36937 – mod_cache not respecting mod_access

Bug 36937 - mod_cache not respecting mod_access

Summary: mod_cache not respecting mod_access

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Apache httpd-2
Classification:	Unclassified
Component:	mod_cache (show other bugs)
Version:	2.5-HEAD
Hardware:	Other other

Importance:	P2 normal (vote)
Target Milestone:	---
Assignee:	Apache HTTPD Bugs Mailing List

URL:
Keywords:

Duplicates (1):	42508 (view as bug list)
Depends on:
Blocks:

Reported:	2005-10-05 15:57 UTC by Wilson Felipe
Modified:	2018-02-25 20:13 UTC (History)
CC List:	3 users (show)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Wilson Felipe 2005-10-05 15:57:05 UTC

our environment:

SetEnvIfNoCase Referer ^http://host validreferer

<Directory />
      Order deny,allow
      Deny from all
      Allow from env=validreferer
</Directory>

if the object is not cached, using mod_cache and mod_mem_cache, it's returned
403, however, if the object is already cached, it does not respect mod_access
and the object is served right away.

example below

- first request, invalid referer
GET /probe.gif HTTP/1.0
Host: host
Referer: http://invalidhost

HTTP/1.1 403 Forbidden
Date: Wed, 05 Oct 2005 13:47:24 GMT
Server: Apache/2.0.54 (Unix)
Connection: close
Content-Type: text/html; charset=iso-8859-1

- second request, valid referer
GET /algo.gif HTTP/1.0
Host: host
Referer: http://host

HTTP/1.1 200 OK
Date: Wed, 05 Oct 2005 13:52:40 GMT
Server: Apache/2.0.54 (Unix)
Last-Modified: Wed, 05 Oct 2005 13:52:37 GMT
ETag: "31-402621f003340"
Accept-Ranges: bytes
Content-Length: 49
Cache-Control: max-age=315360000
Expires: Sat, 03 Oct 2015 13:52:40 GMT
Connection: close
Content-Type: image/gif

- third request, invalid referer
GET /algo.gif HTTP/1.0
Host: host
Referer: http://invalidhost

HTTP/1.1 200 OK
Date: Wed, 05 Oct 2005 13:54:27 GMT
Server: Apache/2.0.54 (Unix)
Content-Type: text/plain; charset=ISO-8859-1
Last-Modified: Wed, 05 Oct 2005 13:54:20 GMT
ETag: "31-402622523db00"
Accept-Ranges: bytes
Content-Length: 49
Cache-Control: max-age=315360000
Expires: Sat, 03 Oct 2015 13:54:22 GMT
Age: 4
Connection: close

mod_cache configuration:
CacheEnable             mem /
CacheDefaultExpire      21600
CacheMaxExpire          21600
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod    On
CacheDisable            /nocache
MCacheSize              262144
MCacheMaxObjectCount    4096
MCacheMinObjectSize     1 
MCacheMaxObjectSize     100000
MCacheRemovalAlgorithm  LRU

I already tried to change mod_access and mod_cache load order, but with no results

Comment 1 Wilson Felipe 2005-10-07 17:10:34 UTC

it doesn't happen to apache 2.0.52

Comment 2 Colm MacCarthaigh 2005-10-29 12:14:46 UTC

This behaviour has not been documented, pending a complete fix.

Comment 3 Colm MacCarthaigh 2005-10-29 15:47:44 UTC

This behaviour has now been documented, rather.

Comment 4 Paul Querna 2005-12-06 08:05:38 UTC

Ongoing issue, even in trunk.  I don't like the pure documentation fix.

