httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rune Stilling <s...@rdfined.dk>
Subject [users@httpd] Caching of pages with HTTP authentication using mod_cache_disk and apache 2.4
Date Thu, 28 Apr 2016 11:43:16 GMT
Hi list

I have a Apache web site serving REST-resources from a Tomcat server via proxypass. I have
set up the cache_disk_module so that resources are cached server side. My httpd.conf looks
like this:

 <IfModule cache_disk_module> 
  CacheDefaultExpire 300 
  CacheIgnoreNoLastMod On 
  CacheIgnoreQueryString Off 
  CacheIgnoreCacheControl On 
  CacheIgnoreHeaders Set-Cookie 
  CacheQuickHandler Off 
  CacheRoot "C:/Program Files (x86)/Apache Software Foundation/Apache24/cache" 
  CacheEnable disk / 
  CacheDirLevels 1 
  CacheDirLength 2 
 </IfModule> 

I have been experimenting with the Cache-Control response-header using either:

1) Cache-Control: public
2) Cache-Control: public, no-cache

If I use public only my basic http authentication page is cached including username and password,
so when just one client has authenticated, all clients are able to access the page without
authenticating.

If I use "public, no-cache” the protected page is never cached. The cache-log says "cache
miss: attempting entity save” every time.

The second solution as I read it is supposed to be the official way to do things:

"If you’d like such pages to be cacheable, but still authenticated for every user, combine
the Cache-Control: public and no-cache headers. This tells the cache that it must submit the
new client’s authentication information to the origin server before releasing the representation
from the cache.” (https://www.mnot.net/cache_docs/)

On the other hand I found an old post on list stating:

"An in any case, as you've noticed, it isn't supported at the moment." (http://osdir.com/ml/httpd-apache/2006-12/msg00493.html)

So my question is: Is this feature still not supported in Apache httpd/mod_cache_disk? Are
there other ways to accomplish caching of basic authentication protected ressources without
caching username and password?

With regards,
Rune
Mime
View raw message