Bug 53350 - mod_cache caching 403 responses Apahce 2.2.22
Summary: mod_cache caching 403 responses Apahce 2.2.22
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_cache (show other bugs)
Version: 2.2.22
Hardware: Other Linux
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Keywords: MassUpdate
Depends on:
Reported: 2012-06-01 23:07 UTC by Geoff Millikan
Modified: 2018-11-07 21:08 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Geoff Millikan 2012-06-01 23:07:41 UTC
In the log file below we can see the 403 getting served at 11:33:09.  Then I hold down the <shift> key and click refresh on the page using FireFox to send the "Cache-Control: no-cache" request header to get a new copy of the page and clean the server's cache and the page comes back with a 200 at 11:33:18. As long as I don't send the no-cache request I can keep getting the same 403 response out of the cache. 

The cause of the 403 is problematic so I'll include it below.

How can I help you debug this?

 Here's the log file:
 [01/Jun/2012:11:33:09 -0700]    GET /tools/calculate/file-size/result/?size=32&unit=kilobytes HTTP/1.1  403     302     -
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0     -
 [01/Jun/2012:11:33:18 -0700]    GET /tools/calculate/file-size/result/?size=32&unit=kilobytes HTTP/1.1  200     3347    -
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0     

What's causing the 403? Apache is intermittently issuing a 403 "Directory index forbidden by Options directive" but it never should.  For example the two
below links work fine.  But look at the log entry showing the 403 error.  Crazy.  I cannot duplicate the error at all except when the 403 is already in the cache 



Here's error log:
[Fri Jun 01 11:05:06 2012] [error] [client] Directory index forbidden by Options directive:

How can I help you debug this?

PS: We are Linux 2.6.18-308.4.1.el5 x86_64  CentOS release 5.8
Comment 1 Deepak N 2014-05-06 05:13:32 UTC
Is there a fix or a work around for this issue?
Comment 2 Geoff Millikan 2014-05-06 17:45:54 UTC
Although I'm not sure it's been explicitly addressed, we haven't experienced this issue since we upgraded to Apache/2.2.26 so suggest closing this bug for the time being.
Comment 3 Deepak N 2014-05-06 18:30:10 UTC
I have tested this with 

Server version: Apache/2.4.9 (Unix)
Server built:   May  5 2014 17:22:05

The issue still exits. The documentations say 403 will not be cached, but it doesn't seem to be the case. The config looks like this

CacheRoot /var/cache/mod_proxy
CacheEnable disk /openmrs/ws/rest/v1/concept

<Location /openmrs/ws/rest/v1/concept>
        ExpiresActive On
        ExpiresDefault "access plus 20 minutes"

CacheDirLevels 5
CacheDirLength 3
CacheDefaultExpire 3600
CacheMaxExpire 86400
CacheIgnoreCacheControl On
CacheIgnoreHeaders Set-Cookie
CacheMaxFileSize 2000000
Comment 4 William A. Rowe Jr. 2018-11-07 21:08:51 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.