mod_access/4385: Apache doesn't notify clients when serving restricted content

11 May 1999 14:50:02 -0000 

>Number:         4385
>Category:       mod_access
>Synopsis:       Apache doesn't notify clients when serving restricted content
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Tue May 11 07:50:00 PDT 1999
>Last-Modified:
>Originator:     [EMAIL PROTECTED]
>Organization:
apache
>Release:        1.3.6
>Environment:
Linux (but applicable to all)
>Description:
It would be nice if the customisation option existed for Apache to notify
clients (using the Cache-Control directive of HTTP/1.1) when it is serving
them restricted content. 

Many sites use IP / Domain based restrictions on their content, only to be
thwarted by local cache or indexing systems throwing this content "over the
wall", due to a lack of awareness of the restrictions. Squid, and other
caching products, honour Cache-Control directives as a means of restriction,
and it would be nice if the _optional_ functionality existed to enable Apache
sending these.

I've attached a patch which enables this behaviour by default - obviously this
would need to be configurable before it made its way into release code, but
I'm seeking a "yes this is a good idea" or "no, don't be silly" before doing
that.
>How-To-Repeat:

>Fix:
A patch which contains the functionality, but not the configuration option:

*** src/modules/standard/mod_access.c.orig      Mon Sep 14 15:17:17 1998
--- src/modules/standard/mod_access.c   Mon Sep 14 15:20:39 1998
***************
*** 303,308 ****
--- 303,311 ----
        if (!(mmask & ap[i].limited))
            continue;
  
+       if (ap[i].type != T_ALL) 
+          ap_table_set(r->headers_out,"Cache-Control","private");
+ 
        switch (ap[i].type) {
        case T_ENV:
            if (ap_table_get(r->subprocess_env, ap[i].x.from)) {
>Audit-Trail:
>Unformatted:
[In order for any reply to be added to the PR database, ]
[you need to include <[EMAIL PROTECTED]> in the Cc line ]
[and leave the subject line UNCHANGED.  This is not done]
[automatically because of the potential for mail loops. ]
[If you do not include this Cc, your reply may be ig-   ]
[nored unless you are responding to an explicit request ]
[from a developer.                                      ]
[Reply only with text; DO NOT SEND ATTACHMENTS!         ]

Reply via email to