We Keep Coding

Turn OFF Cache for specific file with Apache

I have a page on a site which uses random() twig, in Firefox and Chrome it is prevented from working because it gets cached as soon as the page loads.
Is there a way to turn off caching of a particular file via the Apache configs, lets call it default.html or even better just turn off caching for the script part of that file but keep caching image files?
I have tried .htaccess but this does not work.
The only way currently that allows the script to work is to turn off caching globally via PHP headers:
<?php
header('Expires: Mon, 26 Jul 1997 05:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', FALSE);
header('Pragma: no-cache');
?>
But as I only need to turn off caching for an individual page, turning it off for everything seems crazy.

Figured it out, to target a specific file (in this case index.php), add this code to the bottom of .htaccess
<Files index.php>
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</Files>
Alternatively to target a specific selection of files, ie. I'd like to cache images but nothing else (files that match html, htm, js, css, php will not be cached):
<filesMatch "\.(html|htm|js|css|php)$">
FileETag None
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</filesMatch>
To check the .htaccess was being read I entered a few lines of rubbish at the bottom, found out it wasn't being read, renamed it from htaccess to .htaccess and it worked.

Apache does not cache my contents

I'm already aware of caching files with Apache. I'm writing unit tests for a library and I have one PHP file that prints the current microtime. I use it to verify if the file has changed between two requests.
My problem : the returned content is always different, even if I force caching in .htaccess with :
ExpiresActive on
ExpiresDefault "access plus 1 year"
Header append Cache-Control "public"
When I watch the response headers in the developer tools, everything seems fine :
Cache-Control:max-age=31536000, public
Connection:Keep-Alive
Content-Length:14
Content-Type:text/html
Date:Thu, 06 Nov 2014 09:21:30 GMT
Expires:Fri, 06 Nov 2015 09:21:30 GMT
Keep-Alive:timeout=5, max=100
Server:Apache/2.4.7 (Win32) PHP/5.5.8
X-Powered-By:PHP/5.5.8

Force PDF file download using htaccess

i am using Apache as backend server and nginx as frontend server. I need to make PDF files downloadable (at this moment they are opening in a browser window).
Here's a link:
link
Here's what i have tried so far in my .htaccess file:
<FilesMatch "\.(pdf)$">
ForceType application/octet-stream
Header set Content-Disposition attachment
</FilesMatch>
Didn't work, just opens the file in a browser.
AddType application/force-download pdf
Didn't work.
AddType application/octet-stream .pdf
Didn't work.
UPDATE
Tried: wget --server-response -O /dev/null http://domain.com/files/teltomat.pdf
And got response:
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Server: nginx
Date: Wed, 24 Sep 2014 17:40:54 GMT
Content-Type: application/pdf
Content-Length: 3116445
Last-Modified: Wed, 24 Sep 2014 13:28:07 GMT
Connection: keep-alive
Keep-Alive: timeout=60
ETag: "5422c6e7-2f8d9d"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
Length: 3116445 (3,0M) [application/pdf]
Saving to: ‘/dev/null’

You could try the HTML5 solution of adding a "download" instead of "target":
link
As it looks like the server's end is doing the right thing (by making the disposition "attachment") but maybe the browser is deciding on its own that it can handle PDF's inline and opens a new window instead.

Apache: Get rid of Keep-Alive entry in the headers list

I'm using LAMP (Linux, Apache, MySQL, PHP) server.
Currently the server sends the response with next Headers list. I want to eliminate Keep-Alive entry for security reasons, to have Headers list without it. Is it possible to prevent sending the Keep-Alive entry in the Headers list?
Current Response Headers:
Cache-Control private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection Keep-Alive
Content-Encoding gzip
Content-Type text/html; charset=UTF-8
Date Thu, 13 Mar 2014 01:43:49 GMT
Expires Thu, 13 Mar 2014 01:43:49 GMT
Keep-Alive timeout=5, max=200
Last-Modified Thu, 13 Mar 2014 01:43:49 GMT
Pragma no-cache
Server Apache
Transfer-Encoding chunked
Vary Accept-Encoding
X-DNS-Prefetch-Control off
X-Frame-Options sameorigin
Response Headers I Would Like Instead:
Cache-Control private, no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Connection Keep-Alive
Content-Encoding gzip
Content-Type text/html; charset=UTF-8
Date Thu, 13 Mar 2014 01:43:49 GMT
Expires Thu, 13 Mar 2014 01:43:49 GMT
Last-Modified Thu, 13 Mar 2014 01:43:49 GMT
Pragma no-cache
Server Apache
Transfer-Encoding chunked
Vary Accept-Encoding
X-DNS-Prefetch-Control off
X-Frame-Options sameorigin

