Mailing-List: contact dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@httpd.apache.org
MIME-Version: 1.0
In-Reply-To: <CAFedD41aq7D9RhND8=rmAHGR+Yi-7VtOHH4dZMcFYFxAT7qo7A@mail.gmail.com>
References: <CAFedD41aq7D9RhND8=rmAHGR+Yi-7VtOHH4dZMcFYFxAT7qo7A@mail.gmail.com>
From: William A Rowe Jr <wrowe@rowe-clan.net>
Date: Wed, 29 Jun 2016 07:06:04 -0500
Message-ID: <CACsi252DjXcw0-ZKGNb4BWh28VRhhFpCxx=iuvsXCFUkAeKdwQ@mail.gmail.com>
Subject: Re: Last-Modified header value returned by FCGI scripts
To: httpd <dev@httpd.apache.org>
Content-Type: multipart/alternative; boundary=001a1140ae52ee5c150536699387
archived-at: Wed, 29 Jun 2016 12:06:19 -0000

--001a1140ae52ee5c150536699387
Content-Type: text/plain; charset=UTF-8

On Wed, Jun 29, 2016 at 3:12 AM, Luca Toscano <toscano.luca@gmail.com>
wrote:

> Hi Apache devs!
>
> I have been working on an email thread [1] in the users@ mailing list in
> which it was asked some questions about how httpd (using mod-proxy-fcgi)
> manages Last-Modified headers returned by FCGI/CGI scripts. Two strange
> behaviors were brought up:
>
> 1) Last-Modified: foo returned by a simple PHP script forces httpd to
> replace it with Thu, 01 Jan 1970 00:00:00 GMT. Patch proposed to backport:
> http://svn.apache.org/r1748379
>

Sensible, but we should be filling this in with now(), based on comments in
14.29?


> 2) Last-Modified header value with a date not in GMT are replaced with
> (now() + time taken to serve the request) without any trace in the logs.
> This seems to be due to httpd recognizing the date as "in the future" and
> replacing it with its response origination time (following
> https://tools.ietf.org/html/rfc2616#section-14.29).
>

https://tools.ietf.org/html/rfc2616#section-3.3.1 declares these are
meaningless, and we follow the appropriate recommendations.


> To demonstrate 2), Manuel in users@ suggested a simple PHP script
> returning the current datetime in the Europe/Paris timezone (GMT +2). I
> tried to check the code and I came up with two possible solutions:
>
> 1)  mod-proxy-fcgi eventually triggers a call
> to ap_scan_script_header_err_core_ex in util_script.c that
> uses apr_date_parse_http to transform a datestring into a unix timestamp.
> This one seems not to check the timezone, assuming GMT all the times. It
> might be an option to add a check in the code to return APR_DATE_BAD in
> case the datetime is not GMT, and then r1748379 will take care of the rest.
> This could potentially break existing code that relies on this behavior to
> work correctly.
>

-0 on recognizing non-GMT, per section 3.3.1 of spec.


> 2) Simply log what httpd does, for example with http://apaste.info/8pa or
> http://apaste.info/JlZ (wording might need to be changed).
>

+1 in all cases to adding trace messages for sysadmins debugging bad cgi.

Cheers,

Bill

--001a1140ae52ee5c150536699387
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, Jun 29, 2016 at 3:12 AM, Luca Toscano <span dir=3D"ltr">&lt;<a href=3D"=
mailto:toscano.luca@gmail.com" target=3D"_blank">toscano.luca@gmail.com</a>=
&gt;</span> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px=
 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-co=
lor:rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr">Hi Apache devs!<div=
><br></div><div>I have been working on an email thread [1] in the users@ ma=
iling list in which it was asked some questions about how httpd (using mod-=
proxy-fcgi) manages Last-Modified headers returned by FCGI/CGI scripts. Two=
 strange behaviors were brought up:</div><div><br></div><div>1) Last-Modifi=
ed: foo returned by a simple PHP script forces httpd to replace it with Thu=
, 01 Jan 1970 00:00:00 GMT. Patch proposed to backport:=C2=A0<a href=3D"htt=
p://svn.apache.org/r1748379" target=3D"_blank">http://svn.apache.org/r17483=
79</a></div></div></blockquote><div><br></div><div>Sensible, but we should =
be filling this in with now(), based on comments in 14.29?</div><div>=C2=A0=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;b=
order-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,=
204);padding-left:1ex"><div dir=3D"ltr"><div>2) Last-Modified header value =
with a date not in GMT are replaced with (now() + time taken to serve the r=
equest) without any trace in the logs. This seems to be due to httpd recogn=
izing the date as &quot;in the future&quot; and replacing it with its respo=
nse origination time (following=C2=A0<a href=3D"https://tools.ietf.org/html=
/rfc2616#section-14.29" target=3D"_blank">https://tools.ietf.org/html/rfc26=
16#section-14.29</a>).=C2=A0</div></div></blockquote><div><br></div><div><a=
 href=3D"https://tools.ietf.org/html/rfc2616#section-3.3.1">https://tools.i=
etf.org/html/rfc2616#section-3.3.1</a> declares these are meaningless, and =
we follow the appropriate recommendations.</div><div>=C2=A0</div><blockquot=
e class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width=
:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-lef=
t:1ex"><div dir=3D"ltr"><div></div><div>To demonstrate 2), Manuel in users@=
 suggested a simple PHP script returning the current datetime in the Europe=
/Paris timezone (GMT +2). I tried to check the code and I came up with two =
possible solutions:</div><div><br></div><div>1) =C2=A0mod-proxy-fcgi eventu=
ally triggers a call to=C2=A0ap_scan_script_header_err_core_ex in util_scri=
pt.c that uses=C2=A0apr_date_parse_http to transform a datestring into a un=
ix timestamp. This one seems not to check the timezone, assuming GMT all th=
e times. It might be an option to add a check in the code to return APR_DAT=
E_BAD in case the datetime is not GMT, and then=C2=A0r1748379 will take car=
e of the rest. This could potentially break existing code that relies on th=
is behavior to work correctly.</div></div></blockquote><div><br></div><div>=
-0 on recognizing non-GMT, per section 3.3.1 of spec.=C2=A0</div><div>=C2=
=A0</div><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8e=
x;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,2=
04,204);padding-left:1ex"><div dir=3D"ltr"><div></div><div>2) Simply log wh=
at httpd does, for example with=C2=A0<a href=3D"http://apaste.info/8pa" tar=
get=3D"_blank">http://apaste.info/8pa</a> or=C2=A0<a href=3D"http://apaste.=
info/JlZ" target=3D"_blank">http://apaste.info/JlZ</a> (wording might need =
to be changed).</div><div></div></div></blockquote></div><br></div><div cla=
ss=3D"gmail_extra">+1 in all cases to adding trace messages for sysadmins d=
ebugging bad cgi.</div><div class=3D"gmail_extra"><br></div><div class=3D"g=
mail_extra">Cheers,</div><div class=3D"gmail_extra"><br></div><div class=3D=
"gmail_extra">Bill</div></div>

--001a1140ae52ee5c150536699387--