I am a mediocre apache2 configuration specialist so I am looking to the apache GODS to school me on a specific header that is causing some browsers to not cache cookies, which I need for an OAuth implementation I am doing.
When I run the command:
lwp-request -e -d http://foobar.com
my site foobar.com returns the following headers:
Cache-Control: no-cache="set-cookie"
Connection: Close
Date: Thu, 13 Jan 2011 06:18:00 GMT
Vary: Accept-Encoding
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Client-Date: Thu, 13 Jan 2011 06:18:01 GMT
Client-Peer: 50.16.212.144:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
Link: </images/ic_fav_alpha_32.png>; /="/"; rel="shortcut icon"
Set-Cookie: JSESSIONID=C5055D83F9B5A52C062D8A9F616D62AB; Path=/
Set-Cookie: AWSELB=3505DFB9122FAFC80483E17CBEB5E23D24546B00A71218A5BAE3B79F14317437BEAEDA7FECDE95AFFF6463C9769D0D0E3214FD9D67BAA906438E5D0FA925CD323D7E860C2A;MAX-AGE=600
Title: Foobar Home
X-Meta-Description: Foobar Home Page
X-Meta-Generator: Foobar
X-Meta-Google-Site-Verification: u9YkTj5gr6aeYBst1Aac-B_5cCvJe_Ataauqep_EwEE
X-Meta-Googlebot: index,follow
X-Meta-Refresh: 20
X-Meta-Robots: index,follow
So I attempt to unset the Cache-Control header in my site config for apache2 because I think this header is causing some browsers to not accept cookies. I want them to accept my cookies!
<VirtualHost *:80>
ServerName www.foobar.com
ServerAlias foobar.com
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / http://localhost:8080/
ProxyPreserveHost On
# alert, emerg.
LogLevel warn
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
ServerSignature On
Header unset Cache-Control
Header append Cache-Control "public"
</VirtualHost>
And now I would expect the no-cache header to disappear and to become "public" for foobar.com, but that does occur. This is the Cache-Control headers after restarting apache2:
Cache-Control: public
Cache-Control: no-cache="set-cookie"
This is not my expectation, I thought unset would unset all Headers of a specific type!
Note. This is an apache http server that is acting as an ajp proxy in front of a tomcat server on localhost:8080. I am expecting that should not matter.
Any ideas how to get rid of this pesky header?
THANKS!
Try to put the unset header under location:
<Location "/">
Header unset Cache-Control
</Location>
Related
I did a quick check to see make sure my site was 301 redirecting from:
https://inlunar.com/news/iceye-shows-off-new-sharp-images-from-satellite
to the www. version:
https://www.inlunar.com/news/iceye-shows-off-new-sharp-images-from-satellite
However, when I checked, I found that there was an extra 301 redirect happening from the www. url to:
/news/iceye-shows-off-new-sharp-images-from-satellite
without the domain name anywhere to be found. Here is the full log of that second redirect:
>>> https://www.inlunar.com/news/iceye-shows-off-new-sharp-images-from-satellite
> --------------------------------------------
> 301 Moved Permanently
> --------------------------------------------
Status: 301 Moved Permanently
Code: 301
Cache-Control: public, max-age=0, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Wed, 17 Jun 2020 01:09:17 GMT
Etag: "8af6153ff17d129285674adb734ca0e3-ssl"
Strict-Transport-Security: max-age=31536000
Age: 0
Server: Netlify
X-NF-Request-ID: 69351fad-bde6-4674-a9b8-fe017a45ee0c-2118676
Location: /news/iceye-shows-off-new-sharp-images-from-satellite/
Why is this second 301 redirect happening?
Netlify appears to be redirecting to the location of the current request with a trailing slash, consistent with their documentation, in an effort to improve cache hit rates.
As for the omission of the domain, it's simply a relative URL.
Relative URLs are URLs that do not include a scheme or a host. In
order to be understood they must be combined with the URL of the
original request.
Client request for http://www.example.com/blog:
GET /blog HTTP/1.1
Host: www.example.com
Server response:
HTTP/1.1 302 Found
Location: /articles/
The URL of the location is expanded by the client to
http://www.example.com/articles/.
Tearing my head over this.
I have deployed an angular 1 app on a digital ocean droplet using nginx.
I am able to access the website, but my assets are loaded as html files.
Here is my config for nginx
server {
listen 80;
listen [::]:80;
root /home/me/app;
index index.html;
server_name example.com;
location / {
try_files $uri $uri/ /index.html;
}
}
App Structure:
Project
app
index.html
styles
app.css
libs
angular
angular.js
jquery
I have gone through all SO answer I could find with no success.
Here are somethings I have tried.
Using the <base href="/" /> style
I checked the nginx mime-types file and everything looks ok.
Removed all the type attributes on the links and script tags
Many random stuff I found online, nothing works so far.
Update:
After running curl -v <cssfile>
Here is the output
Connected to example.com (12.23.12.33) port 80 (#0)
GET /libs/assets/animate.css/animate.css HTTP/1.1
Host: example.com
User-Agent: curl/7.47.0
Accept: */*
HTTP/1.1 200 OK
Server: nginx/1.10.3 (Ubuntu)
Date: Fri, 08 Sep 2017 08:59:47 GMT
Content-Type: text/html
Content-Length: 3777
Last-Modified: Fri, 08 Sep 2017 07:56:35 GMT
Connection: keep-alive
ETag: "59b24d33-ec1"
Accept-Ranges: bytes
It basically returns the contents of the index.html file
I was able to fix it by inserting the Content-Type in the server block.
location ~ \.css {
add_header Content-Type text/css;
}
location ~ \.js {
add_header Content-Type application/x-javascript;
}
The response comes with 2 Content-Type headers but that works for me right now.
