From: Graham Leggett Date: Tue, 28 May 2013 21:29:03 +0000 (+0000) Subject: mod_cache: Ensure that we don't attempt to replace a cached response X-Git-Tag: 2.4.5~195 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1940b11120cee1b771a49ee89acc893835f8df9a;p=apache mod_cache: Ensure that we don't attempt to replace a cached response with an older response as per RFC2616 13.12. trunk patch: http://svn.apache.org/r1479966 2.4.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-olderdate2.4.patch Submitted by: minfrin Reviewed by: jim, wrowe git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1487129 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 6b42c7bc58..ca2b33a862 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.4.5 + *) mod_cache: Ensure that we don't attempt to replace a cached response + with an older response as per RFC2616 13.12. [Graham Leggett, Co-Advisor + ] + *) core, mod_cache: Ensure RFC2616 compliance in ap_meets_conditions() with weak validation combined with If-Range and Range headers. Break out explicit conditional header checks to be useable elsewhere in the diff --git a/STATUS b/STATUS index a68de49024..9eba1de70b 100644 --- a/STATUS +++ b/STATUS @@ -90,12 +90,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_cache: Ensure that we don't attempt to replace a cached response - with an older response as per RFC2616 13.12. - trunk patch: http://svn.apache.org/r1479966 - 2.4.x patch: http://people.apache.org/~minfrin/httpd-mod_cache-olderdate2.4.patch - +1: minfrin, jim, wrowe - * mod_cache: If a 304 response indicates an entity not currently cached, then the cache MUST disregard the response and repeat the request without the conditional. diff --git a/modules/cache/mod_cache.c b/modules/cache/mod_cache.c index c77049581b..15fc7e86e0 100644 --- a/modules/cache/mod_cache.c +++ b/modules/cache/mod_cache.c @@ -1089,6 +1089,25 @@ static apr_status_t cache_save_filter(ap_filter_t *f, apr_bucket_brigade *in) /* or we've been asked not to cache it above */ reason = "r->no_cache present"; } + else if (cache->stale_handle + && APR_DATE_BAD + != (date = apr_date_parse_http( + apr_table_get(r->headers_out, "Date"))) + && date < cache->stale_handle->cache_obj->info.date) { + + /** + * 13.12 Cache Replacement: + * + * Note: a new response that has an older Date header value than + * existing cached responses is not cacheable. + */ + reason = "updated entity is older than cached entity"; + + /* while this response is not cacheable, the previous response still is */ + ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(00770) + "cache: Removing CACHE_REMOVE_URL filter."); + ap_remove_output_filter(cache->remove_url_filter); + } else if (r->status == HTTP_NOT_MODIFIED && cache->stale_handle) { apr_table_t *left = cache->stale_handle->resp_hdrs; apr_table_t *right = r->headers_out;