mod_disk_cache and caching same content for all users

--=_2igi0131fmo0
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Hi,

apache 2.2.8

Maybe I'm not understanding the purpose of mod_disk_cache: I'd like
to cache content for ALL users of a website - not just for a single
user and browser. I've noticed that this is not the case with
different browsers.

For example:

Using Firefox (FF) and browsing to abc.com/index.php?a=1
- caches as expected.
- browsing to the same page with FF serves up the cached page as expected.

Using Chrome and browsing to the same page: abc.com/index.php?a=1
- does *not* serve up the previously cached page, instead
mod_disk_cache stores a fresh copy for future caching...




Config:
-------
CacheIgnoreNoLastMod On
CacheIgnoreCacheControl On # for testing
CacheStoreNoStore On
CacheStorePrivate On
CacheIgnoreHeaders Set-Cookie
CacheMaxExpire 86400
CacheLastModifiedFactor 10
CacheDefaultExpire 86400
....



btw, I've also noticed that abc.com/?a=1 is never cached (ie, missing
the default page: index.php). Any way to get that to be cached?

Thanks
Henry


--=_2igi0131fmo0
Content-Type: application/pgp-signature
Content-Description: PGP Digital Signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBKlR15ScDE0kOqdzoRAnLJAJ0W4YWghfFZAInl4QhLpoP0/Z09+gCb BYrN
GR1gSnX4qQ72E64fL1uNiGM=
=MCN5
-----END PGP SIGNATURE-----

--=_2igi0131fmo0--

Re: mod_disk_cache and caching same content for all

On Wed, Aug 26, 2009 at 7:33 AM, Henry wrote:
> Hi,
>
> apache 2.2.8
>
> Maybe I'm not understanding the purpose of mod_disk_cache: =A0I'd like to
> cache content for ALL users of a website - not just for a single user and
> browser. =A0I've noticed that this is not the case with different browser=
s.
>
> For example:
>
> Using Firefox (FF) and browsing to abc.com/index.php?a=3D1
> - caches as expected.
> - browsing to the same page with FF serves up the cached page as expected=
..
>
> Using Chrome and browsing to the same page: =A0abc.com/index.php?a=3D1
> - does *not* serve up the previously cached page, instead mod_disk_cache
> stores a fresh copy for future caching...

Does your response contain a Vary header?

--=20
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_disk_cache and caching same content for all

--=_3e71bvl0p3uo
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Quoting "Eric Covener" :
> Does your response contain a Vary header?

Hi Eric, thanks for the quick response.

Yes, it contains:
Vary: User-Agent


FYI:

Date: Wed, 26 Aug 2009 11:57:35 GMT
Server: Apache
Expires: access plus 1 day
Content-Encoding: gzip
Cache-Control: max-age=86400, public
Vary: User-Agent
Age: 72
Content-Length: 3346
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8



--=_3e71bvl0p3uo
Content-Type: application/pgp-signature
Content-Description: PGP Digital Signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBKlSO+ScDE0kOqdzoRAh6LAJ0VAh1LteC1AoS826IOg09xn+u3+gCe PKd5
A81pBwsKu+ahUuF2yMratBo=
=WsK9
-----END PGP SIGNATURE-----

--=_3e71bvl0p3uo--

Re: mod_disk_cache and caching same content for all

On Wed, Aug 26, 2009 at 7:59 AM, Henry wrote:
> Quoting "Eric Covener" :
>>
>> Does your response contain a Vary header?
>
> Hi Eric, thanks for the quick response.
>
> Yes, it contains:
> Vary: User-Agent


That's why you get a new one cached for a different browser.

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_disk_cache and caching same content for all

--=_1yvve04pise8
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Quoting "Eric Covener" :
>> Yes, it contains:
>> Vary: User-Agent
>
> That's why you get a new one cached for a different browser.

Ouch. OK, I confirmed what you're saying by using different machines
browsing to the same (cached) page all using the same browser (IE).
None of them got served the cached page... except the original
requester.

Is there any way to *force* the cached page being served irrespective
of the client user-agent and/or client IP?

/sidebar: where on earth did you learn about the Vary header
impacting caching?

Thanks
Henry


--=_1yvve04pise8
Content-Type: application/pgp-signature
Content-Description: PGP Digital Signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBKlSk+ScDE0kOqdzoRAmelAJ48smwmH/P+iz/rf6V+kEIzNu9kkwCd EGEq
jd8RhfmjDw+5lXrDsDNDl68=
=f96Y
-----END PGP SIGNATURE-----

--=_1yvve04pise8--

Re: mod_disk_cache and caching same content for allusers

Henry wrote:
> Quoting "Eric Covener" :
>>> Yes, it contains:
>>> Vary: User-Agent
>>
>> That's why you get a new one cached for a different browser.
>
> Ouch. OK, I confirmed what you're saying by using different machines
> browsing to the same (cached) page all using the same browser (IE).
> None of them got served the cached page... except the original requester.
>
> Is there any way to *force* the cached page being served irrespective of
> the client user-agent and/or client IP?
>
> /sidebar: where on earth did you learn about the Vary header impacting
> caching?

Read the HTTP spec! The server has declared that it will serve a
*different* page to a different user agent.

