httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Browder <tom.brow...@gmail.com>
Subject [users@httpd] How does one use cached, static non-private pages with https?
Date Tue, 31 Jul 2012 14:15:31 GMT
I have a completely https site and would like to make it more
efficient for non-private static pages.

This document by Ivan Ristic:

  https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.0.pdf

recommends (in para 3.4) "enabling caching of public resources...by
attaching the Cache-Control: public response header to them."

I believe there are several directives that may be used, but if the
solution I eventually use does work, would that cause trouble for a
mixed content page (e.g., images embedded in a page with private
information)? My guess is no if the regex chosen prevents pages with,
say, "private" in the URL from getting the cache header.

As an Apache novice, a solution I believe should work is this (assumes
[1] my private data is in directories with "private" in the path and
[2] dynamic pages are generated by ".cgi" programs):

  # for all directories without "private" in the URL
  <DirectoryMatch "*(?!private)*">
    # all resources get the "Cache-Control: public" header and value
(except cgi)
    Header onsuccess set Cache-Control public env=!"%{QUERY_STRING} =~ /\.cgi$/"
  </DirectoryMatch>

I will appreciate any critiques.

Thanks.

Best regards,

-Tom

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message