We are using Drupal 5.x. We are experimenting with Squid as reverse proxy. Squid and Drupal are configured. Static content is getting cached.
For testing purposes, we would like to set "Cache-Control: public ..." on the 'authenticated' pages returned by Drupal.
We see that the headers are set in bootstap.inc. We've modified all instances of "Cache-Control" header in that file, set it to 'public'. However, when we view the HTTP headers (in Safari's Web Inspector), we see "Cache-Control:private". For that reason, Squid is returning Cache MISS on those pages.
Question is - where exactly is this "Cache-Control" getting set to "private"? How can we change the "Cache-Control" header for authenticated users?
Thanks in advance!
Try Pressflow (https://launchpad.net/pressflow/5.x) which is a fork of Drupal with built in cache control.
Related
I have static content (icons etc...) served via Asp.Net
Every response gets caching added to it, like this:
Response.Cache.SetExpires(Now.AddMinute(30))
Response.Cache.SetValidUntilExpires(True)
When I browse from my office everything is fine
When one of the users browses from home, the icons are not cached. Which makes browsing very slow.
I have a log that shows the incoming requests, and the requests from this user have this header
"Cache-Control":"no-cache, no-store"
I don't know if that's the issue, and if yes, how can I solve it? Or can there be something else wrong?
Also, after setting the cache expiration, it seems that the Response.Headers are not affected. I don't see the caching info in the headers.
This is the header string. Not a word about caching.
{Server=Microsoft-IIS%2f10.0&HitID=9&X-AspNetMvc-Version=5.2}
Why are my Cache settings being ignored?
Please check your IIS cache setting. The static file setting may not related with the Response.Cache.SetExpires method().
And you can also set the Cache-Control in iis. About how to set the Cache-Control you can refer to this link.
Cache-Control
I am running WordPress 5.3.2 on Apache/2.4.29 (Ubuntu) 18.04 on a Digital Ocean droplet.
My client requested the following:
All cookies transferred over an encrypted session, in particular session cookies, should be marked as 'Secure' and all session information should be transmitted over HTTPS.
The HttpOnly flag should also be set within the cookie
So, I defined the following in the virtual host:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure;SameSite=Strict
I then tested the header response and could see my Set-Cookie defined.
The problem is, I now can't login to WordPress. WordPress says:
ERROR: cookies are blocked or not supported by your browser. You must
enable cookies to use WordPress.
What am I doing wrong?
Strict is probably more restrictive than you want, as this will prevent cookies from being sent on initial cross-site navigations, e.g. if I emailed you a link to a page on your blog, when you first followed that link, the SameSite=Strict cookies would not be sent and it might appear as if you were not logged in.
SameSite=Lax is a better default here. Then I would explicitly look at setting SameSite=Strict or SameSite=None on individual cookies where you know the level of access required.
The HttpOnly attribute is also blanket preventing all of your server-side set cookies from being read by JavaScript. You may well have functionality on your page that requires this.
Finally, a blanket approach here is probably overkill - as it looks as if you will be appending this snippet to every outgoing cookie header, even the ones that already include those attributes. This is likely to cause some unpredictable behaviour. I would either do this on a specific allow-list basis by checking for explicit cookie names or I would alter the regex to only set this if those attributes are missing.
A late answer. But if it helps someone:
Put these values in php.ini
session.cookie_httponly = 1
session.cookie_secure = 1
Of course you should have a valid https certificate.
I have built a mobile friendly application by detecting mobile users on the fly and serving a different layout in coldfusion.which is termed as Dynamically serving different HTML on the same URL' by google. I should change the server http header to be a " Vary HTTP header"
now, I have to setup a vary http header based on layout, If it is a mobile then I have to set Vary: User-Agent. How can set this at page level through coldfusion.
Can I achieve this through coldfusion, if not can you help me in setting up in iis.
Thanks
You can use setHeader() for this:
<cfscript>
pc = getPageContext().getResponse();
pc.setHeader( "vary", "user-agent" );
</cfscript>
This functionality isn't very well documented in the official coldfusion documentation, but this article tells you all you need to know.
Lets say you want to serve different content from the same url but still want to be able to use squid caching.
For example caching a logged in users homepage vs another user. Is there anyway to append a cookie to the request url before throwing it into the squid's cache?
Use the vary header .
So you can have multiple version of a page depending of the vary header. But the browser must send the variant header so you don't have a lot of choice to do this. Cookie header can be use if your use case. Be careful PURGE method doesn't work with variant cache in squid !
Try playing with storeurl_rewrite_program:
http://www.squid-cache.org/Versions/v2/2.7/cfgman/storeurl_rewrite_program.html
Basically, it acts like a normal Squid rewrite / redirector program, but it ONLY affects the URL used to look up / store in the cache.
We need to conditionally disable GZIP compression if user's browser is IE6 (it hangs browser for 5min) in few pages of larger site. Server is IIS7 and has compression for static content turned on - want that compression left working if user agent is not Mozilla/4.0. ASPX code sample anyone?
Alternatively, code to conditionally redirect to the same page on another site (could create another virtual site with compression disabled) but need to pass all parameters (GET/POST).
Try intercepting the browser's request to stop claiming support for Gzip, if the request is from IE5/IE6 . I believe ISAPI rewrite is available for IIS.
Take note: this does not require you to have separate gzipped and non-gzipped pages. This is probably a better approach than your proposal, since it cuts the problem at its source.