untrusted origin servers to crash mod_cache in a forward proxy configuration.
mod_cache: Avoid a crash with strcmp() when the hostname is not provided.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1523235 13f79535-47bb-0310-9956-ffa450edef68
with weak validation combined with If-Range and Range headers. Break
out explicit conditional header checks to be useable elsewhere in the
server. Ensure weak validation RFC compliance in the byteranges filter.
Ensure RFC validation compliance when serving cached entities. PR 16142
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1479905 13f79535-47bb-0310-9956-ffa450edef68
in the process, as this will happen later anyway as necessary. We may want
to serve the stale entry should the backend not be available.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1023398 13f79535-47bb-0310-9956-ffa450edef68
to the next provider, not return DECLINED too early, except for the
revalidate case, where returning DECLINED is correct behaviour.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1023392 13f79535-47bb-0310-9956-ffa450edef68
using the CacheKeyBaseURL directive, so that the cache key can be
calculated from the endpoint URL instead of the server URL.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1003963 13f79535-47bb-0310-9956-ffa450edef68
to return cached content at all, and respect a "Cache-Control:
no-cache" header from a client. Previously, "no-cache" would
behave like "max-age=0".
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@992625 13f79535-47bb-0310-9956-ffa450edef68
If a specially crafted request was sent, it is possible to crash mod_dav,
mod_cache or mod_session, as they accessed a field that is set to NULL
by the URI parser, assuming that it always put in a valid string.
PR: 49246
Submitted by: Mark Drayton
Patch by: Jeff Trawick
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@966348 13f79535-47bb-0310-9956-ffa450edef68
against the querystring instead of a partial match.
PR: 48401
Submitted by: Dodou Wang <wangdong.08 gmail.com>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@892289 13f79535-47bb-0310-9956-ffa450edef68
a cache entity: If we get 304 the Range does not matter and otherwise the
entity changed and we want to have the complete entity.
PR: 44579
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@636653 13f79535-47bb-0310-9956-ffa450edef68
on each request in the request_config. During consecutive runs of
cache_generate_key_default during processing the request we restore it
from there as we might not be able to generate the same key again as
the ingredients used to compose the key might have changed and we constantly
must use a key that could be generated during the quick handler phase.
PR: 41475
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@506621 13f79535-47bb-0310-9956-ffa450edef68
even if no expiration time is specified. Futhermore the query string will not
be used for key generation such that requests to the same URI path, but with
different query strings are mapped to the same cache entity. Turning this
setting to ON violates RFC 2616/13.9 and thus it is turned off by default.
PR: 41484
Submitted by: Fredrik Widlund <fredrik.widlund qbrick.com>
Reviewed by: rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@504183 13f79535-47bb-0310-9956-ffa450edef68
as r->args could have been changed (e.g. via mod_rewrite) after the quick
handler hook. This causes resources to be stored under a key, where they
cannot be fetched again in the quick handler.
PR: 40805
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@476625 13f79535-47bb-0310-9956-ffa450edef68
cached objects, by unsetting possible Content-Type headers in
r->headers_out and r->err_headers_out as they may be different to what
we have received from the cache.
Actually they are not needed as r->content_type set by
ap_set_content_type a few lines above will be used in the store_headers
functions of the storage providers as a fallback and the HTTP_HEADER filter
does overwrite the Content-Type header with r->content_type anyway.
PR: 39647
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@410370 13f79535-47bb-0310-9956-ffa450edef68
manner, when setting scheme and port_str. This is needed because if a cached
entry is looked up by mod_cache's quick handler r->proxyreq
is still unset in the reverse proxy case as it only gets set in the
translate name hook (either by ProxyPass or mod_rewrite) which is run
after the quick handler hook. This is different to the forward proxy
case where it gets set before the quick handler is run (in the
post_read_request hook).
If a cache entry is created by the CACHE_SAVE filter we always have
r->proxyreq set correctly.
Also set scheme to ap_http_scheme(r) instead of "http" to handle SSL
correctly.
PR: 39593
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@407357 13f79535-47bb-0310-9956-ffa450edef68
