I've got an Apache host that ProxyPass'es some connections for certain URL's, for example
<Location /partner/data >
Pretty standard. Anything coming from /partner/data should pass on to the vendor's host via https
What I'm seeing is very odd though. There are random clusters of RST packets being sent (from my host) to the IP of the above vendor. These don't make sense to me as
I'm thinking this might be a bug with Apache or possibly the Linux OS, but as of yet Google search reveals nothing that would point to the root cause.
Packets are being captured with a tcpdump which is essentially capturing local->nonlocal or nonlocal->local on high ports:
asked 27 Oct '17, 13:12
I doubt it's an Apache question either, its just that Apache is the only place that references those IPs at all (but Apache itself is L7 and isn't low enough in the stack to cause this). I just showed the config for clarity of what the host is doing.
It could be a kernel bug, networking bug, or possibly wireshark/tcpdump missing info. But in general a SEQ-1 RST and/or an RST without associated session would seem to be against TCP standard.
answered 28 Oct '17, 10:28
edited 28 Oct '17, 10:56
Not a Wireshark question. You should post this on an Apache Web Server forum of some kind.