You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Masanari Iida <st...@gmail.com> on 2006/01/14 19:04:06 UTC

[users@httpd] Bug or feature?

Hi,

I would like to ask the list members if following are
bug or feature of apache.

Use following sample script,
Apache version: ANY  (1.3, 2.0 and 2.2)

#!/bin/sh
cat <<EOT
Status: 200 OK
Last-Modified: Tue, 15 Feb 2005 15:00:00 GMT
Content-Type: text/html

Hello world
EOT


1st access, Apache returns Status Code 200 with BODY.
(And 200 in accesslog).

2nd access, Apache returns Status Code 200 without BODY.
(And 304 in accesslog).

3rd access, Apache returns Status Code 200 with BODY.
(And 200 in accesslog).

4th access, Apache returns Status Code 200 without BODY.
(And 304 in accesslog).

On 2nd and 4th access, browser failed to display, since the packet has
status code 200 without BODY.

This seemed to me, Status code mismatch between inside packet and accesslog
happened because of the BAD sample CGI script. But from the other point of view,
this symptom happend because apache allow the CGI to OVERWRITE the status code
in the packet.

My question is,
"Apache allow the CGI to overwrite the status code inside of the packet"
Is this what apache developer expected? or BAG?

FYI, this is the same question that has asked long times ago.
But no reply, so far.
http://archive.apache.org/gnats/5640
http://issues.apache.org/bugzilla/show_bug.cgi?id=37166

Regards,
Masanari Iida

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Bug or feature?

Posted by Masanari Iida <st...@gmail.com>.

Hello Nick,
Thanks for your comment.
I have already added the report in Apache bugzilla a few weeks ago.
It is #38070.
So far, nobody pick it up.

The problem happened a little bit more complicate config.
PC(Browser) => Apache1 (CGI) => Apache2 (Content server).

The CGI do forward the "if-modified-since" to the backend Apache2.
Then Apache2 returns Last-Modified to Apache1.
Most of the time, it worked correct.  One exception that I found
was, when I modify file's time stamp on Apache2 to past time,
(to simulate file backup case), then Apache1 log and packet started
to mismatched.

(1) Clear Browser's cache

(2) Access to a page.
PC =>           Apache1 =>              Apache2    Year 2005 file
PC <=(200+BODY) Apache1 <==(200+BODY)=  Apache2
  (Last-M 2005)   200     (Last-M 2005)   200

(3) Modify file's time stamp on Apache2 to 2004

(4) Without clear browser's cache, access one more time.
PC =>(If-M-S 2005) Apache1 ==>(IF-M-S 2005) Apache2    Year 2004 file
PC <=(200+No BODY) Apache1 <==(200+BODY)=   Apache2
                     304     (Last-M 2004)   200

(5) Access to the page again.
PC =>              Apache1 ==>             Apache2    Year 2004 file
PC <=(200+BODY)    Apache1 <==(200+BODY)=  Apache2
  (Last-M 2004)      200     (Last-M 2004)   200

(6) access again.
Same as step 4

(7) access again
Same as step 5

The sample script that I mentioned try to duplicate a problem
which happened in STEP4, especially a packet between Apache1 and PC.
At the same time, as you notice, the Apache1 in step4 logged 304.
I don't understand how come Apache1 think it 304 instead of 200.

This is a background why I wanted to confirm if Apache allow to
overwrite packet status... bug or feature??

