I would like to have Apache HTTPD return response code 200 with data of resource request via a GET instead of returning response code 304 with no data. Any one have an idea how to do that?
Thanks in advance
remove the header, add the following into the httpd.conf file
<FilesMatch "\.(filetype1|filetype2)$">
RequestHeader unset If-Modified-Since
RequestHeader unset If-None-Match
</FilesMatch>
Add the following directive to your apache config file
RequestHeader unset If-Modified-Since
This will ignore IF-Modified-Since header sent from client so you will get not 304 Not Modified response.
Don't send it any cache-related headers (If-Modified-Since, If-None-Match and friends) when making the request. This informs the server that the client doesn't cache, and makes it always return data.
I'm not sure I fully understand your question. I assume you want the provide a normal HTTP answer if the client uses a correct URL, and a default page (with status 200) when the client uses a non-existing URL.
If this is the case, it can be achieved like that:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^.*+ /dummy.html
The first line is a condition that the URL doesn't macht an existing file on the web server. If that condidition holds, the second line is executed which serves a dummy page to the client.
Related
I'm using Apache; I put the following code in .htaccess to unset the Cookie header but it doesn't work:
<FilesMatch "\.(js|css|jpg|png|jpeg|gif|xml|json|txt|pdf|mov|avi|otf|woff|ico|swf)$">
RequestHeader unset Cookie
Header unset Cookie
Header unset Set-Cookie
</FilesMatch>
What is your solution?
Preventing the server from issuing a Set-Cookie response header for specific file types won't stop other file types setting a cookie for the domain. So the browser will still send the cookie and the benefits are lost.
Telling the server to remove a Cookie request header before passing it on to the next layer of request processing won't stop the browser from sending it in the first place. So the benefits are lost.
The article you reference in a comment says to serve your static files from a different domain.
Do that. Never write code that sets a cookie for that domain. That's all you need to do.
1 - Create a subdomain, such as static.yourwebsite.com, which is where you will deliver all your static files from
2 - Point your new subdomain to the /wp-content directory of your WordPress installation. For cPanel users, you will need to update the document root field from public_html/static to public_html/wp-content like the screenshot below.
3 - Edit your wp-config.php file to reflect the following
define("WP_CONTENT_URL", "http://static.yourwebsite.com");
define("COOKIE_DOMAIN", "www.yourwebsite.com");
4 - Run the following command in your SQL database, this will ensure all post URLs are directed to the new subdomain:
UPDATE wp_posts SET post_content = REPLACE(post_content,'www.yourwebsite.com/wp-content/','static.yourwebsite.com/')
I am trying to force browser to use https even when the user enters http URL. The idea is to use http response headers from the server. I am able to implement redirection using redirect (in site.conf) & Rewrite (which is disliked universally) but want to test out this method too.
Now I have tried adding the the following to my /etc/apache/sites-enabled/mysite.conf but despite the browser receiving the header response the user is not redirected to https (default apache page is shown):
Header set Location https://www.example.com/
Header set X-Forwarded-Proto: https
Header set Strict-Transport-Security "max-age=180; includeSubdomains"
Do I have to change anything else in the apache configuration to achieve this? (all modules are correctly loaded)
The Location header is only used for redirect responses (with a HTTP response code of 3XX) or Created responses (with a HTTP response code of 201):
https://www.rfc-editor.org/rfc/rfc7231#section-7.1.2
Just setting the header on a random page will not make the browser redirect.
When you use apache Redirect and Rewrite rules they set the response header AND add the location header. I really don't know why you'd want to do this manually.
And rewrite is not "universally disliked". It just overused when redirect would be simpler and more efficient in a lot of cases. If you need something more complicated then Rewrite is the right tool to use.
Finally you should not sent the Strict-Transport-Security header on a HTTP response (and the browser will rightly ignore it you do) but only on a HTTPS responses.
I'm using an htaccess rule to proxy to an internal server, using the answer recommended on this question, "Can ProxyPass and ProxyPassReverse Work in htaccess". I'm using htaccess as that is all I have access to. The method suggested works, but when I make a change on one of the internal pages and reload (from the external server) I don't even see it hitting the internal server, even after clearing the cache on the browser. In fact, if I try to load the page from another browser which never has tried to load the page before, it too gets the old copy.
