Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#21 closed defect (fixed)

Incorrectly caching pages with non-cacheable Cache-Control headers

Reported by: John Ferlito Owned by: somebody
Priority: major Milestone:
Component: nginx-core Version: 1.1.x
Keywords: upstream, cache, pragma Cc:
uname -a: Linux zoot 2.6.38-11-generic #48-Ubuntu SMP Fri Jul 29 19:02:55 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx: nginx version: nginx/1.0.5
nginx: TLS SNI support enabled
nginx: configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.0.5/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.0.5/debian/modules/nginx-upstream-fair

Description

See http://mailman.nginx.org/pipermail/nginx-devel/2011-September/001260.html for lots of detail but the TL;DR is

When

proxy_cache_bypass $http_pragma;

Is set. When a shift reload is performed we set the object as cacheable after we have checked for the privacy headers. So we cache it when we shouldn't.

Possible patch attached

Attachments (1)

nginx-cach-bypass.patch (662 bytes ) - added by John Ferlito 13 years ago.

Download all attachments as: .zip

Change History (3)

by John Ferlito, 13 years ago

Attachment: nginx-cach-bypass.patch added

comment:1 by Maxim Dounin, 13 years ago

Resolution: fixed
Status: newclosed

Committed as r4177, thanks.

comment:2 by is, 13 years ago

In [4249/nginx]:

Merging r4151, r4152, r4177:

HTTP cache related fixes:

*) Cache: fix for sending of empty responses.

Revert wrong fix for empty responses introduced in 0.8.31 and apply new
one, rewritten to match things done by static module as close as possible.


*) Cache: fix for sending of stale responses.

For normal cached responses ngx_http_cache_send() sends last buffer and then
request finalized via ngx_http_finalize_request() call, i.e. everything is
ok.


But for stale responses (i.e. when upstream died, but we have something in
cache) the same ngx_http_cache_send() sends last buffer, but then in
ngx_http_upstream_finalize_request() another last buffer is send. This
causes duplicate final chunk to appear if chunked encoding is used (and
resulting problems with keepalive connections and so on).


Fix this by not sending in ngx_http_upstream_finalize_request()
another last buffer if we know response was from cache.


*) Fixed cache bypass caching of non-cacheable replies (ticket #21).

If cache was bypassed with proxy_cache_bypass, cache-controlling headers
(Cache-Control, Expires) wasn't considered and response was cached even
if it was actually non-cacheable.


Patch by John Ferlito.

Note: See TracTickets for help on using tickets.