httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Igor Cicimov <icici...@gmail.com>
Subject Re: [users@httpd] httpd 2.2.21: mod_cache incorrectly returns HTTP 200 for nonexistent reverse-proxied content
Date Fri, 27 Jul 2012 11:36:08 GMT
On Fri, Jul 27, 2012 at 7:32 PM, Glen Birnie <glen.birnie@bbc.co.uk> wrote:

>  Igor,
>
> Thanks for your reply ... though what you describe sounds like a
> workaround, rather than a fix, to the problem.
>
> We are considering raising an issue in the main httpd bug database.
>
> Regards,
>
> Glen
>
>
> On 26/07/2012 01:57, "Igor Cicimov" <icicimov@gmail.com> wrote:
>
> On Tue, Jul 24, 2012 at 12:28 AM, Glen Birnie <glen.birnie@bbc.co.uk>
> wrote:
>
> We have seen an issue in httpd 2.2.21 where mod_cache incorrectly returns
> HTTP 200 responses instead of HTTP 404 where:
>
> - Reverse proxying is configured.
> - ProxyErrorOverride is set to On.
> - mod_disk_cache is set up to cache content proxied from mod_proxy.
> - A local ErrorDocument 404 URL is configured.
> - The error document URL is requested and the contents cached by
> mod_disk_cache.
> - A nonexistent URL is routed to the proxy destination, the destination
> proxy returns a 404, but mod_cache returns the configured ErrorDocument
> content with an incorrect 200 response.
>
> We have done some searching of the list archives and bug database but have
> not seen reports of any similar problems.
>
> ---
>
> Steps to reproduce:
>
> - Create an error image and write to the document root (we assume URI
> /error.jpg in the examples below).
>
> - Setup a mod_disk_cache directory (we assume
> /data/httpcache/httpd/cache-root) with the necessary permissions.
>
> - Use configuration akin to the following (set "proxy.destination" /
> "web.proxy" as appropriate):
>
> <IfModule !mod_cache.c>
> LoadModule cache_module modules/mod_cache.so
> </IfModule>
>
> <IfModule !mod_disk_cache.c>
> LoadModule disk_cache_module modules/mod_disk_cache.so
> </IfModule>
>
> <IfModule !mod_rewrite.c>
> LoadModule rewrite_module modules/mod_rewrite.so
> </IfModule>
>
> <IfModule !mod_proxy.c>
> LoadModule proxy_module modules/mod_proxy.so
> </IfModule>
>
> <IfModule mod_cache.c>
>   <IfModule mod_disk_cache.c>
>     CacheRoot /data/httpcache/httpd/cache-root
>     CacheDirLevels 3
>     CacheDirLength 1
>     CacheMinFileSize 0
>     CacheMaxFileSize 1000000
>   </IfModule>
> </IfModule>
>
> CacheEnable disk /
>
> ProxyErrorOverride On
> ProxyPassReverse / http://proxy.destination/
>
> # Configure this if the destination server resides behind a proxy
> #ProxyRemote http://proxy.destination/ http://web.proxy:80
>
> <Location /proxystuff/>
>   RewriteEngine On
>   RewriteRule /proxystuff/error$ /error.jpg [L]
>   RewriteRule /proxystuff/get http://proxy.destination%{REQUEST_URI} [P,L]
>
>   # This image should reside in the document root,
>   # i.e. return a HTTP 200 when requested
>   ErrorDocument 404 /error.jpg
> </Location>
>
>
> - Request the error image e.g.:
>
> curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/error.jpg
>
> This should get written into the cache:
>
> htcacheclean -a -D -p /data/httpcache/httpd/cache-root
>
>
> - Request a nonexistent proxied URL e.g.:
>
> curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/proxystuff/get
>
> An incorrect HTTP 200 response is returned instead of the expected HTTP
> 404.
> Note this does not happen if the CacheEnable directive is disabled.
>
> It appears that mod_cache is returning a cached 404 errordocument response
> and assuming that (because this exists) a 200 should be issued, rather than
> forwarding the 404 response from the destination proxy server.
>
>
> Glen
>
>
> http://www.bbc.co.uk/
> This e-mail (and any attachments) is confidential and may contain personal
> views which are not the views of the BBC unless specifically stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in
> reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> Use CacheDisable directive to disable caching for your custom error pages,
> something like this:
>
> CacheDisable /your_custom_err_pages
>
> and put 404 page inside
>
> Also according to the documentation you can use the no-cache environment
> variable to disable caching on finer grained set of resources.
>
> Igor
>
>
>
>
> http://www.bbc.co.uk
>
> This e-mail (and any attachments) is confidential and may contain personal
> views which are not the views of the BBC unless specifically stated.
> If you have received it in error, please delete it from your system.
> Do not use, copy or disclose the information in any way nor act in
> reliance on it and notify the sender immediately.
> Please note that the BBC monitors e-mails sent or received.
> Further communication will signify your consent to this.
>


Don't see a reason why would this be a bug or even workaround when it is a
documented module feature? The module is obviously designed to work in that
way. You have CacheEnable and CacheDisable directives available and is up
to you to use them properly. By "CacheEnable disk  /" you tell the module
to cache everything and then with CacheDisable you exclude what you don't
want to be cached. Similar as mod_proxy lets say. If you proxy the document
root with "ProxyPass /" then you have "ProxyPass /somethig/not_me !"
available to exclude part of it from being proxy to the remote server.

Mime
View raw message