...
- proxy.config.url_remap.pristine_host_hdr = 0 (was 1)
- proxy.config.http.normalize_ae_gzip = 1 (was 0)
- proxy.config.http.cache.allow_empty_doc = 1 (was 0)
- proxy.config.http.cache.ignore_client_cc_max_age = 1 (was 0)
- proxy.config.http.cache.ignore_accept_mismatch = 2 (was 0)
- proxy.config.http.cache.ignore_accept_language_mismatch = 2 (was 0)
- proxy.config.http.cache.ignore_accept_encoding_mismatch = 2 (was 0)
- proxy.config.http.cache.ignore_accept_charset_mismatch = 2 (was 0)
- proxy.config.http.keep_alive_post_out = 1 (was 0)
- proxy.config.http.background_fill_active_timeout = 0 (was 60)
- proxy.config.http.background_fill_completed_threshold = 0.0 (was 0.5)
- proxy.config.net.sock_send_buffer_size_in = 1 (was 256K)
- proxy.config.net.sock_option_flag_out = 0x1 (was 0x0)
- proxy.config.cache.enable_read_while_writer = 1 (was 0)
- proxy.config.dns.round_robin_nameservers = 1 (was 0)
- proxy.config.http.connect_ports = 443 (was 443 563)
- proxy.config.log.max_space_mb_for_logs = 25000 (was 2500)
- proxy.config.log.custom_logs_enabled = 1 (was 0)
- proxy.config.log.common_log_is_ascii = 1 (was 0)
- proxy.config.ssl.server.honor_cipher_order = 1 (was 0)
Removed configurations
- proxy.config.http.cache.when_to_add_no_cache_to_msie_requests
- proxy.config.log.xuid_logging_enabled
...
There is now SPDY 3.1 support for ATS, which requires the spdylay library to build. This is a compile time option and will need to be enabled when the server is built from source code.
Jira: TS-2431
TLS / SSL and HTTPS improvements
...
- @caseless: Make the regular expressions case insensitive.
- @lowercase_subtitutions: Make all regular expression substitutions be lower cased.
- @proxy.config....=<value>: Modify an overridable records.config configuration.
Jira: TS-2646
Docs: regex_remap
Improved: header_rewrite
...
Docs: stats_over_http
New: background_fetch
This is a new, experimental, plugin to perform background fetches of full objects when clients sends Range: requests only. Since we (currently) do not cache partial objects in the cache, this is a way to allow such objects to make it into cache. Together with the read-while-writer feature, this can improve cache hit ratio and performance dramatically.
Jira: TS-2554
Docs: background_fetch
...
The Amazon S3 services has an optional authentication component. This plugin allows ATS to make origin requests to S3 using the AWS authentication scheme. Currently this only implements the v2 specification of the APIs.
Jira: TS-2611
Docs: s3_auth
New: url_sig
This plugin validates cryptographically signed URLs.
Jira: TS-2732
New: regex_revalidate
This plugin allow you to use regular expressions to force revalidation of content.
Jira: TS-2804
traffic_shell removed
The command line tool traffic_shell has been removed. There was little interest in maintaining this command line tool. For those who still need this functionality, an intermediary perl script is available in the code, traffic_shell.pl.
...
Jira: TS-2693
New Plugin APIs
The following sections discuss changes and additions to public plugin APIs.
Name lookups of internal state values
...
Code Block | ||
---|---|---|
| ||
tsapi const char* TSHttpServerStateNameLookup(TSServerState state); tsapi const char* TSHttpHookNameLookup(TSHttpHookID hook); tsapi const char* TSHttpEventNameLookup(TSEvent event); |
Jira: TS-2598
Docs: TSDebug()
HTTP Connect with Plugin tag and ID
...
Jira: TS-2810
Docs: TSVConnFdCreate()
5.0.1 Security Update
Due to a security issue in 5.0.0, a possibly incompatible change was made to 5.0.1.
To monitor the state of the proxy, a nanny process (traffic_cop) periodically probes the proxy with a specific URL (http://127.0.0.1:8083/synthetic.txt). The security change was to do additional checks on the incoming heartbeat probe. This can cause Traffic Server to fail by preventing the health check probe from succeeding.
Symptoms
- The traffic_server and/or traffic_manager process is restarted very frequently (more than once a minute)
- There are error messages in the
error.log
file of the form
20140806.13h33m54s CONNECT: could not connect to 127.0.0.1 for 'http://127.0.0.1:8083/synthetic.txt' (setting last failure time)
20140806.13h33m54s RESPONSE: sent 192.168.56.196 status 502 (Server Hangup) for 'http://127.0.0.1:8083/synthetic.txt'
- There are syslog messages of the form
traffic_cop[13730]: (http test) received non-200 status(502)
traffic_cop[13730]: server heartbeat failed [1]
Causes
Anything that modifies the heartbeat connection and request from the expected form. Known causes
- iptables NAT masquerade.
If connections on the loopback are affected this will break the heartbeat because the connection source address will be a host address, not the loopback address. To fix this, change your iptables rules to not perform NAT masquerade on the heartbeat connection - Generic remap rules, such as "
map / http://some.other.place.com
"
To fix this, either - add an additional rule to prevent the generic rule from triggering on heartbeat connections, such as
map /synthetic.txt http://localhost:8083/synthetic.txt
- apply the fix from
.Jira server Issues key TS-2934