Comment 5 Joshua Slive 2007-09-28 10:21:57 UTC

*** Bug 42508 has been marked as a duplicate of this bug. ***

Comment 6 rahul 2008-05-29 05:45:20 UTC

Unable to reproduce this in 2.3-trunk
Please provide any more information that may help in reproducing this problem


config:

SetEnvIfNoCase Referer ^http://host validreferer

<Directory />
      Order deny,allow
      Deny from all
      Allow from env=validreferer
</Directory>

CacheEnable             mem /
CacheDefaultExpire      21600
CacheMaxExpire          21600
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod    On
CacheDisable            /nocache
MCacheSize              262144
MCacheMaxObjectCount    4096
MCacheMinObjectSize     1
MCacheMaxObjectSize     100000
MCacheRemovalAlgorithm  LRU



|telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html HTTP/1.0
Host: host
Referer: http://invalidhost

HTTP/1.1 403 Forbidden
Date: Thu, 29 May 2008 12:16:33 GMT
Server: Apache/2.3.0-dev (Unix)
Content-Length: 212
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /index.html
on this server.</p>
</body></html>
Connection to localhost closed by foreign host.
zsh: exit 1     telnet localhost 8080
|telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html HTTP/1.0
Host: host
Referer: http://host

HTTP/1.1 200 OK
Date: Thu, 29 May 2008 12:16:39 GMT
Server: Apache/2.3.0-dev (Unix)
Last-Modified: Mon, 26 May 2008 09:34:35 GMT
ETag: "4044f-2d-44e1ee33920c0"
Accept-Ranges: bytes
Content-Length: 45
Connection: close
Content-Type: text/html

<html><body><h1>It works!</h1></body></html>
Connection to localhost closed by foreign host.
zsh: exit 1     telnet localhost 8080
|telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
GET /index.html HTTP/1.0
Host: host
Referer: http://invalidhost

HTTP/1.1 403 Forbidden
Date: Thu, 29 May 2008 12:16:54 GMT
Server: Apache/2.3.0-dev (Unix)
Content-Length: 212
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /index.html
on this server.</p>
</body></html>
Connection to localhost closed by foreign host.
zsh: exit 1     telnet localhost 8080

Error Log: (debug)

[Thu May 29 17:46:16 2008] [notice] Apache/2.3.0-dev (Unix) configured -- resuming normal operations
[Thu May 29 17:46:16 2008] [info] Server built: May 29 2008 16:41:38
[Thu May 29 17:46:16 2008] [debug] prefork.c(960): AcceptMutex: fcntl (default: fcntl)
[Thu May 29 17:46:33 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html
[Thu May 29 17:46:33 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html
[Thu May 29 17:46:33 2008] [error] [client 127.0.0.1] client denied by server configuration: /space/store/apache.26.May/install/htdocs/index.html, referer: http://invalidhost
[Thu May 29 17:46:40 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html
[Thu May 29 17:46:40 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html
[Thu May 29 17:46:40 2008] [error] [client 127.0.0.1] no authorization providers configured, referer: http://host
[Thu May 29 17:46:40 2008] [debug] mod_cache.c(637): cache: Caching url: /index.html
[Thu May 29 17:46:40 2008] [debug] mod_cache.c(643): cache: Removing CACHE_REMOVE_URL filter.
[Thu May 29 17:46:40 2008] [info] mem_cache: Cached url: http://host:80/index.html?
[Thu May 29 17:46:54 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html
[Thu May 29 17:46:54 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html
[Thu May 29 17:46:54 2008] [error] [client 127.0.0.1] client denied by server configuration: /space/store/apache.26.May/install/htdocs/index.html, referer: http://invalidhost


Access Log:

127.0.0.1 - - [29/May/2008:17:46:33 +0530] "GET /index.html HTTP/1.0" 403 212
127.0.0.1 - - [29/May/2008:17:46:39 +0530] "GET /index.html HTTP/1.0" 200 45
127.0.0.1 - - [29/May/2008:17:46:54 +0530] "GET /index.html HTTP/1.0" 403 212

Comment 7 Ruediger Pluem 2008-05-29 06:11:46 UTC

This is a known and well documented issue with mod_cache that IMHO won't change any time soon.

Comment 8 Rainer Jung 2018-02-25 20:13:52 UTC

Undo spam change