our environment: SetEnvIfNoCase Referer ^http://host validreferer <Directory /> Order deny,allow Deny from all Allow from env=validreferer </Directory> if the object is not cached, using mod_cache and mod_mem_cache, it's returned 403, however, if the object is already cached, it does not respect mod_access and the object is served right away. example below - first request, invalid referer GET /probe.gif HTTP/1.0 Host: host Referer: http://invalidhost HTTP/1.1 403 Forbidden Date: Wed, 05 Oct 2005 13:47:24 GMT Server: Apache/2.0.54 (Unix) Connection: close Content-Type: text/html; charset=iso-8859-1 - second request, valid referer GET /algo.gif HTTP/1.0 Host: host Referer: http://host HTTP/1.1 200 OK Date: Wed, 05 Oct 2005 13:52:40 GMT Server: Apache/2.0.54 (Unix) Last-Modified: Wed, 05 Oct 2005 13:52:37 GMT ETag: "31-402621f003340" Accept-Ranges: bytes Content-Length: 49 Cache-Control: max-age=315360000 Expires: Sat, 03 Oct 2015 13:52:40 GMT Connection: close Content-Type: image/gif - third request, invalid referer GET /algo.gif HTTP/1.0 Host: host Referer: http://invalidhost HTTP/1.1 200 OK Date: Wed, 05 Oct 2005 13:54:27 GMT Server: Apache/2.0.54 (Unix) Content-Type: text/plain; charset=ISO-8859-1 Last-Modified: Wed, 05 Oct 2005 13:54:20 GMT ETag: "31-402622523db00" Accept-Ranges: bytes Content-Length: 49 Cache-Control: max-age=315360000 Expires: Sat, 03 Oct 2015 13:54:22 GMT Age: 4 Connection: close mod_cache configuration: CacheEnable mem / CacheDefaultExpire 21600 CacheMaxExpire 21600 CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheDisable /nocache MCacheSize 262144 MCacheMaxObjectCount 4096 MCacheMinObjectSize 1 MCacheMaxObjectSize 100000 MCacheRemovalAlgorithm LRU I already tried to change mod_access and mod_cache load order, but with no results
it doesn't happen to apache 2.0.52
This behaviour has not been documented, pending a complete fix.
This behaviour has now been documented, rather.
Ongoing issue, even in trunk. I don't like the pure documentation fix.
*** Bug 42508 has been marked as a duplicate of this bug. ***
Unable to reproduce this in 2.3-trunk Please provide any more information that may help in reproducing this problem config: SetEnvIfNoCase Referer ^http://host validreferer <Directory /> Order deny,allow Deny from all Allow from env=validreferer </Directory> CacheEnable mem / CacheDefaultExpire 21600 CacheMaxExpire 21600 CacheIgnoreCacheControl On CacheIgnoreNoLastMod On CacheDisable /nocache MCacheSize 262144 MCacheMaxObjectCount 4096 MCacheMinObjectSize 1 MCacheMaxObjectSize 100000 MCacheRemovalAlgorithm LRU |telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.0 Host: host Referer: http://invalidhost HTTP/1.1 403 Forbidden Date: Thu, 29 May 2008 12:16:33 GMT Server: Apache/2.3.0-dev (Unix) Content-Length: 212 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.html on this server.</p> </body></html> Connection to localhost closed by foreign host. zsh: exit 1 telnet localhost 8080 |telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.0 Host: host Referer: http://host HTTP/1.1 200 OK Date: Thu, 29 May 2008 12:16:39 GMT Server: Apache/2.3.0-dev (Unix) Last-Modified: Mon, 26 May 2008 09:34:35 GMT ETag: "4044f-2d-44e1ee33920c0" Accept-Ranges: bytes Content-Length: 45 Connection: close Content-Type: text/html <html><body><h1>It works!</h1></body></html> Connection to localhost closed by foreign host. zsh: exit 1 telnet localhost 8080 |telnet localhost 8080 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /index.html HTTP/1.0 Host: host Referer: http://invalidhost HTTP/1.1 403 Forbidden Date: Thu, 29 May 2008 12:16:54 GMT Server: Apache/2.3.0-dev (Unix) Content-Length: 212 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>403 Forbidden</title> </head><body> <h1>Forbidden</h1> <p>You don't have permission to access /index.html on this server.</p> </body></html> Connection to localhost closed by foreign host. zsh: exit 1 telnet localhost 8080 Error Log: (debug) [Thu May 29 17:46:16 2008] [notice] Apache/2.3.0-dev (Unix) configured -- resuming normal operations [Thu May 29 17:46:16 2008] [info] Server built: May 29 2008 16:41:38 [Thu May 29 17:46:16 2008] [debug] prefork.c(960): AcceptMutex: fcntl (default: fcntl) [Thu May 29 17:46:33 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html [Thu May 29 17:46:33 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html [Thu May 29 17:46:33 2008] [error] [client 127.0.0.1] client denied by server configuration: /space/store/apache.26.May/install/htdocs/index.html, referer: http://invalidhost [Thu May 29 17:46:40 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html [Thu May 29 17:46:40 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html [Thu May 29 17:46:40 2008] [error] [client 127.0.0.1] no authorization providers configured, referer: http://host [Thu May 29 17:46:40 2008] [debug] mod_cache.c(637): cache: Caching url: /index.html [Thu May 29 17:46:40 2008] [debug] mod_cache.c(643): cache: Removing CACHE_REMOVE_URL filter. [Thu May 29 17:46:40 2008] [info] mem_cache: Cached url: http://host:80/index.html? [Thu May 29 17:46:54 2008] [debug] mod_cache.c(129): Adding CACHE_SAVE filter for /index.html [Thu May 29 17:46:54 2008] [debug] mod_cache.c(136): Adding CACHE_REMOVE_URL filter for /index.html [Thu May 29 17:46:54 2008] [error] [client 127.0.0.1] client denied by server configuration: /space/store/apache.26.May/install/htdocs/index.html, referer: http://invalidhost Access Log: 127.0.0.1 - - [29/May/2008:17:46:33 +0530] "GET /index.html HTTP/1.0" 403 212 127.0.0.1 - - [29/May/2008:17:46:39 +0530] "GET /index.html HTTP/1.0" 200 45 127.0.0.1 - - [29/May/2008:17:46:54 +0530] "GET /index.html HTTP/1.0" 403 212
This is a known and well documented issue with mod_cache that IMHO won't change any time soon.
Undo spam change