httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Dodson <anthony.dod...@gmail.com>
Subject [users@httpd] mod_cache - limit cache-control request headers to Admins only
Date Wed, 08 Dec 2010 22:37:42 GMT
Hello.

I am running apache 2.2.15. I would like to use mod_cache, and I need a good
way for SysAdmins to manually clear the cache for specific URLs when needed,
but not allow users to do so from their browser.

It seems that when a browser sends headers Cache-Control: no-cache or
Pragma: no-cache, mod_cache will go to the origin for the request and update
the cache. That is a great way for SysAdmins to update the cache manually,
but I want to protect the back-end application from malicious users (or just
well-meaning users) doing a "shift-reload", which makes browsers send
request headers like "max-age", "pragma", and/or "cache-control" and forcing
mod_cache to bypass/update the cache.

I tried using mod_headers and mod_setenvif to control the request headers. I
ran into problems there. I could not get the directives:
RequestHeader unset Pragma
RequestHeader unset Cache-Control
...to work unless I specified "early" at the end of the directive. It seems
that "early" is required in order for it to be processed before mod_cache
gets the call.

The problem, then, is that RequestHeader unset can have EITHER "early" or
"env" in the option part of the directive. "env" was the portion I planned
to use to limit stripping those request headers based on where they
originate, like this:
SetEnvIf Remote_Addr  my\.ip\.address\.or\.LAN LOCALCALL
RequestHeader unset Cache-Control env=!LOCALCALL
RequestHeader unset Pragma env=!LOCALCALL
I was hoping that would let me ONLY clear the cached object (manually and
on-demand) from the local system or network, and prevent users (remote) from
doing so via their browser request headers.

I think the combination of "SetEnvIf" and "RequestHeader unset" may be a
dead end for what I want to do (based on the exclusivity of "env" and
"early"). If not, please advise.

If that is a dead end, are there other ways to accomplish what I want to do?
If I set "CacheIgnoreCacheControl On", is there a sane way to update a
cached object based on it's URL (without scanning the cache directory
structure, grepping header files for the URL and deleting the cache files,
which I consider insane)?

Is there a way to know the directory path to the cache files based on a
given URL? Can I replicate that hashing algorithm to create the directory
path and then "rm" the files? Or is that caching filename and path
impossible to determine?

Thanks,
Anthony


-- 
Anthony Dodson

Mime
View raw message