Return-Path: X-Original-To: apmail-httpd-users-archive@www.apache.org Delivered-To: apmail-httpd-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 041C39BA8 for ; Mon, 23 Jul 2012 14:28:50 +0000 (UTC) Received: (qmail 22869 invoked by uid 500); 23 Jul 2012 14:28:46 -0000 Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 22761 invoked by uid 500); 23 Jul 2012 14:28:45 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 22748 invoked by uid 99); 23 Jul 2012 14:28:45 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2012 14:28:45 +0000 X-ASF-Spam-Status: No, hits=-2.3 required=5.0 tests=RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Glen.Birnie@bbc.co.uk designates 132.185.240.35 as permitted sender) Received: from [132.185.240.35] (HELO mailout0.thls.bbc.co.uk) (132.185.240.35) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 23 Jul 2012 14:28:37 +0000 Received: from BGB01XI1003.national.core.bbc.co.uk ([10.184.50.53]) by mailout0.thls.bbc.co.uk (8.14.4/8.14.3) with ESMTP id q6NESGV8021057 for ; Mon, 23 Jul 2012 15:28:16 +0100 (BST) Received: from bbcxi1002.national.core.bbc.co.uk (10.162.137.38) by BGB01XI1003.national.core.bbc.co.uk (10.184.50.53) with Microsoft SMTP Server id 14.1.355.2; Mon, 23 Jul 2012 15:28:15 +0100 Received: from bbcxues11.national.core.bbc.co.uk ([10.180.130.25]) by bbcxi1002.national.core.bbc.co.uk with Microsoft SMTPSVC(6.0.3790.4675); Mon, 23 Jul 2012 15:28:15 +0100 Received: from 10.161.33.55 ([10.161.33.55]) by bbcxues11.national.core.bbc.co.uk ([10.180.130.25]) with Microsoft Exchange Server HTTP-DAV ; Mon, 23 Jul 2012 14:28:15 +0000 User-Agent: Microsoft-Entourage/12.32.0.111121 Date: Mon, 23 Jul 2012 15:28:14 +0100 From: Glen Birnie To: Message-ID: Thread-Topic: httpd 2.2.21: mod_cache incorrectly returns HTTP 200 for nonexistent reverse-proxied content Thread-Index: Ac1o32Sy/3FO+VTzU0+cRHUe0CoiDw== MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 23 Jul 2012 14:28:15.0779 (UTC) FILETIME=[65C18730:01CD68DF] X-EXCLAIMER-MD-CONFIG: 1cd3ac1c-62e5-43f2-8404-6b688271c769 Subject: [users@httpd] httpd 2.2.21: mod_cache incorrectly returns HTTP 200 for nonexistent reverse-proxied content We have seen an issue in httpd 2.2.21 where mod_cache incorrectly returns HTTP 200 responses instead of HTTP 404 where: - Reverse proxying is configured. - ProxyErrorOverride is set to On. - mod_disk_cache is set up to cache content proxied from mod_proxy. - A local ErrorDocument 404 URL is configured. - The error document URL is requested and the contents cached by mod_disk_cache. - A nonexistent URL is routed to the proxy destination, the destination proxy returns a 404, but mod_cache returns the configured ErrorDocument content with an incorrect 200 response. We have done some searching of the list archives and bug database but have not seen reports of any similar problems. --- Steps to reproduce: - Create an error image and write to the document root (we assume URI /error.jpg in the examples below). - Setup a mod_disk_cache directory (we assume /data/httpcache/httpd/cache-root) with the necessary permissions. - Use configuration akin to the following (set "proxy.destination" / "web.proxy" as appropriate): LoadModule cache_module modules/mod_cache.so LoadModule disk_cache_module modules/mod_disk_cache.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so CacheRoot /data/httpcache/httpd/cache-root CacheDirLevels 3 CacheDirLength 1 CacheMinFileSize 0 CacheMaxFileSize 1000000 CacheEnable disk / ProxyErrorOverride On ProxyPassReverse / http://proxy.destination/ # Configure this if the destination server resides behind a proxy #ProxyRemote http://proxy.destination/ http://web.proxy:80 RewriteEngine On RewriteRule /proxystuff/error$ /error.jpg [L] RewriteRule /proxystuff/get http://proxy.destination%{REQUEST_URI} [P,L] # This image should reside in the document root, # i.e. return a HTTP 200 when requested ErrorDocument 404 /error.jpg - Request the error image e.g.: curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/error.jpg This should get written into the cache: htcacheclean -a -D -p /data/httpcache/httpd/cache-root - Request a nonexistent proxied URL e.g.: curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/proxystuff/get An incorrect HTTP 200 response is returned instead of the expected HTTP 404. Note this does not happen if the CacheEnable directive is disabled. It appears that mod_cache is returning a cached 404 errordocument response and assuming that (because this exists) a 200 should be issued, rather than forwarding the 404 response from the destination proxy server. Glen http://www.bbc.co.uk/ This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated. If you have received it in error, please delete it from your system. Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately. Please note that the BBC monitors e-mails sent or received. Further communication will signify your consent to this. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org