I am trying to force no-cache on csv file on my site.
I added those lines to httpd.conf, by the documentation from apache:
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(html|csv|htm)$">
ExpiresDefault A0
Header set Cache-Control "no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform"
Header set Pragma "no-cache"
</FilesMatch>
But when I am trying to get the page at the first time, i get this on the csv file :
Request Method:GET
Status Code:200 OK (from cache)
Do you have any idea what i am doing wrong?!
Thanks!!
Gabi.
I checked it out and saw I have Django Middleware enabled, thet handled the cache.. I disabled it and now it works..
Sorry.. :)
Related
I have an elastic beanstalk server running an Apache proxy on Amazon Linux 2. I want to set the cache-control header on my index.html file to public, max-age=0.
In order to update my Apache config I understand I can add a config file to .platform/httpd/conf.d. In my first attempt I created this file:
<FilesMatch "index\.html">
Header set Cache-Control "public, max-age=0"
</FilesMatch>
This did not work. Looking around I think this is because the directives I have used are intended for Apache's htaccess file or within a <VirtualHost> section of the conf file.
Any ideas how I can get this working? Note I found this answer had some useful information.
EDIT: I also tried this in a conf file (it didn't set any cache-control headers).
<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>
EDIT: I also tried switching to nginx. I added a file .platform/nginx/conf.d/cache.conf, with the following contents
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 2d;
add_header Cache-Control "public, no-transform";
}
After deployment and a server restart, no cache-control headers were set on the files specified.
using securityheaders.io website, I can't get referrer policy header recognized in apache .htaccess.
This is my code in htaccess
<IfModule mod_headers.c>
Header set Referrer-Policy "no-referrer"
</IfModule>
The site still says missing referrer policy. Is this not the right code to use?
You must add like this in your htaccess file
Header always set Referrer-Policy "same-origin"
Referrer-Policy: no-referrer
Referrer-Policy: no-referrer-when-downgrade
Referrer-Policy: origin
Referrer-Policy: origin-when-cross-origin
Referrer-Policy: same-origin
Referrer-Policy: strict-origin
Referrer-Policy: strict-origin-when-cross-origin
Referrer-Policy: unsafe-url
Referrer-Policy: same-origin is usally recommended.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
This worked for me:
Header always set Referrer-Policy "no-referrer"
The browser is not caching it. It gets the response headers:
Accept-Ranges:bytes
Cache-Control:max-age=0, no-cache, no-store, must-revalidate
Connection:Keep-Alive
Content-Length:425169
Content-Type:application/javascript
Date:Thu, 09 Mar 2017 20:06:53 GMT
Expires:Wed, 11 Jan 1984 05:00:00 GMT
Keep-Alive:timeout=5, max=100
Last-Modified:Thu, 09 Mar 2017 20:06:49 GMT
Pragma:no-cache
Server:Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.4.16
My settings in Apache:
<VirtualHost *:80>
<Directory "/webapps/apps/devsite">
Allow from all
AllowOverride All
Order allow,deny
</Directory>
DocumentRoot /webapps/apps/devsite
ServerName testing.devsite.com
SSLEngine off
</VirtualHost>
My .htaccess:
<FilesMatch "\.(html|htm|js|css)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
The following loads a new, non-cached version:
on the server run: rm -f /webapps/apps/devsite/scripts/script.js
Reload in the web browser (thus getting a 404)
Copy the file back on to server
Reload in browser
The following does loads an old, CACHED version!:
On the server run: rm -f /webapps/apps/devsite/scripts/script.js
Copy the file back on to server (NOTE: I did not reload in browser yet)
Reload in browser
This shows that Apache is somehow caching it until it gets a new request and cannot find it. Why? How do i fix this?
The issue was it was using the kernel's SendFile which caused it to miss the file being changed. This is a Virtual Machine shared folder. Adding the following fixes it:
EnableSendfile off
(the "file" is lowercase)
More info here: https://www.vagrantup.com/docs/synced-folders/virtualbox.html
http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile
Apache does not permanently watch all files, only when you request a specific resource.
When you hit the 404 error, Apache loses the information about the file it has had found before.
The last modified timestamp does not change when you don't request a resource in the meantime.
I'm trying to setup HTTP Caching for my website. Following is my configuration settings
# 1 YEAR
<FilesMatch "\.(ico|svg|woff|eot|ttf)$">
Header set Cache-Control "max-age=31536000, public"
</FilesMatch>
# 1 WEEK
<FilesMatch "\.(jpg|png|gif|css|js)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
Does it make a difference if I place this in my <VirtualHost> settings or outside it? I've placed it inside the <VirtualHost>.
I tried checking the HTTP response for one of the png image using redbot.org and this is what it returned.
HTTP/1.1 200 OK
Date: Fri, 12 Sep 2014 09:28:33 GMT
Server: Apache/2.4.7 (Ubuntu)
Last-Modified: Tue, 26 Aug 2014 05:43:32 GMT
ETag: 1409031812.69
Content-Length: 23907
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png
Why is there no Cache-Control max-age header tag?
I also checked using the Google PageSpeed Insights and it still says expiration not specified for all the files.
Did I miss something?
The .htaccess file was not being taken into account due to some missing configuration settings in my apache2.conf file. Making the required changes in the conf file solved the issue.
I am using .htaccess to cache the js / css / etc files on the website. Everything works fine, but for some reason my pages get cached, too. I looked into the headers, and it works like this:
Browser requests a page http://poko.lt/up
Server responds with 301 to http://poko.lt/up/ (with Date and Last Modified headers equal to current time)
Browser requests http://poko.lt/up/
Server responds with the page, and with Date and Last Modified headers equal to my last forced refresh (like, yesterday), but Cache-control header is fine (max-age=0)
I get the old version of the page :/
My .htaccess looks like this:
# Turn on Expires and set default to 0
ExpiresActive On
ExpiresDefault A0
# 1 YEAR
<FilesMatch "\.(jpg|jpeg|png|gif|svg|eot|ttc|ttf|otf)$">
ExpiresDefault A29030400
Header append Cache-Control "public"
Header unset Last-Modified
Header unset ETag
FileETag None
</FilesMatch>
# 2 WEEKS
<FilesMatch "\.(css|js|swf)$">
ExpiresDefault A1209600
Header append Cache-Control "proxy-revalidate"
Header unset Last-Modified
Header unset ETag
FileETag None
</FilesMatch>
# NO CACHE
<FilesMatch "\/$">
ExpiresDefault A0
Header append Cache-Control "proxy-revalidate"
Header unset Last-Modified
Header unset ETag
FileETag None
</FilesMatch>
And, one can test it with the website http://poko.lt (the three red icons in the top middle of the page are the ones causing the problems). I am using FF4, and checking headers with Firebug.