Log CGI/FCGI Last-Modified header value changes.

The Last-Modified header coming from a backend FCGI/CGI script is inspected by util_script.c to enforce RFC2616 (https://tools.ietf.org/html/rfc2616#section-14.29). The Last-Modified header also needs to be compliant with RFC882/1123 as stated in https://tools.ietf.org/html/rfc2616#section-3.3.1, and one important assumption that httpd makes (correctly, as the RFC suggests) is to assume the GMT timezone. If the datestr returned by the FCGI/CGI script is set with a different timezone, then the value might be considered "in the future" and replaced with GMT now() as calculated by httpd. Adding a trace log might help sysadmins while debugging these kind of issues. This is a follow up of r1748379. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1750747 13f79535-47bb-0310-9956-ffa450edef68
2025-08-10 02:56:11 +00:00 · 2016-06-30 07:00:31 +00:00
parent 1592969471
commit 74900ee0c4
1 changed files with 19 additions and 0 deletions
--- a/server/util_script.c
+++ b/server/util_script.c
@ -669,6 +669,25 @@ AP_DECLARE(int) ap_scan_script_header_err_core_ex(request_rec *r, char *buffer,
            if (last_modified_date != APR_DATE_BAD) {
                ap_update_mtime(r, last_modified_date);
                ap_set_last_modified(r);
+                if (APLOGrtrace1(r)) {
+                    const char* datestr = apr_table_get(r->headers_out, 
+                                                        "Last-Modified");
+                    apr_time_t timestamp = apr_date_parse_http(datestr);
+                    if (timestamp < last_modified_date) {
+                        char *last_modified_datestr = apr_palloc(r->pool,
+                                                                 APR_RFC822_DATE_LEN);
+                        apr_rfc822_date(last_modified_datestr, last_modified_date);
+                        ap_log_rerror(SCRIPT_LOG_MARK, APLOG_TRACE1, 0, r,
+                                 "The Last-Modified header value '%s' "
+                                 "(parsed as RFC882/RFC1123 datetime, "
+                                 "that assumes the GMT timezone) "
+                                 "has been replaced with: '%s'. "
+                                 "An origin server with a clock must not send "
+                                 "a Last-Modified date that is later than the "
+                                 "server's time of message origination.", 
+                                 last_modified_datestr, datestr);
+                    }
+                }
            }
            else {
                if (APLOGrtrace1(r))