BUG/MEDIUM: cache: Get objects from the cache only for GET and HEAD requests

Only responses for GET requests are stored in the cache. But there is no check
on the method during the lookup. So it is possible to retrieve an object from
the cache independently of the method, from the time the key of the object
matches. Now, lookups are performed only for GET and HEAD requests.

This patch must be backportedi in 1.9.

diff --git a/src/cache.c b/src/cache.c
index 074c43bc4d2b687c3320cac8a91659e9dbbc36fd..f1ad3c7e2cf857d26d3db50fbd38efcb925f05b0 100644 (file)
--- a/src/cache.c
+++ b/src/cache.c
@@ -1401,10 +1401,17 @@ enum act_return http_action_req_cache_use(struct act_rule *rule, struct proxy *p
                                          struct session *sess, struct stream *s, int flags)
 {
 
+       struct http_txn *txn = s->txn;
        struct cache_entry *res;
        struct cache_flt_conf *cconf = rule->arg.act.p[0];
        struct cache *cache = cconf->c.cache;
 
+       /* Ignore cache for HTTP/1.0 requests and for requests other than GET
+        * and HEAD */
+       if (!(txn->req.flags & HTTP_MSGF_VER_11) ||
+           (txn->meth != HTTP_METH_GET && txn->meth != HTTP_METH_HEAD))
+               txn->flags |= TX_CACHE_IGNORE;
+
        if (IS_HTX_STRM(s))
                htx_check_request_for_cacheability(s, &s->req);
        else