id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 118 "Lack of ""Vary"" handling in proxy can lead to corrupted downloads" Oz Solomon somebody "Documentation clearly states that the proxy module doesn't handle the Vary response header. However, ""not handling"" can mean a few things, and currently it means things are broken. Example: nginx as reverse proxy to Apache, and Apache is using mod_deflate to compress the content. User 1 makes a request for content using a modern browser, which nginx passes on to Apache, and Apache happily returns using a compressed response (Content-Encoding: gzip, Vary: Accept-Encoding). User 2 makes a request for the same content, but using a brain dead browser (in this case IE, which for 0.5% of users does not accept gzip encoding as we've recently measured). Despite the fact that the browser isn't sending ""Accept-Encoding: gzip"" to the server, the content is served from nginx's cache in compressed format and the browser receives a response it can't handle. Expected: nginx should never cache responses that contain the Vary header. Better Yet, Expected: nginx should properly handle the Vary header and only serve cached versions if the headers match. Actual: Whatever is cached after the first request is served. Note: For a long form background on this issue, please see: http://www.notthewizard.com/2012/02/27/nginx-reverse-proxy-can-cause-ie-to-fail/ " defect closed minor nginx-core 1.0.x fixed Vary, proxy Linux 2.6.18-274.17.1.el5 #1 SMP Tue Jan 10 17:25:58 EST 2012 x86_64 x86_64 x86_64 GNU/Linux "nginx version: nginx/1.0.12 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-51) TLS SNI support disabled configure arguments: --user=nginx --group=nginx --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-file-aio --with-mail_ssl_module --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=-Wl,-E "