Mailing List Archive: Apache: Users

How does one use cached, static non-private pages with https?

Index | Next | Previous | View Threaded

tom.browder at gmail

Jul 31, 2012, 7:15 AM

Post #1 of 4 (226 views)
Permalink

How does one use cached, static non-private pages with https?

I have a completely https site and would like to make it more
efficient for non-private static pages.

This document by Ivan Ristic:

https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf

recommends (in para 3.4) "enabling caching of public resources...by
attaching the Cache-Control: public response header to them."

I believe there are several directives that may be used, but if the
solution I eventually use does work, would that cause trouble for a
mixed content page (e.g., images embedded in a page with private
information)? My guess is no if the regex chosen prevents pages with,
say, "private" in the URL from getting the cache header.

As an Apache novice, a solution I believe should work is this (assumes
[1] my private data is in directories with "private" in the path and
[2] dynamic pages are generated by ".cgi" programs):

# for all directories without "private" in the URL
<DirectoryMatch "*(?!private)*">
# all resources get the "Cache-Control: public" header and value
(except cgi)
Header onsuccess set Cache-Control public env=!"%{QUERY_STRING} =~ /\.cgi$/"
</DirectoryMatch>

I will appreciate any critiques.

Thanks.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

tom.browder at gmail

Aug 8, 2012, 7:05 AM

Post #2 of 4 (189 views)
Permalink

Re: How does one use cached, static non-private pages with https? [In reply to]

On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <tom.browder [at] gmail> wrote:
> I have a completely https site and would like to make it more
> efficient for non-private static pages.

Ping, anyone?

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

icicimov at gmail

Aug 10, 2012, 12:13 AM

Post #3 of 4 (177 views)
Permalink

Re: Re: How does one use cached, static non-private pages with https? [In reply to]

On Thu, Aug 9, 2012 at 12:05 AM, Tom Browder <tom.browder [at] gmail> wrote:

> On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <tom.browder [at] gmail>
> wrote:
> > I have a completely https site and would like to make it more
> > efficient for non-private static pages.
>
> Ping, anyone?
>
> -Tom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe [at] httpd
> For additional commands, e-mail: users-help [at] httpd
>
>
So, is it working for you?

I personally would use mod_expires and mod_cache to control what to cache
and for how long.

Igor

tom.browder at gmail

Aug 10, 2012, 4:19 AM

Post #4 of 4 (176 views)
Permalink

Re: Re: How does one use cached, static non-private pages with https? [In reply to]

On Fri, Aug 10, 2012 at 2:13 AM, Igor Cicimov <icicimov [at] gmail> wrote:
> On Thu, Aug 9, 2012 at 12:05 AM, Tom Browder <tom.browder [at] gmail> wrote:
>>
>> On Tue, Jul 31, 2012 at 9:15 AM, Tom Browder <tom.browder [at] gmail>
>> wrote:
>> > I have a completely https site and would like to make it more
>> > efficient for non-private static pages.
...
> So, is it working for you?

Igor, thanks for the response.

I haven't tried it yet in the hopes someone could address the security
aspects of my proposal.

> I personally would use mod_expires and mod_cache to control what to cache
> and for how long.

That sounds like a good plan. I shall investigate that.

Thanks again.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe [at] httpd
For additional commands, e-mail: users-help [at] httpd

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads