mod_cache - limit cache-control request headers to Admins only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: mod_cache - limit cache-control request headers to Admins only
From: Anthony Dodson <anthony.dodson@xxxxxxxxx>
Date: Wed, 8 Dec 2010 17:37:42 -0500
Reply-to: users@xxxxxxxxxxxxxxxx

Hello.

I am running apache 2.2.15. I would like to use mod_cache, and I need a good way for SysAdmins to manually clear the cache for specific URLs when needed, but not allow users to do so from their browser.

It seems that when a browser sends headers Cache-Control: no-cache or Pragma: no-cache, mod_cache will go to the origin for the request and update the cache. That is a great way for SysAdmins to update the cache manually, but I want to protect the back-end application from malicious users (or just well-meaning users) doing a "shift-reload", which makes browsers send request headers like "max-age", "pragma", and/or "cache-control" and forcing mod_cache to bypass/update the cache.

I tried using mod_headers and mod_setenvif to control the request headers. I ran into problems there. I could not get the directives:

RequestHeader unset Pragma

RequestHeader unset Cache-Control

...to work unless I specified "early" at the end of the directive. It seems that "early" is required in order for it to be processed before mod_cache gets the call.

The problem, then, is that RequestHeader unset can have EITHER "early" or "env" in the option part of the directive. "env" was the portion I planned to use to limit stripping those request headers based on where they originate, like this:

SetEnvIf Remote_Addr my\.ip\.address\.or\.LAN LOCALCALL

RequestHeader unset Cache-Control env=!LOCALCALL

RequestHeader unset Pragma env=!LOCALCALL

I was hoping that would let me ONLY clear the cached object (manually and on-demand) from the local system or network, and prevent users (remote) from doing so via their browser request headers.

I think the combination of "SetEnvIf" and "RequestHeader unset" may be a dead end for what I want to do (based on the exclusivity of "env" and "early"). If not, please advise.

If that is a dead end, are there other ways to accomplish what I want to do? If I set "CacheIgnoreCacheControl On", is there a sane way to update a cached object based on it's URL (without scanning the cache directory structure, grepping header files for the URL and deleting the cache files, which I consider insane)?

Is there a way to know the directory path to the cache files based on a given URL? Can I replicate that hashing algorithm to create the directory path and then "rm" the files? Or is that caching filename and path impossible to determine?

Thanks,

Anthony

--
Anthony Dodson

Follow-Ups:
- Re: mod_cache - limit cache-control request headers to Admins only
  - From: Igor Galić

Prev by Date: question about an error in the error log
Next by Date: Re: mod_cache - limit cache-control request headers to Admins only
Previous by thread: question about an error in the error log
Next by thread: Re: mod_cache - limit cache-control request headers to Admins only
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]