a different purpose). We only need to rebuild httpd.conf. Stealing the first couple steps from cPanelTristan's post, here is what I actually did:
1. Copy ssl_vhost.default to ssl_vhost.local
2. Comment out the SetEnvIf line in ssl_vhost.local file
3. Rebuild httpd.conf
4. Gracefully restart Apache:
I've been optimizing a server for best performance when a site desires to always serve content via HTTPS. HTTP keep-alive is especially important to HTTPS, as the TLS handshake can add an additional 200-300ms per request (based on my unscientific tests). During this optimization, I noticed this default code in httpd.conf for SSL hosts:
Code:
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdownAnyway, if we *must* have this code for every SSL host by default, could it be a bit more specific, so as not to negatively effect the performance of *every* IE user? I found this suggested replacement at the following site:https://blogs.msdn.com/b/ieinternals/archive/2011/03/26/https-and-connection-close-is-your-apache-modssl-server-configuration-set-to-slow.aspx?Redirected=true
Code:
BrowserMatch ".*MSIE [2-5]\..*" nokeepalive ssl-unclean-shutdownhttps://forums.cpanel.net/f5/disable-mod_setenvif-254932.html#post1076032
**EDIT** Better instructions!:
I realized after posting this that the instructions I linked are suboptimal, since they require rebuilding Apache (and were written for a different purpose). We only need to rebuild httpd.conf. Stealing the first couple steps from cPanelTristan's post, here is what I actually did:
1. Copy ssl_vhost.default to ssl_vhost.local
Code:
cd /var/cpanel/templates/apache2
cp ssl_vhost.default ssl_vhost.local
Code:
sed -i 's/SetEnvIf/#SetEnvIf/g' /var/cpanel/templates/apache2/ssl_vhost.local
Code:
/usr/local/cpanel/bin/apache_conf_distiller --update
/usr/local/cpanel/bin/build_apache_conf
Code:
service httpd graceful
Last edited:
