Sunday, January 12, 2020

mod cache - Apache caching based on cookie

I'm trying to put mod_cache in front of my application server to cache "public" requests but not requests from logged-in users. For various reasons using alternate subdomains or paths isn't a viable option for me. I have the basics set up as:



# Expiry and cache-control
SetEnvIf Cookie "NOCACHE" no-cache
Header set Cache-Control "no-cache" env=no-cache
RequestHeader set X-FW-NoCache "on" env=no-cache
ExpiresActive On
ExpiresDefault "access plus 1 days"
#ExpiresByType text/html "now"
CacheEnable disk /

CacheRoot /var/cache/apache
CacheIgnoreHeaders Set-Cookie
#CacheIgnoreCacheControl on
#CacheIgnoreNoLastMod on
RewriteEngine On

# Search Engine Safe URL rewrite
# Redirect Coldfusion requests to index.cfm
# matches /file.mp4 but not /file:name.mp4 (ie; is a real file)
RewriteCond %{REQUEST_FILENAME} !/[^/:]+\.[^/:]{2,5}$

RewriteRule (.*) /index.cfm$1 [PT,L]


So if Apache sees the NOCACHE cookie it will always pass the request to the application server, even if it has it in cache. It mostly works but there's one issue that's causing me some grief.



If you visit the page without the cookie you will get a cached version with a future expiry date. If you then set the cookie and go back to that page the request is not sent because the browser has its own cached copy with a future expiry date.



How do I modify this so the browser always makes a request and the cache sends a 304 or cached copy WITHOUT asking the application server to reprocess it? In other words how do I tell the mem_cache to cache the file but not the client and downstream proxies?



I tried using ExpiresByType text/html "now" but then the cache wont cache it at all - even when CacheIgnoreCacheControl is on.




I also played around with CacheIgnoreNoLastMod but didn't have any luck finding a solution.

No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...