I'm trying to disable caching of HTML templates in my angular app. It seems the easiest way to achieve this is disabling via Apache. I placed this .htaccess file in my web root:
<FilesMatch "\.(html|htm)$">
FileETag None
<IfModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Note "CACHING IS DISABLED ON LOCALHOST"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</IfModule>
</FilesMatch>
and restarted the server:
sudo service apache2 restart
but re-loading my browser with a soft refresh still shows the old, cached files.
Okay ive been attempting this for days without any results and i really hope that some of you can help me.
I have problems with google not indexing my website meaning it cannot see the content of my website.
My website is an angular application.
So i saw this post ng-newletter saying that i could use apache so my configs are as follow:
$ a2enmod proxy
$ a2enmod proxy_http
Which enables proxy
Then i have edited my virtualhost with the following:
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
ServerAdmin webmaster#localhost
ServerName www.mydomain.dk
ServerAlias mydomain.dk
DocumentRoot /var/www/mydomain/
RewriteEngine On
Options +FollowSymLinks
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^_escaped_fragment_=/?(.*)$
RewriteRule ^(.*)$ /snapshots/%1? [NC,L]
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
<Directory /var/www/mydomain/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Now when i attempt to run the google-bot-simulator i get some odd response:
No matter which url i go to it tells me that it has redirected back to index
and i am now unable to go to www.mydomain/subsite without getting a 404
So what am i doing wrong?
Answer from google
HTTP/1.1 301 Moved Permanently
Date: Thu, 17 Sep 2015 13:13:27 GMT
Server: Apache/2.4.7 (Ubuntu)
Location: http://mydomain.dk/products
Content-Length: 315
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved here.</p>
<hr>
<address>Apache/2.4.7 (Ubuntu) Server at www.mydomain.dk Port 80</address>
</body></html>
I am debugging js code on localhost and I need to prevent the caching of files by the browser. I can't use a timestamp appended to the url because it erases chrome debugger breakpoints.
Usually I don't have to refresh the cache, but everyone in a while I do. It is a large problem because I go searching elsewhere for the bugs. I added this code to apache some time ago:
<IfModule mod_headers.c>
Header add Expires "Sun, 19 Nov 1978 05:00:00 GMT"
Header add Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
</IfModule>
Can someone explain why Apache would mistake a file for valid or provide some additions to the configuration code that could fix this once and for all?
Headers using the solution below:
<IfModule mod_expires.c>
expiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType text/javascript "access plus 1 seconds"
ExpiresByType application/x-javascript "access plus 1 seconds"
</IfModule>
http://localhost/static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png
GET /static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/static/images/
Cache-Control: max-age=0
HTTP/1.1 200 OK
Date: Sun, 23 Dec 2012 19:33:20 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Thu, 28 Jun 2012 17:32:51 GMT
Etag: "b3c27-f1f-4c38bb88d96c0"
Accept-Ranges: bytes
Content-Length: 3871
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: image/png
HTTP/1.1 200 OK
Date: Sun, 23 Dec 2012 19:33:54 GMT
Server: Apache/2.2.22 (Ubuntu)
Last-Modified: Thu, 28 Jun 2012 17:32:51 GMT
Etag: "b3c27-f1f-4c38bb88d96c0"
Accept-Ranges: bytes
Content-Length: 3871
Cache-Control: max-age=1
Expires: Sun, 23 Dec 2012 19:33:55 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: image/png
The second request:
http://localhost/static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png
GET /static/images/%d0%9a%d0%be%d0%bf%d0%b8%d1%8f%20logo_inner.png HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/static/images/
If-Modified-Since: Thu, 28 Jun 2012 17:32:51 GMT
If-None-Match: "b3c27-f1f-4c38bb88d96c0"
Cache-Control: max-age=0
HTTP/1.1 304 Not Modified
Date: Sun, 23 Dec 2012 19:34:58 GMT
Server: Apache/2.2.22 (Ubuntu)
Connection: Keep-Alive
Keep-Alive: timeout=15, max=99
Etag: "b3c27-f1f-4c38bb88d96c0"
Expires: Sun, 23 Dec 2012 19:34:59 GMT
Cache-Control: max-age=1
When delivering static files, Apache sends an ETag header, which is something like a checksum of the file. The browser will cache the file and remember the ETag, which is sent with the next request.
If the file changes the browser ETag should differ and the webserver should resend, when the etag is equal, the webserver will respond with 304 Not Modified. The ETag mechanism has a higher priority than other cache headers.
To disable etags you can use apaches
FileETag None
http://httpd.apache.org/docs/current/en/mod/core.html#fileetag
Wikipedia has a nice article about the Etag header
http://en.wikipedia.org/wiki/HTTP_ETag
Edit
This should be a waterproof configuration
FileETag None
<ifModule mod_headers.c>
Header unset ETag
Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT"
</ifModule>
Don't forget that configuration changes require a server restart to take effect.
sudo /etc/init.d/httpd restart
EDIT2
Wrap filesMatch around the configuration to disable caching for specific file extensions only
<filesMatch ".(php|js|css)$">
FileETag None
[..]
</filesMatch>
If i understand your requirement correctly you want the web browser to not remember anything about the webpage you are accessing and your apache web server should treat it like a fresh page request. You may first want to enable mod_expires and mod_headers , i use ubuntu so mine was
a2enmod headers && a2enmod expires && service apache2 restart
than you want to add below code to do minimum cache-control,
<IfModule mod_expires.c>
expiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType text/javascript "access plus 1 seconds"
ExpiresByType application/x-javascript "access plus 1 seconds"
</IfModule>
If you are using firefox you can test this by installing/running Live Http header Plugin or if you are linux/unix you can run this request with curl -v your_url