This suggests something is being cached on the server, but how to change this? The apparent caching is rather annoying as I am trying to fix some issues that only occur on the proxied page.
If I hit the internal server directly and reload after a change, I always get the latest page.
I have tried a <filesMatch ...> rule for the affected pattern (using the same pattern as used in the RewriteRule in the following manner:
<filesMatch "^/?somedir/(.*)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
</filesMatch>
My rewrite rule looks like this, and comes after the filesMatch directive:
RewriteEngine On
RewriteRule ^/?somedir/(.*)$ https://internal.local.net:8000/$1 [L,P]
But this has not had any effect. I have also tried "NoCache *" but this directive causes an error as it is not allowed in an .htaccess file.
The P-flag in your RewriteRule causes the request to be proxied to the internal server using mod_proxy. mod_proxy by itself does not cache content. The caching is probably a result of mod_cache being enabled as well on the server. The settings you need to disable caching for your internal server can unfortunately only be done in server or virtual-host config. The solution would be to add what you tried to the configuration of the internal server thus telling mod_cache that it should not cache any response from your internal server:
Using .htaccess
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
or PHP
header('Cache-Control: no-cache, no-store, must-revalidate'); // HTTP 1.1.
header('Pragma: no-cache'); // HTTP 1.0.
header('Expires: 0'); // Proxies.
Try adding this in an htaccess file in your "somedir" directory:
ExpiresActive On
ExpiresDefault "now"
I have a page that issues an HTTP redirect. I need to append the current session id (jsessionid) to the end of the HTTP redirect to pass this id as a GET parameter in the redirect.
Can mod_header's Header append directive pick up a cookie value via SetEnvIf?
Should a rewrite rather be involved? But mod_rewrite just rewrites the request not the response, yes?
How would you solve this from an Apache perspective without touching back-end code?
Update: the Apache-JVM is handled by either mod_jk OR via IBM HTTP Server connection to WebSphere.
As to my knowledge, with Apache HTTPd you do it like this:
SetEnvIf Cookie "mycookie=([^;]+)" MYCOOKIE=$1
SetEnvIf Cookie "mycookie=([^;]+)" HAVE_MYCOOKIE=1
Header add Set-Cookie "mycookie=%{MYCOOKIE}e; expires=0" env=HAVE_MYCOOKIE
You can also add additional cookie attributes like path and domain if you want.
I have a directory of mp3 files want to have be able to serve them inline or giving the user an option to download based on the request URI.
/media/file1.mp3 -- in this case, I just want to serve the file and let the browser play it.
/media/download/file1.mp3 -- in this case, I want to make it easy for a user to download the file instead.
I have been able to accomplish this with mod_rewrite and php (using the header() and readfile() function) but I would rather do it all with mod_rewrite, mod_header etc if possible.
IfDefine will check variables set on start-up of Apache so that won't work. A valid config would be:
SetEnvIf Request_URI ^/media/download/ force-download
Header set Content-Disposition attachment env=force-download
Also changing the Content-Type is not necessary to force a download.
With mod_rewrite you can only change some specific header fields but to which the Content-Disposition header field doesn’t belong. You could only change the Content-Type header field:
RewriteRule ^media/[^/]+\.mp3$ - [L,T=audio/mpeg]
RewriteRule ^media/download/[^/]+$ - [L,T=application/octet-stream]
And if you want to use a mod_headers+mod_setenvif solution:
SetEnvIf Request_URI ^/media/download/ force-download
<IfDefine force-download>
Header set Content-Disposition attachment
Header set Content-Type application/octet-stream
</IfDefine>
If you want to base rule on parameters in URI, here is the logic / syntaxe (adapt RewriteCond) :
RewriteCond %{QUERY_STRING} ^dl=1$
RewriteRule ^ - [L,E=FORCEDOWNLOAD:1]
Header set Content-Disposition attachment env=FORCEDOWNLOAD
Here, we force download if the only parameter is "dl=1"