Bug #255
closedremoteip is not cached correctly on keep-alive
Description
The following configuration doesn't work properly:
$HTTPhost =~ "example\.com$" {
$HTTPremoteip == "10.11.12.13" {
url.access-deny = ( "" )
}
}
The expected result would be that any access from client ip 10.11.12.13 should result in an error 403. However, only at the first time the client ip requests an URL, it is blocked. Any subsequent requests from the client (reloading the page in the browser) work as if the url.access-deny directive wouldn't even exist.
After digging throught the source code, I think that the bug might reside in configfile-glue.c, functions config_check_cond_cached() or config_check_cond_nocache(). Maybe the $HTTPremoteip conditional is not cached correctly?
-- rene.fichter(at)gmail.com
Updated by Anonymous over 19 years ago
- Status changed from New to Fixed
- Resolution set to worksforme
can you strip down to a reproducable simple config and test it again?
chagne ip to 127.0.0.1 while keeping it reproducable(if possible).
-- Xuefer <xuefer
Updated by Anonymous over 19 years ago
- Status changed from Fixed to Need Feedback
- Resolution deleted (
worksforme)
My original bug report was for 1.4.3, but I recompiled 1.4.4 on a fresh machine running Debian sarge and the bug is still there. However, lynx doesn't trigger it (by loading the URL http://localhost/ and pressing CTRL+R).
But in Firefox, running on another machine, the first time the URL is loaded, it results in error 403, the next reload of the page code 200, and then subsequent loads code 304 in access.log:
192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:42 +0200] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:46 +0200] "GET / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:49 +0200] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:53 +0200] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" ...
I think it must be something with using the same socket for multiple http requests. (HTTP pipelining is disabled in Firefox, by the way.)
The complete config file I'm using (192.168.7.65 is the client):
server.modules = ( "mod_access", "mod_accesslog" )
server.document-root = "/tmp/"
server.errorlog = "/tmp/error.log"
accesslog.filename = "/tmp/access.log"
index-file.names = ( "index.html" )
mimetype.assign = ( ".html" => "text/html" )
$HTTP["remoteip"] == "192.168.7.65" {
url.access-deny = ( "" )
}
-- rene.fichter(at)gmail.com
Updated by Anonymous over 19 years ago
- Status changed from Need Feedback to Fixed
- Resolution set to fixed
-- Xuefer <xuefer
Also available in: Atom