Re: httpd 2.2.21: mod_cache incorrectly returns HTTP 200 for nonexistent reverse-proxied content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 24, 2012 at 12:28 AM, Glen Birnie <glen.birnie@xxxxxxxxx> wrote:
We have seen an issue in httpd 2.2.21 where mod_cache incorrectly returns
HTTP 200 responses instead of HTTP 404 where:

- Reverse proxying is configured.
- ProxyErrorOverride is set to On.
- mod_disk_cache is set up to cache content proxied from mod_proxy.
- A local ErrorDocument 404 URL is configured.
- The error document URL is requested and the contents cached by
mod_disk_cache.
- A nonexistent URL is routed to the proxy destination, the destination
proxy returns a 404, but mod_cache returns the configured ErrorDocument
content with an incorrect 200 response.

We have done some searching of the list archives and bug database but have
not seen reports of any similar problems.

---

Steps to reproduce:

- Create an error image and write to the document root (we assume URI
/error.jpg in the examples below).

- Setup a mod_disk_cache directory (we assume
/data/httpcache/httpd/cache-root) with the necessary permissions.

- Use configuration akin to the following (set "proxy.destination" /
"web.proxy" as appropriate):

<IfModule !mod_cache.c>
LoadModule cache_module modules/mod_cache.so
</IfModule>

<IfModule !mod_disk_cache.c>
LoadModule disk_cache_module modules/mod_disk_cache.so
</IfModule>

<IfModule !mod_rewrite.c>
LoadModule rewrite_module modules/mod_rewrite.so
</IfModule>

<IfModule !mod_proxy.c>
LoadModule proxy_module modules/mod_proxy.so
</IfModule>

<IfModule mod_cache.c>
  <IfModule mod_disk_cache.c>
    CacheRoot /data/httpcache/httpd/cache-root
    CacheDirLevels 3
    CacheDirLength 1
    CacheMinFileSize 0
    CacheMaxFileSize 1000000
  </IfModule>
</IfModule>

CacheEnable disk /

ProxyErrorOverride On
ProxyPassReverse / http://proxy.destination/

# Configure this if the destination server resides behind a proxy
#ProxyRemote http://proxy.destination/ http://web.proxy:80

<Location /proxystuff/>
  RewriteEngine On
  RewriteRule /proxystuff/error$ /error.jpg [L]
  RewriteRule /proxystuff/get http://proxy.destination%{REQUEST_URI} [P,L]

  # This image should reside in the document root,
  # i.e. return a HTTP 200 when requested
  ErrorDocument 404 /error.jpg
</Location>


- Request the error image e.g.:

curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/error.jpg

This should get written into the cache:

htcacheclean -a -D -p /data/httpcache/httpd/cache-root


- Request a nonexistent proxied URL e.g.:

curl -Lsv -H 'Pragma: ' -o /dev/null http://localhost/proxystuff/get

An incorrect HTTP 200 response is returned instead of the expected HTTP 404.
Note this does not happen if the CacheEnable directive is disabled.

It appears that mod_cache is returning a cached 404 errordocument response
and assuming that (because this exists) a 200 should be issued, rather than
forwarding the 404 response from the destination proxy server.


Glen


http://www.bbc.co.uk/
This e-mail (and any attachments) is confidential and may contain personal views which are not the views of the BBC unless specifically stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in reliance on it and notify the sender immediately.
Please note that the BBC monitors e-mails sent or received.
Further communication will signify your consent to this.


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


Use CacheDisable directive to disable caching for your custom error pages, something like this:

CacheDisable /your_custom_err_pages

and put 404 page inside

Also according to the documentation you can use the no-cache environment variable to disable caching on finer grained set of resources.

Igor


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux