I have trouble with JSON response compression. I look to response headers after uploading website to production server (Windows 2008, IIS 7) and found uncompressed response. Turning on "Enabled static compression" and ""Enable dynamic compression" in IIS control panel does not effect. ASPX pages was responsed gzipped, but webservice response uncompressed.
I looked to google, but no answer found about this trouble. Also, I try this json ihttpmodule compression way (and adding to web.config this module) - but this source is excellent working at development machine with ASP.NET development server (and have seven times response size reduced) and totally ignored at IIS7.
How I can apply gzip compression to json responses from my webservice? Thanks.
PS .NET 3.5
I stumbled across the same problem with JsonCompressionModule. It was working on the development server but not on IIS 7. I figured out that under IIS 7 it isn't enough to add the handle under system.web but also under system.webServer (see below). After this change it works fine on IIS 7.
<system.web>
<httpModules>
<add name="JsonCompressionModule" type="JsonCompressionModule"/>
</httpModules>
</system.web>
<system.webServer>
<modules>
<add name="JsonCompressionModule" preCondition="managedHandler" type="JsonCompressionModule"/>
</modules>
</system.webServer>
IIS dynamic compression uses the response content type header to determine if it should compress the content or not. The default settings do not compress "application/json". You can find more information at http://www.iis.net/configreference/system.webserver/httpcompression
To add it, open an admin command prompt, run the commands below then restart the IIS service.
cd \Windows\System32\inetsrv
appcmd.exe set config -section:system.webServer/httpCompression /+"dynamicTypes.[mimeType='application/json',enabled='True']" /commit:apphost
You may want to add a few other content types. The only application/* types the default dynamic settings compress is application/x-javascript.
Please try and examine what are the request headers which the client sends. Accept-Encoding should have gzip or deflate value.
Make sure though that the client is able to decompress JSON.
There is a solution which is able to set Accept-Encoding and perform GZIP compression all together—Helicon Ape (http://www.helicontech.com/ape/). The following configuration will do both the tricks:
# Manually set required request header
RequestHeader append Accept-Encoding gzip early
# Enable high-level (9) comression for JSON files
SetEnvIf mime application/json gzip=9
Related
I was working on a website. All files are UTF-8 encoded without BOM. Everything was working fine. Suddenly my IIS or ASP.NET started serving the files with all umlauts garbled.
file contents of .aspx file on webserver
öäü
returned to browser by IIS
öäü
I can "fix" this problem by re-saving the files as UTF-8 with BOM but I don't want to do that. The HTTP Response header claims the content is UTF-8
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
but it is not. If I create an identical file and change it's extension from .aspx to .html, it gets served correctly.
This isn't restricted to a single website running on IIS but it's happening on ALL websites running on the IIS server. It not some setting in the web.config, it's happening even when I completely delete the web.config.
What could have caused this and why is this happening?
EDIT
OK so turns out I had to add <globalization fileEncoding="utf-8" /> to the web.config after all, i.e.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<globalization fileEncoding="utf-8" />
</system.web>
</configuration>
fixed it. It's strange because I'm pretty sure I didn't have that setting in my web.config before.
Yeah, as you said. DotNet Globalization feature page is responsible for configuring DotNet Framework globalization settings, such as language, culture, encoding options.
We can change globalization settings for ASP.NET applications at the Web server level when we want to apply to all ASP.NET applications on the server.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831368(v=ws.11)
You could post your solution as an answer to help the guy that runs into the same issue.
The Issue:
We have a .aspx aka WebForms page that enables users to download the displayed report as an MS-Excel download. This page is served as part of a web-application as well as inside a browser frame (ieframe) in a Desktop app.
The download works fine over HTTP on all browsers as well as inside the browser frame
When we switch to HTTPS (in the production environment) the download refuses to work
This SO Question details the problem and the cause in detail.
As the solution involved stripping off Cache-control: no-cache and Pragma: no-cache, I wrote an Http module to achieve this.
The Proposed Solution:
The HttpModule is basically doing this using the PreSendRequestHeaders event:
private void OnPreSendRequestHeaders(object sender, EventArgs e)
{
if (null == _httpApplication)
{
return;
}
if (_httpApplication.Context != null)
{
var response = _httpApplication.Response;
if (_httpApplication.Request.Url.AbsoluteUri.ToLowerInvariant().Contains("mypage.aspx"))
{
HeadersToCloak.ForEach(header => response.Headers.Remove(header));
response.Headers.Add("Cache-Control", "private, max-age=15");
}
}
}
The bone-of-contention:
During code-review, I've been told that this would not be a good solution as my custom module would run for all requests and would thus have performance implications.
The web.config for the application has runAllManagedModulesForAllRequests="true" under system.webServer node and this is required for other functionality required by the application.
What I have tried:
Tried placing the code to remove and add header on the ASPX page itself inside several events (one-by-one) including RenderComplete but when I examine the response in Fiddler, the troublesome headers are still there (not replaced with intended headers)
I've looked up the preCondition tag as explained HERE but since we run under integrated pipeline mode and have runAllManagedModulesForAllRequests="true", the preCondition would be meaningless
Questions requiring help:
Q1) Given that the module will run for all requests including static files and that I'm doing actual work only if the requested URI is for the page in question, how much of a performance impact does running this module have?
Q2) How can I otherwise remove and set headers only for one page?
Q3) Given the constraints, is it possible to only run this module for managed requests only or for my page only (don't think the latter is possible)?
The solution agreed upon is as follows:
1) Move the set of pages for which the functionality to strip-headers is required into their own separate folder under the root application
2) Place a web.config in this folder with the following settings under system.webServer:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="HeaderStripModule" />
<add name="HeaderStripModule" type="Com.Reports.HeaderStripModule" />
</modules>
</system.webServer>
In the root web.config, placed this setting:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="HeaderStripModule" />
</modules>
</system.webServer>
After these changes, I verfied through fiddler and found that the module (expectedly) only runs for the pages within the folder (which is set as an application under IIS).
According to Ultra-Fast ASP.NET: Chapter 3 - Caching:
Files that the browser retrieves from the server should be stored in
the browser’s cache as long as possible to help minimize server
round-trips.
But how does IIS know what a static content actually is and is not?
Is it just images, CSS, JS and not ASPX, ashx...?
Where can I see in IIS what is already considered to be static and what is not ?
What about the scenario where a page has been declared with <%# OutputCache header (without location)? Are the images, CSS and JS source files inside of it also being output cached with the same properties?
As a best practice, I should set one year into the future as the maximum expiration time. I should use that as the default for all static content on the site
So I did this :
But later, after pressing OK, I can't find any summary menu which shows me: to whom I already put a response header (in this case: the css folder).
Currently, in order to see that css folder has been applied with response headers - I have to go to the css folder again --> Http Response Header-->Set Common Headers --> and then I see it. It isn't written in the web.config.
But if I do it for a file (Login.aspx for example): I do see it in web.config:
<configuration>
<location path="Login.aspx">
<system.webServer>
<staticContent>
<clientCache cacheControlMode="UseExpires" cacheControlMaxAge="1.00:00:00" httpExpires="Fri, 15 Feb 2013 00:00:00 GMT" />
</staticContent>
</system.webServer>
</location>
</configuration>
I understand your situation. Sometime its confusing how IIS handles a file. Its also different for IIS 6 vs IIS 7 and different for Classic App Pools and Integrated mode app pools. My experience is mostly with Integrated App Pools on IIS 7.5, so thats the environment I can comment on most accurately.
First Question
But how does IIS knows what is actually a static content and what is
not?
Is it just images , css , js and not ASPX , ashx...?
Where can I see in the IIS what is already considered to be static and
what not ?
You can inspect the list of file handlers in IIS by navigating to your website and then click 'Handler Mappings'. By default these are inherited from the .Net base web.config which is in a different location depending on your .Net framework version.
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config
If a file being requested isn't already explicitly mapped to another handler it falls to a catch all handler (*) as the last option (System.Web.DefaultHttpHandler) which determines if it is a static file or a directory browsing request. So Static files are simply files not bound to another handler already. For example you'll see that *.aspx is already mapped to System.Web.UI.PageHandlerFactory prior to this default handler. So its going to be processed by that handler and not be considered a static file. If you removed that mapping you could technically serve *.aspx as a static file if you really wanted to (just for proof of how it works).
But you can also explicitly list a file type as a static file by adding an entry in your web.config's httpHandlers section mapping the file extensions to System.Web.StaticFileHandler in IIS. For example:
<configuration>
<system.webServer>
<handlers>
<add name="StaticHandler" verb="*" path="*.zip" type="System.Web.StaticFileHandler" preCondition="integratedMode" />
</handlers>
</system.webServer>
</configuration>
This example is using the <system.webServer> config section, so its for an App Pool running in Integrated Mode.
Second Question
What about the scenario where a page has been declared with <%#
OutputCache header(without location) . does the images,css,js src
files inside of it , are also being output cached with the same
properties?
No. Because the page is being server as a separate request (maybe even by a separate handler) it can have totally different cache headers/hints. The host page and the resources it may use are not related from a caching perspective.
In fact you may even want to have a shorter cache period for *.html and a longer cache period for *.jpg or *.png? Something to consider.
Third Question
As a best prcatice , I should set one year into the future as the
maximum expiration time.I should use that as the default for all
static content on the site
Hmm... I might not go as far as one year. How about one month? I would set a global policy like this:
<configuration>
<system.webServer>
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
</staticContent>
</system.webServer>
</configuration>
This is the same as the sample you showed above, but is not inside a <location> element, instead it is right in the root <configuration> element so it is the default policy. Again this is for an App Pool running in Integrated Mode. Sometimes you also need to turn on:
<configuration>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<!-- stuff -->
</modules>
</system.webServer>
<system.webServer>
This just makes sure that static files are processed through the managed static file handler which respects the above configuration elements.
Edit to Address Comments
The documentation for the configuration dialog you posted above is located here: Configure the HTTP Expires Response Header (IIS 7)
Apparently these settings are saved in C:\Windows\System32\inetsrv\config\applicationHost.config
I do not have IIS7 and personally develop on IIS 7.5 now. So please post a comment if you can verify this location is accurate!
The static content is the one that IIS is read and send to the browser with out any processing. There you can setup IIS to include some Cache-Control Header to cache it on clients browser computers.
You can do that ether by direct setup IIS, ether by commands on web.config as you say. The commands that you add on web.config and concern the IIS, did not have to do with asp.net it self, but the IIS, and IIS saves his configuration on a different file, so when you change that cache control headers direct on IIS you do not see them on web.config.
Now for the static content like images, CSS, JavaScript, and other similar files they say that you can follow the "never expire" policy by adding 10 years expire.
The issue here is that if you can not change the content of the static file, if for example you cache a javascript file with 10 years, and you make a small change on it, then you need ether to change the file name, ether to add some parameter at the end of it.
Now the <%# OutputCache on a control is referred to the server cache and not to the client, and what is actually do is to cache the render of the control on the server so the next time you ask it to not lose time to renders it again but read it from cache - is still send it to the browser.
And you can also read this answer for some more: What are difference between IIS (Dynamic and Static) cache,OutPutCache and browser cache
I was working on page optimization in my asp.net application using PageSpeed Insights and came across that i need to compress all request to Gzip format to reduce size and load time.
However when i have checked requests in network it's shows me that in Request-header & Response-Header there is already Accept-Encoding:gzip,deflate,sdch and Content-Encoding:gzip respectively. That means encoding is automatically take place for aspx page!
How this was happened? Is it by default?
For js and css there is no encoding and in PageSpeed Insights it shows me that you need to compress all js and css as well in High Priority section. How can i achieve it for my asp.net application?
IIS is able to do gzip compression for you, example below goes into your web.config
<system.webServer>
<!-- enable gzip compression -->
<urlCompression doStaticCompression="true" doDynamicCompression="true" dynamicCompressionBeforeCache="true" />
</system.webServer>
Because we protect .PDF files from anonymous users, we have a custom handler so we have an entry
We also made a change to the http headers to add "cache-control: no-cache,no-store" via IIS 7 management which creates web.config entries under system.webserver element as follows:
<httpProtocol>
<customHeaders>
<clear />
<add name="cache-control" value="no-cache,no-store" />
</customHeaders>
</httpProtocol>
When I review the Response headers in a burpsuite session, I see for .aspx pages: cache-control: no-store,no-cache,no-store
But for PDF pages:
Cache-Control: private,no-cache,no-store
My goal would be to get everything to just "no-cache, no-store". I am not sure what I am missing. There are no other cache settings in the web.config. Please advise on how to remove "private" from PDF pages and extra no-store from all else. Other static pages that go through the System.Web.StaticFileHandler, and they also have the "no-store,no-cache,no-store".
Although this post is now a few years old, I thought I would share my solution that may save someone hours of head-scratching.
I have an MVC 4 site setup using IIS, and my aim was to have IIS add headers to certain files (defined by location), by using the <customHeaders> section. The 'cache-control' values I had in the <customHeaders> section were being appended to the end of 'cache-control: private', magically being added by IIS.
This was because of the runAllManagedModulesForAllRequests setting in my web.config being set to true
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
</modules>
</system.webServer>
This setting was causing one of the IIS Modules (I don't know which) to append the 'cache-control' header to every file being requested from IIS.
So the solution is to set this to false, and manage each of your modules seperatley using the preCondition attribute on each.
The runAllManagedModulesForAllRequests setting was required by earlier versions of MVC because extensionless routing would not work without it. This has since been fixed, more details here
http://blogs.msdn.com/b/tmarq/archive/2010/04/01/asp-net-4-0-enables-routing-of-extensionless-urls-without-impacting-static-requests.aspx
Useful reading on the use of runAllManagedModulesForAllRequests
http://weblog.west-wind.com/posts/2012/Oct/25/Caveats-with-the-runAllManagedModulesForAllRequests-in-IIS-78
I can't tell you why IIS 7 is adding "private" to the cache control, but I can show you how I'm getting rid of it in my own ASHX-based pass-through proxy (see 1st comment below Original Post).
public class proxy : IHttpHandler
{
public void ProcessRequest(HttpContext context)
{
HttpResponse response = context.Response;
// Remove the 'private' string value from the response.CacheControl member
if (response.CacheControl == "private")
{
response.CacheControl = String.Empty;
}
// Do other stuff
}
}
This won't work if you're using the built-in Cassini web development server in Visual Studio. To mess with headers, you need to switch to a full-blown IIS Web Server in your development environment.