You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Tom Browder <to...@gmail.com> on 2012/07/31 16:15:31 UTC
[users@httpd] How does one use cached, static non-private pages with https?
I have a completely https site and would like to make it more
efficient for non-private static pages.
This document by Ivan Ristic:
https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf
recommends (in para 3.4) "enabling caching of public resources...by
attaching the Cache-Control: public response header to them."
I believe there are several directives that may be used, but if the
solution I eventually use does work, would that cause trouble for a
mixed content page (e.g., images embedded in a page with private
information)? My guess is no if the regex chosen prevents pages with,
say, "private" in the URL from getting the cache header.
As an Apache novice, a solution I believe should work is this (assumes
[1] my private data is in directories with "private" in the path and
[2] dynamic pages are generated by ".cgi" programs):
# for all directories without "private" in the URL
<DirectoryMatch "*(?!private)*">
# all resources get the "Cache-Control: public" header and value
(except cgi)
Header onsuccess set Cache-Control public env=!"%{QUERY_STRING} =~ /\.cgi$/"
</DirectoryMatch>
I will appreciate any critiques.
Thanks.
Best regards,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: How does one use cached, static non-private
pages with https?
Posted by Tom Browder <to...@gmail.com>.
On Fri, Aug 10, 2012 at 2:13 AM, Igor Cicimov <ic...@gmail.com> wrote:
> On Thu, Aug 9, 2012 at 12:05 AM, Tom Browder <to...@gmail.com> wrote:
>>
>> On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <to...@gmail.com>
>> wrote:
>> > I have a completely https site and would like to make it more
>> > efficient for non-private static pages.
...
> So, is it working for you?
Igor, thanks for the response.
I haven't tried it yet in the hopes someone could address the security
aspects of my proposal.
> I personally would use mod_expires and mod_cache to control what to cache
> and for how long.
That sounds like a good plan. I shall investigate that.
Thanks again.
Best regards,
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: How does one use cached, static non-private
pages with https?
Posted by Igor Cicimov <ic...@gmail.com>.
On Thu, Aug 9, 2012 at 12:05 AM, Tom Browder <to...@gmail.com> wrote:
> On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <to...@gmail.com>
> wrote:
> > I have a completely https site and would like to make it more
> > efficient for non-private static pages.
>
> Ping, anyone?
>
> -Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
So, is it working for you?
I personally would use mod_expires and mod_cache to control what to cache
and for how long.
Igor
[users@httpd] Re: How does one use cached, static non-private pages with https?
Posted by Tom Browder <to...@gmail.com>.
On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <to...@gmail.com> wrote:
> I have a completely https site and would like to make it more
> efficient for non-private static pages.
Ping, anyone?
-Tom
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org