From: Colm MacCarthaigh <colm@apache.org>
Date: Sat, 29 Oct 2005 10:07:01 +0000 (+0000)
Subject: Document the mod_cache / mod_authz_host problem.
X-Git-Tag: 2.3.0~2821
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=990d669370ceb76a4b36926b48df11b108d818b6;p=apache

Document the mod_cache / mod_authz_host problem.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@329388 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/docs/manual/caching.xml b/docs/manual/caching.xml
index 2ac84e8f92..f97d48b15e 100644
--- a/docs/manual/caching.xml
+++ b/docs/manual/caching.xml
@@ -318,6 +318,31 @@ Vary: negotiate,accept-language,accept-charset
   <section id="security">
     <title>Security Considerations</title>
 
+    <section>
+      <title>Authorisation, Access &amp; and Control</title>
+
+      <p>Using <module>mod_cache</module> is very much like having a built
+      in reverse-proxy. Requests will be served by the caching module unless
+      it determines that the backend should be queried. When caching local
+      resources, this drastically changes the security model of Apache.</p>
+
+      <p>As traversing a filesystem hierarchy to examine potential
+      <code>.htaccess</code> files would be a very expensive operation,
+      partially defeating the point of caching (to speed up requests),
+      <module>mod_cache</module> makes no decision about whether a cached
+      entity is authorised for serving. In other words; if
+      <module>mod_cache</module> has cached some content, it will be served
+      from the cache as long as that content has not expired.</p>
+
+      <p>If, for example, your configuration permits access to a resource by IP
+      address you should ensure that this content is not cached. You can do this by
+      using the <directive module="mod_cache">CacheDisable</directive>
+      directive, or <module>mod_expires</module>. Left unchecked,
+      <module>mod_cache</module> - very much like a reverse proxy - would cache
+      the content when served and then serve it to any client, on any IP
+      address.</p>        
+    </section>
+
     <section>
       <title>Local exploits</title>
 
diff --git a/docs/manual/mod/mod_cache.xml b/docs/manual/mod/mod_cache.xml
index e1829e641d..8ac74c1d2d 100644
--- a/docs/manual/mod/mod_cache.xml
+++ b/docs/manual/mod/mod_cache.xml
@@ -29,6 +29,14 @@
 <identifier>cache_module</identifier>
 
 <summary>
+    <note type="warning">This module should be used with care and
+    can be used to circumvent <directive 
+    module="mod_authz_host">Allow</directive> and <directive 
+    module="mod_authz_host">Deny</directive> directives. You 
+    should not enable caching for any content to which you wish
+    to limit access by client host name, address or environment
+    variable.</note>  
+
     <p><module>mod_cache</module> implements an <a
     href="http://www.ietf.org/rfc/rfc2616.txt">RFC 2616</a> compliant HTTP
     content cache that can be used to cache either local or proxied content.