I'm trying to change the cache-control & Expires headers coming through an apache reverse_proxy. I can't change the origin server configs or code ATM.
ExpiresActive On
Header unset Etag
Header unset Cache-Control
Header unset Expires
<LocationMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=290304000, public"
</LocationMatch>
.. and
<LocationMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
ExpiresActive On
Header unset Etag
Header unset Cache-Control
Header unset Expires
Header set Cache-Control "public"
Header set Cache-Control "max-age=290304000, public"
</LocationMatch>
are not doing it & when restarting apache2 there are no complaints about the config.
Testing by using "curl -I ...image.jpg"
Can maybe dodge the problem by setting multiple locations having different headers on each.
ex.
<Location /resources/>
Header unset Etag
Header set Cache-Control "max-age=290304000, public"
Header unset Expires
ProxyPass {ajp|http}://host:port/resources/
ProxyPassReverse {ajp|http}://host:port/resources/
</Location>
<Location //>
Header add "Instance_1"
ProxyPass {ajp|http}://host:port/
ProxyPassReverse {ajp|http}://host:port/
</Location>
Related
I have my Rest Framework API's up and running on an AWS EC2 instance. I have set up Apache and added SSL certificate.
I'm using my own custom token authentication.
Passing Authorization as header - On doing post request from both Postman and React, the header is not received in request.headers("Authorization") and request.META["HTTP_AUTHORIZATION"].
Passing Authorization2 or x-api-key as header -
Works fine from Postman
On React, browser throws error Access to fetch at 'https://www.myapi.live/api/project/add/8/' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field authorization2 is not allowed by Access-Control-Allow-Headers in preflight response.
I have already tried including Access-control-origin Header in React and setting django-cors-headers at backend. But it doesn't help.
Passing Authorization as header but exposing runserver at 0.0.0.0:8000 instead of apache https url-
Works in Postman
Works in React too
Here's my 000-default.conf in both sites-enabled and sites-available
<VirtualHost *:80>
ServerName www.myapi.live
ServerAdmin webmaster#localhost
DocumentRoot /home/ubuntu/django/project
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /static /home/ubuntu/django/project/static
<Directory /home/ubuntu/django/project/static>
Require all granted
</Directory>
<Directory /home/ubuntu/django/project/project>
<Files wsgi.py>
Require all granted
</Files>
</Directory>
WSGIDaemonProcess project python-path=/home/ubuntu/django/project python-home=/home/ubuntu/django/myenv
WSGIProcessGroup project
WSGIScriptAlias / /home/ubuntu/django/project/project/wsgi.py
WSGIPassAuthorization On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.myapi.live
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
</VirtualHost>
So I added WSGIPassAuthorization On to my apache.conf file which resides in the parent directory just outside of sites-enabled. Doing these changes made it work like a charm and apache no longer strips the Authorization header.
Just in case this can be of help to someone else in future! Thanks!
I'm trying to disable caching of HTML templates in my angular app. It seems the easiest way to achieve this is disabling via Apache. I placed this .htaccess file in my web root:
<FilesMatch "\.(html|htm)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Note "CACHING IS DISABLED ON LOCALHOST"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
and restarted the server:
sudo service apache2 restart
but re-loading my browser with a soft refresh still shows the old, cached files.
I am working in AngularJs and making certain cross origin requests for accessing data and all stuff.
For the same,I added the required headers in the 000-default.config file of Apache Server to allow Cross Origin Requests but it isn't working.
It keeps returning the same error 'XMLHttpRequest cannot load 'domain-name'. No 'Access-Control-Origin' header present and blah blah..
I tried putting the headers inside the <IfModule mod_headers.c></IfModule> but still no difference in output.
I restarted the server too after every attempt. if thats what you are thinking :P
000-default.config file
<VirtualHost *:8081>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "POST, GET, PUT, DELETE, OPTIONS"
Header set Access-Control-Allow-Headers "Origin, X-Requested-With, content-type, Accept"
Header set Access-Control-Allow-Credentials "true"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
After searching for answers i came across adding CORS chrome extension and disabling web security which made it work perfectly but what should I do for production purposes because no one would add extensions and disable security?
EDIT
The CORS problem is solved.I dont know how but it happened. I guess i restarted the system so it happened but still there is one issue left.
It works when we add --disable-web-security in chrome properties.This works fine in case of development. But how should i go about solving this for production purposes?
Please Help..
Google give the following example of setting up an Apache server to serve a GWT app.
What is the equivalent entries to an AppEngine (GAE) app.yaml file?
<Files *.nocache.*>
ExpiresActive on
ExpiresDefault "now"
Header merge Cache-Control "public, max-age=0, must-revalidate"
</Files>
<Files *.cache.*>
ExpiresActive on
ExpiresDefault "now plus 1 year"
</Files>
see https://developers.google.com/appengine/docs/go/config/appconfig#Static_Cache_Expiration
The expiration time will be sent in the Cache-Control and Expires HTTP
response headers, and therefore, the files are likely to be cached by
the user's browser, as well as intermediate caching proxy servers such
as Internet Service Providers.
I am a mediocre apache2 configuration specialist so I am looking to the apache GODS to school me on a specific header that is causing some browsers to not cache cookies, which I need for an OAuth implementation I am doing.
When I run the command:
lwp-request -e -d http://foobar.com
my site foobar.com returns the following headers:
Cache-Control: no-cache="set-cookie"
Connection: Close
Date: Thu, 13 Jan 2011 06:18:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Client-Date: Thu, 13 Jan 2011 06:18:01 GMT
Client-Peer: 50.16.212.144:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
Link: </images/ic_fav_alpha_32.png>; /="/"; rel="shortcut icon"
Set-Cookie: JSESSIONID=C5055D83F9B5A52C062D8A9F616D62AB; Path=/
Set-Cookie: AWSELB=3505DFB9122FAFC80483E17CBEB5E23D24546B00A71218A5BAE3B79F14317437BEAEDA7FECDE95AFFF6463C9769D0D0E3214FD9D67BAA906438E5D0FA925CD323D7E860C2A;MAX-AGE=600
Title: Foobar Home
X-Meta-Description: Foobar Home Page
X-Meta-Generator: Foobar
X-Meta-Google-Site-Verification: u9YkTj5gr6aeYBst1Aac-B_5cCvJe_Ataauqep_EwEE
X-Meta-Googlebot: index,follow
X-Meta-Refresh: 20
X-Meta-Robots: index,follow
So I attempt to unset the Cache-Control header in my site config for apache2 because I think this header is causing some browsers to not accept cookies. I want them to accept my cookies!
<VirtualHost *:80>
ServerName www.foobar.com
ServerAlias foobar.com
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost On
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Header unset Cache-Control
Header append Cache-Control "public"
</VirtualHost>
And now I would expect the no-cache header to disappear and to become "public" for foobar.com, but that does occur. This is the Cache-Control headers after restarting apache2:
Cache-Control: public
Cache-Control: no-cache="set-cookie"
This is not my expectation, I thought unset would unset all Headers of a specific type!
Note. This is an apache http server that is acting as an ajp proxy in front of a tomcat server on localhost:8080. I am expecting that should not matter.
Any ideas how to get rid of this pesky header?
THANKS!
Try to put the unset header under location:
<Location "/">
Header unset Cache-Control
</Location>