Project

General

Profile

Actions

Bug #255

closed

remoteip is not cached correctly on keep-alive

Added by Anonymous almost 17 years ago. Updated almost 16 years ago.

Status:
Fixed
Priority:
Normal
Category:
core
Target version:
-
ASK QUESTIONS IN Forums:

Description

The following configuration doesn't work properly:

$HTTPhost =~ "example\.com$" {
$HTTPremoteip == "10.11.12.13" {
url.access-deny = ( "" )
}

}

The expected result would be that any access from client ip 10.11.12.13 should result in an error 403. However, only at the first time the client ip requests an URL, it is blocked. Any subsequent requests from the client (reloading the page in the browser) work as if the url.access-deny directive wouldn't even exist.

After digging throught the source code, I think that the bug might reside in configfile-glue.c, functions config_check_cond_cached() or config_check_cond_nocache(). Maybe the $HTTPremoteip conditional is not cached correctly?

-- rene.fichter(at)gmail.com

Actions #1

Updated by Anonymous almost 17 years ago

  • Status changed from New to Fixed
  • Resolution set to worksforme

can you strip down to a reproducable simple config and test it again?
chagne ip to 127.0.0.1 while keeping it reproducable(if possible).

-- Xuefer <xuefer

Actions #2

Updated by Anonymous almost 17 years ago

  • Status changed from Fixed to Need Feedback
  • Resolution deleted (worksforme)

My original bug report was for 1.4.3, but I recompiled 1.4.4 on a fresh machine running Debian sarge and the bug is still there. However, lynx doesn't trigger it (by loading the URL http://localhost/ and pressing CTRL+R).
But in Firefox, running on another machine, the first time the URL is loaded, it results in error 403, the next reload of the page code 200, and then subsequent loads code 304 in access.log:


192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:42 +0200] "GET / HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 
192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:46 +0200] "GET / HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 
192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:49 +0200] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 
192.168.7.65 192.168.7.84 - [19/Sep/2005:19:44:53 +0200] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4" 
...

I think it must be something with using the same socket for multiple http requests. (HTTP pipelining is disabled in Firefox, by the way.)

The complete config file I'm using (192.168.7.65 is the client):


server.modules              = ( "mod_access", "mod_accesslog" )
server.document-root        = "/tmp/" 
server.errorlog             = "/tmp/error.log" 
accesslog.filename          = "/tmp/access.log" 
index-file.names            = ( "index.html" )
mimetype.assign             = ( ".html" => "text/html" )
$HTTP["remoteip"] == "192.168.7.65" {
  url.access-deny = ( "" )
}

-- rene.fichter(at)gmail.com

Actions #3

Updated by Anonymous almost 17 years ago

  • Status changed from Need Feedback to Fixed
  • Resolution set to fixed

-- Xuefer <xuefer

Actions

Also available in: Atom