Is it possible to prevent sending the Keep-Alive entry in the Headers list?
To my knowledge, no. The whole purpose of the Keep-Alive header is to communicate the need for a persistent connection to the client. So getting rid of the headers gets rid of the main form of communication between the client & the server.
That said, you might be able to get it unset by using unset in your Apache config or .htaccess as explained here. I emphasize might since I have had header directives not behave as expected in some versions of Apache. But assuming good faith, first be sure the headers module is enabled. In Ubuntu 12.04 you would do this:
sudo a2enmod headers
And then add this to your Apache config or .htaccess:
<IfModule mod_headers.c>
Header unset Keep-Alive
</IfModule>
Now restart Apache:
sudo service apache2 restart
More details on the header directive are here.

There are a few ways to this in apache:
Server-wide using the KeepAlive directive ( KeepAlive ). However you can not have this in per-directory configuration files, so setting KeepAlive Off will turn off keep alive for the entire server.
Using SetEnv or SetEnvIf with mod_env, and set the nokeepalive environmental variable. This will turn off keepalive for the location where the environmental is set, or the rule that is matched by SetEnvIf (depending with you use). e.g.
can be in HTACCESS
SetEnv nokeepalive 1
Using mod_rewrite to again set the environmental for a specific rule, e.g.
RewriteRule some-file.html - [E=nokeepalive:1]
Using PHP (or any other server site language) and sending the header Connection: close. This will cause Apache to omit the Keep-Alive header, since the connection is no longer keepalive. e.g.
php
header('Connection: close');
Use mod_headers to set the connection header to close again, e.g.
Header set Connection "close"
I personally have not tested the last one, but it should work.

KeepAlive behavior (availability and timeouts) is directly configurable:
http://httpd.apache.org/docs/2.4/mod/core.html#keepalive
Changing this is primarily an aspect of performance rather than security, but you're free to test the implications in your own environment.

Browser fails to cache SWF file

I am having an issue with the browser not caching a SWF file.
I have the following in my apache configuration:
ExpiresByType application/x-shockwave-flash "access plus 2 months"
I can see the headers coming back from the original request for the SWF look like this (the expires header looks like it's being set properly):
Request:
User-Agent Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Accept HTTP Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip,deflate
Cookie auth_token=
Response:
Server Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.5 with Suhosin-Patch proxy_html/3.0.0 mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.5
Last-Modified Sat, 14 Nov 2009 04:48:19 GMT
Etag "49384-4784d7c3c8ac0"
Accept-Ranges bytes
Content-Length 299908
Cache-Control max-age=5184000
Expires Fri, 15 Jan 2010 20:25:42 GMT
Content-Type application/x-shockwave-flash
However, on subsequent loads of the page, the browser still sends If-Range requests for the SWF as follows:
Request:
User-Agent Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Accept HTTP Accept=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip,deflate
Cookie auth_token=
Range bytes=0-
If-Range "49384-4784d7c3c8ac0"
Response:
Server Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.5 with Suhosin-Patch proxy_html/3.0.0 mod_ssl/2.2.8 OpenSSL/0.9.8g Phusion_Passenger/2.2.5
Last-Modified Sat, 14 Nov 2009 04:48:19 GMT
Etag "49384-4784d7c3c8ac0"
Accept-Ranges bytes
Content-Length 299908
Cache-Control max-age=5184000
Expires Fri, 15 Jan 2010 20:25:45 GMT
Content-Range bytes 0-299907/299908
Content-Type application/x-shockwave-flash
These subsequent requests appear to be sending the Etag in the If-Range header, and are getting 206 responses with the entire content. I've tried setting apache up to unset the Accept-Ranges header and Etags, but the browser will re-request the file in either cases.
Has anyone seen anything like this before and know what to do to get the SWF to cache?
Thanks!