Page Cache Compatibility Mode

[joshin42]

Howdy,

When upgrading sites that from 0.9.4.1 to today's pull, I encountered an error when compatibility mode was enabled. Our environment works fine with it off, so I have a work around.

I can replicate this on multiple sites and servers. The error looks like this:

[Tue Aug 30 18:15:28 2016] [crit] [client 24.56.43.116] configuration error: couldn't perform authentication. AuthType not set!: /wp-content/cache/page_enhanced/www.clientsite.com//category/faith//_index.html_gzip, referer: http://www.clientsite.com/

The pair of //'s in the path seem to be the culprit.

Sorry that I suck at coding or I'd be more useful and contribute fixes. I'm happy to test the latest code on some busy sites I manage & write up interesting things I find.

-J

[nigrosimone]

@amiga-500, maybe the problem was introduced with this commit 954b739 (#24)

I think that the problem is:

Require all granted

Require all granted is only in 2.4, but Allow all XXX stops working in 2.4. authz_host_module was introduced in Apache 2.1. The generated code:

<Files ~ "\.(html|html_gzip|xml|xml_gzip)$">
  <IfModule mod_authz_host.c>
    Require all granted
  </IfModule>
  <IfModule !mod_authz_host.c>
    Allow from all
  </IfModule>
</Files>

is not safe on Apache < 2.4 with module mod_authz_host loaded.

I found some info on stackoverflow.

Step to reproduce

1. Enable compatibility mode in page cache settings
2. Enable mod_authz_host on Apache < 2.4

Possible fix

<Files ~ "\.(html|html_gzip|xml|xml_gzip)$">
  <IfModule mod_authz_host.c>
    <IfVersion < 2.4>
      Allow from all
    </IfVersion>
    <IfVersion >= 2.4>
      Require all granted
    </IfVersion>
  </IfModule>
  <IfModule !mod_authz_host.c>
    Allow from all
  </IfModule>
</Files>

but this require mod_version module

---

@joshin42, thanks for your testing!

[charlesLF]

I think @nigrosimone is right.

Here's what I would suggest we use for the "If" blocks

<IfModule mod_version.c>
    <IfVersion < 2.4>
        Order Allow,Deny
        Allow from All
    </IfVersion>
    <IfVersion >= 2.4>
        Require all granted
    </IfVersion>
</IfModule>
<IfModule !mod_version.c>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Allow from All
    </IfModule>
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
</IfModule>

We could probably just shrink it down to

    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Allow from All
    </IfModule>
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>

But the first block is there for minimizing any false positives

[joshin42]

Agreed with the diagnosis, thanks! :)

Yes, we're still on 2.2, Sites with compatibility mode are (even our) edge cases & we can disable it on them without problem

Thankfully, we'll finally be moving to 2.4 in a month or two.

[nigrosimone]

@joshin42 i have applied @charlesLF suggestion. Can you test the master?

[joshin42]

Thanks @nigrosimone, it seems to be working fine now!

-J

[nigrosimone]

@joshin42 Thanks!

[amiga-500]

sorry my mistake. and the belated reply. And thx for the fix . I noticed when i had written e4efc3f i apparently didnt notice mod_authz_host was also available in 2.2...yikes! When i researched this at the time it seems i was looking incorrectly under 2.0 modules (mod_authz_host doesnt exist for it) mistakenly thinking i was researching all things pre-2.4. whoops!

thx again
Kimberly

[nigrosimone]

No problem Kimberly! ; )