----- "Anthony Dodson" <anthony.dodson@xxxxxxxxx> wrote: > Hello. > > > I am running apache 2.2.15. I would like to use mod_cache, and I need > a good way for SysAdmins to manually clear the cache for specific URLs > when needed, but not allow users to do so from their browser. > > > It seems that when a browser sends headers Cache-Control: no-cache or > Pragma: no-cache, mod_cache will go to the origin for the request and > update the cache. That is a great way for SysAdmins to update the > cache manually, but I want to protect the back-end application from > malicious users (or just well-meaning users) doing a "shift-reload", > which makes browsers send request headers like "max-age", "pragma", > and/or "cache-control" and forcing mod_cache to bypass/update the > cache. > > > I tried using mod_headers and mod_setenvif to control the request > headers. I ran into problems there. I could not get the directives: > RequestHeader unset Pragma > RequestHeader unset Cache-Control > ...to work unless I specified "early" at the end of the directive. It > seems that "early" is required in order for it to be processed before > mod_cache gets the call. > > > The problem, then, is that RequestHeader unset can have EITHER "early" > or "env" in the option part of the directive. "env" was the portion I > planned to use to limit stripping those request headers based on where > they originate, like this: > SetEnvIf Remote_Addr my\.ip\.address\.or\.LAN LOCALCALL > > RequestHeader unset Cache-Control env=!LOCALCALL > RequestHeader unset Pragma env=!LOCALCALL > I was hoping that would let me ONLY clear the cached object (manually > and on-demand) from the local system or network, and prevent users > (remote) from doing so via their browser request headers. > > > I think the combination of "SetEnvIf" and "RequestHeader unset" may be > a dead end for what I want to do (based on the exclusivity of "env" > and "early"). If not, please advise. > > > If that is a dead end, are there other ways to accomplish what I want Pretty much, yeah.. mod_cache runs *really* early in the chain. > to do? If I set "CacheIgnoreCacheControl On", is there a sane way to > update a cached object based on it's URL (without scanning the cache > directory structure, grepping header files for the URL and deleting > the cache files, which I consider insane)? > > > Is there a way to know the directory path to the cache files based on > a given URL? Can I replicate that hashing algorithm to create the > directory path and then "rm" the files? Or is that caching filename > and path impossible to determine? htcacheclean from trunk has an option to delete URLs: http://httpd.apache.org/docs/trunk/programs/htcacheclean.html#delete The trouble is that it will likewise require mod_cache and mod_cache_disk from trunk (yes, mod_cache_disk. The name changed.) > Thanks, > Anthony > > > > -- > Anthony Dodson i -- Igor GaliÄ Tel: +43 (0) 664 886 22 883 Mail: i.galic@xxxxxxxxxxxxxx URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|