Looks like a possible RFC 2616 MUST violation. Apache caches a truncated response (which it MAY) but does not treat it as partial (which it MUST). See attached trace for details and ways to reproduce. Test case IDs in the trace link to human-oriented test case description and RFC quotes, if available.
Created attachment 4362 [details] test case trace
FYI: This violation still exists in httpd-2.0.54.
This one doesn't have an easy solution. The problem is that mod_proxy currently has no way to tell mod_cache if a response terminated abnormally. We could add some code in mod_cache, to make sure Content-Length matches that actual length, and invalidate the cache at that point. The root of the problem is that the request effectively becomes non-cachable(or at least, requiring re-validation), at the last possible moment, long after we decided to cache the object.
Yes, adding code to invalidate cache entries when Content-Length mismatches that actual length will remove this violation and may improve cache robustness overall. IIRC, Squid does something like that. A "proper" (but much more difficult) fix is to support caching of partial responses. Very few caches are capable of that. However, the first step would still be the detection of a partial response, just like in the simple solution above. Thus, that code will not be wasted.
*** Bug 32735 has been marked as a duplicate of this bug. ***
Created attachment 24306 [details] Trunk patch to not cache responses whose length doesn't match the Content-length header Here's a trunk patch. It checks the length of the response after caching it, and if it doesn't match the Content-Length header, then drops the cache entry.
Committed to trunk, r818492
Can this be proposed for backport to Apache 2.2?
I'm working on an alternative fix based on helpful suggestions on the development list. Once we have something that everybody is happy with, I'll propose for backport.
Backed out r818492 which blocked all caching of incomplete responses. Committed r821763 which specifically blocks caching of incomplete responses in mod_disk_cache. This leaves the flexibility for other cache implementations to implement caching of incomplete responses correctly (per RFC 2616). This is all in trunk.
Closing as fixed in trunk, which will soon be released as v2.4.