Regards,
Masanari


On 1/15/06, Nick Kew <ni...@webthing.com> wrote:
> On Saturday 14 January 2006 18:04, Masanari Iida wrote:
> > Hi,
> >
> > I would like to ask the list members if following are
> > bug or feature of apache.
> >
> > Use following sample script,
> > Apache version: ANY  (1.3, 2.0 and 2.2)
> >
> > #!/bin/sh
> > cat <<EOT
> > Status: 200 OK
> > Last-Modified: Tue, 15 Feb 2005 15:00:00 GMT
> > Content-Type: text/html
> >
> > Hello world
> > EOT
>
> Interesting.  I can confirm that your CGI script with an If-Modified-Since
> header later than the Last-Modified date supplied by the script does
> indeed return 200 with no body.  That's broken, but is it Apache or
> the script that's at fault[1]?
>
> RFC2616 says of If-Modified-Since:
>
>       c) If the variant has not been modified since a valid If-^M
>          Modified-Since date, the server SHOULD return a 304 (Not^M
>          Modified) response.^M
>
> That makes sense: the script is stupid but technically within its rights
> to send the 200 unconditionally.  So Apache should presumably
> accommodate it by ignoring the If-Modified-Since header and
> returning 200 with the full body.
>
> If that's not already in bugzilla, you might consider entering it there.
>
> [1] It's both, of course.
>
> --
> Nick Kew
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Fwd: [users@httpd] Bug or feature?

Posted by Masanari Iida <st...@gmail.com>.

Hello,

Current apache allow CGI to overwrite status code inside of the packet,
which can create a packet with Status code 200 without BODY in worst case.
Is this expected? or bug?

FYI, I entered this bug in bugzilla
http://issues.apache.org/bugzilla/show_bug.cgi?id=38070

Regards,
Masanari Iida

---------- Forwarded message ----------
From: Nick Kew <ni...@webthing.com>
Date: Jan 15, 2006 4:26 AM
Subject: Re: [users@httpd] Bug or feature?
To: users@httpd.apache.org

On Saturday 14 January 2006 18:04, Masanari Iida wrote:
> Hi,
>
> I would like to ask the list members if following are
> bug or feature of apache.
>
> Use following sample script,
> Apache version: ANY  (1.3, 2.0 and 2.2)
>
> #!/bin/sh
> cat <<EOT
> Status: 200 OK
> Last-Modified: Tue, 15 Feb 2005 15:00:00 GMT
> Content-Type: text/html
>
> Hello world
> EOT

Interesting.  I can confirm that your CGI script with an If-Modified-Since
header later than the Last-Modified date supplied by the script does
indeed return 200 with no body.  That's broken, but is it Apache or
the script that's at fault[1]?

RFC2616 says of If-Modified-Since:

      c) If the variant has not been modified since a valid If-^M
         Modified-Since date, the server SHOULD return a 304 (Not^M
         Modified) response.^M

That makes sense: the script is stupid but technically within its rights
to send the 200 unconditionally.  So Apache should presumably
accommodate it by ignoring the If-Modified-Since header and
returning 200 with the full body.

If that's not already in bugzilla, you might consider entering it there.

[1] It's both, of course.

--
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] Bug or feature?

Posted by Nick Kew <ni...@webthing.com>.

On Saturday 14 January 2006 18:04, Masanari Iida wrote:
> Hi,
>
> I would like to ask the list members if following are
> bug or feature of apache.
>
> Use following sample script,
> Apache version: ANY  (1.3, 2.0 and 2.2)
>
> #!/bin/sh
> cat <<EOT
> Status: 200 OK
> Last-Modified: Tue, 15 Feb 2005 15:00:00 GMT
> Content-Type: text/html
>
> Hello world
> EOT

Interesting.  I can confirm that your CGI script with an If-Modified-Since
header later than the Last-Modified date supplied by the script does
indeed return 200 with no body.  That's broken, but is it Apache or
the script that's at fault[1]?

RFC2616 says of If-Modified-Since:

      c) If the variant has not been modified since a valid If-^M
         Modified-Since date, the server SHOULD return a 304 (Not^M
         Modified) response.^M

That makes sense: the script is stupid but technically within its rights
to send the 200 unconditionally.  So Apache should presumably
accommodate it by ignoring the If-Modified-Since header and
returning 200 with the full body.

If that's not already in bugzilla, you might consider entering it there.

[1] It's both, of course.

-- 
Nick Kew

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org