make mod_cache not cache cookies but cache contents from application side

make mod_cache not cache cookies but cache contents from application side

am 30.10.2009 20:57:38 von arekm

Hi,

Is there a way to forbid caching cookies from application level (let say php
or mod_perl level) by mod_cache? I know method via apache config but trying
to find one via application level. Of course I would like the rest (bodies)
to be actually cached but not cookies itself.

mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to
the user B which for me is serious security issue.

--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: make mod_cache not cache cookies but cache contents

am 31.10.2009 01:59:32 von Igor Cicimov

--000e0cd761d04d0538047730a80d
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Read the mode_cache directive on the apache site and you will find your
answer


2009/10/31 Arkadiusz Mi=B6kiewicz

>
> Hi,
>
> Is there a way to forbid caching cookies from application level (let say
> php
> or mod_perl level) by mod_cache? I know method via apache config but tryi=
ng
> to find one via application level. Of course I would like the rest (bodie=
s)
> to be actually cached but not cookies itself.
>
> mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to
> the user B which for me is serious security issue.
>
> --
> Arkadiusz Mi=B6kiewicz PLD/Linux Team
> arekm / maven.pl http://ftp.pld-linux.org/
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server Project=
..
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

--000e0cd761d04d0538047730a80d
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Read the mode_cache directive on the apache site and you will find your ans=
wer
=A0

2009/10/31 Arkadiusz Mi=B6kie=
wicz <arekm@maven.pl=
>

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Hi,



Is there a way to forbid caching cookies from application level (let say ph=
p

or mod_perl level) by mod_cache? I know method via apache config but trying=


to find one via application level. Of course I would like the rest (bodies)=


to be actually cached but not cookies itself.



mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to r>
the user B which for me is serious security issue.



--

Arkadiusz Mi=B6kiewicz =A0 =A0 =A0 =A0PLD/Linux Team

arekm / =A0 =A0 =
=A0 =A0 =A0 =A0http=
://ftp.pld-linux.org/





------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g">users-unsubscribe@httpd.apache.org

=A0 " =A0 from the digest: @httpd.apache.org">users-digest-unsubscribe@httpd.apache.org

For additional commands, e-mail: org">users-help@httpd.apache.org






--000e0cd761d04d0538047730a80d--

Re: make mod_cache not cache cookies but cache contents

am 31.10.2009 02:02:15 von Igor Cicimov

--000e0cd59be0ff6ddd047730b19e
Content-Type: text/plain; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Also did you try setting the Cache header to no-cache on the apllication
side for the cookies?


2009/10/31 Igor Cicimov

> Read the mode_cache directive on the apache site and you will find your
> answer
>
>
> 2009/10/31 Arkadiusz Mi=B6kiewicz
>
>>
>> Hi,
>>
>> Is there a way to forbid caching cookies from application level (let say
>> php
>> or mod_perl level) by mod_cache? I know method via apache config but
>> trying
>> to find one via application level. Of course I would like the rest
>> (bodies)
>> to be actually cached but not cookies itself.
>>
>> mod_cache from 2.2.14 is doing crazy things like leaking user A cookie t=
o
>> the user B which for me is serious security issue.
>>
>> --
>> Arkadiusz Mi=B6kiewicz PLD/Linux Team
>> arekm / maven.pl http://ftp.pld-linux.org/
>>
>>
>> ------------------------------------------------------------ ---------
>> The official User-To-User support forum of the Apache HTTP Server Projec=
t.
>> See for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>

--000e0cd59be0ff6ddd047730b19e
Content-Type: text/html; charset=ISO-8859-2
Content-Transfer-Encoding: quoted-printable

Also did you try setting the Cache header to no-cache on the apllication si=
de for the cookies?


2009/10/31 Igor C=
icimov <icicimov=
@gmail.com>

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Read the mode_cac=
he directive on the apache site and you will find your answer
=A0
r>
2009/10/31 Arkadiusz Mi=B6kiewicz tr"><arekm@maven.pl<=
/a>>

204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">

Hi,



Is there a way to forbid caching cookies from application level (let say ph=
p

or mod_perl level) by mod_cache? I know method via apache config but trying=


to find one via application level. Of course I would like the rest (bodies)=


to be actually cached but not cookies itself.



mod_cache from 2.2.14 is doing crazy things like leaking user A cookie to r>
the user B which for me is serious security issue.



--

Arkadiusz Mi=B6kiewicz =A0 =A0 =A0 =A0PLD/Linux Team

arekm / =A0 =A0 =
=A0 =A0 =A0 =A0http=
://ftp.pld-linux.org/





------------------------------------------------------------ ---------

The official User-To-User support forum of the Apache HTTP Server Project.<=
br>
See <URL: lank">http://httpd.apache.org/userslist.html> for more info.

To unsubscribe, e-mail: g" target=3D"_blank">users-unsubscribe@httpd.apache.org

=A0 " =A0 from the digest: @httpd.apache.org" target=3D"_blank">users-digest-unsubscribe@httpd.apache.=
org

For additional commands, e-mail: org" target=3D"_blank">users-help@httpd.apache.org








--000e0cd59be0ff6ddd047730b19e--

Re: make mod_cache not cache cookies but cache contents from application side

am 31.10.2009 11:35:06 von arekm

Igor Cicimov wrote:

> Also did you try setting the Cache header to no-cache on the apllication
> side for the cookies?

This will prevent caching anything. I would like only cookies to be not
cached while the body of the request to be actually cached.

--
Arkadiusz Miśkiewicz PLD/Linux Team
arekm / maven.pl http://ftp.pld-linux.org/


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org