If that's for the web - as opposed to an application that's limited
to your choice of user-agents, then it's certainly wrong.
Either it's bogus (i.e. the server will do no such thing)
or BAD (Broken As Designed). So getting rid of it would be a
very good idea.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_disk_cache and caching same content for all

--=_216robc5dulc
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Quoting "Nick Kew" :
> Read the HTTP spec! The server has declared that it will serve a
> *different* page to a different user agent.
>
> If that's for the web - as opposed to an application that's limited
> to your choice of user-agents, then it's certainly wrong.
> Either it's bogus (i.e. the server will do no such thing)
> or BAD (Broken As Designed). So getting rid of it would be a
> very good idea.

Thanks for that. Not sure what you're saying WRT my question, but can
I infer from what you're saying that you cannot force caching of same
content for all user-agents?

Correct me if I'm wrong, but there doesn't seem to be much point in
mod_disk_cache if it's not caching for all across the board.

Would be nice to be able to this at the server level -- my next option
is to simply perform application-level caching and be done with it.

Thanks
Henry


--=_216robc5dulc
Content-Type: application/pgp-signature
Content-Description: PGP Digital Signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBKlTEcScDE0kOqdzoRAjLZAJ49guDUJ0ZXktEkK5ABpDGFmuRG8QCd HJwF
YQVybe6tUJ4tD4inlqCaHZ0=
=6S/W
-----END PGP SIGNATURE-----

--=_216robc5dulc--

Can you supply username & password for AuthType Basic within a POST/GET?

When requiring a username & password with AuthType Basic, is it possible
to include them in a POST or GET request to the server so that it won't
ask for them (because they were provided)?

If it's possible, what variable names are assigned to them.

Thanks

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_disk_cache and caching same content for allusers

Henry wrote:

> Correct me if I'm wrong, but there doesn't seem to be much point in
> mod_disk_cache if it's not caching for all across the board.

It's cacheing what is cacheable! It can cache contents with a
Vary, but it can't serve from the cache to a different agent.
Get rid of that Vary header, and it'll do what you appear to be asking.

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote:
> When requiring a username & password with AuthType Basic, is it possible
> to include them in a POST or GET request to the server so that it won't
> ask for them (because they were provided)?

You seem to be asking for form-based authentication.
One option for that is mod_auth_form, at
http://httpd.apache.org/docs/2.3/mod/mod_auth_form.html

--
Nick Kew

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthType

On Wed, Aug 26, 2009 at 8:58 AM, Jeff Sherk Forerunner
Ministries wrote:
> When requiring a username & password with AuthType Basic, is it possible to
> include them in a POST or GET request to the server so that it won't ask for
> them (because they were provided)?
>
> If it's possible, what variable names are assigned to them.

No, basic authentication credentials have to come in over the
prescribed HTTP header, not as part of a query string or POST body.

A browser will allow you to encode them into the URL
(http://user:pass@example.com/foo), and will pass them to the
webserver without prompting you.

--
Eric Covener
covener@gmail.com

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

On 26/08/2009 13:58, Jeff Sherk Forerunner Ministries wrote:

> When requiring a username & password with AuthType Basic, is it possible
> to include them in a POST or GET request to the server so that it won't
> ask for them (because they were provided)?

No, it is not possible. You could theoretically write your own
authentication module to do it though.

--
Mike Cardwell - IT Consultant and LAMP developer
Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: mod_disk_cache and caching same content for all

--=_2enrgxct5plw
Content-Type: text/plain;
charset=ISO-8859-1;
DelSp="Yes";
format="flowed"
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

Quoting "Nick Kew" :
> It's cacheing what is cacheable! It can cache contents with a
> Vary, but it can't serve from the cache to a different agent.
> Get rid of that Vary header, and it'll do what you appear to be asking.

That's working perfectly, thanks.

Regards
Henry


--=_2enrgxct5plw
Content-Type: application/pgp-signature
Content-Description: PGP Digital Signature
Content-Disposition: inline
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBKlV2rScDE0kOqdzoRAnuHAJ9Rt6NIHXj4qRusylDVcNXJHB8+NgCf ZuU9
1/DVej2nMpWD5/SPCnjWuNg=
=cWql
-----END PGP SIGNATURE-----

--=_2enrgxct5plw--

Re: mod_disk_cache and caching same content for allusers

Nick Kew wrote:
> Henry wrote:
>
>> Correct me if I'm wrong, but there doesn't seem to be much point in
>> mod_disk_cache if it's not caching for all across the board.
>
> It's cacheing what is cacheable! It can cache contents with a
> Vary, but it can't serve from the cache to a different agent.
> Get rid of that Vary header, and it'll do what you appear to be asking.
>

Hi Henry.

What the eminent gurus Eric and Nick are trying to tell you, in a way
that is certainly evident to them but maybe not to you, is that it is
not Apache that is creating that HTTP response header "Vary".

It is your PHP script/application which does that.

Apache is merely passing it on to the browser, and, on the way there, it
is caught by mod_cache and examined.
When mod_cache sees this header, it is thinking "Hum.. this response is
going to be different depending on the browser, so I'd better remember
that". So it does, and when another browser, with even a slightly
different "User-agent" request header wants the same page, it won't
match what mod_cache has in its cache, and you'll get a new response,
which in turn will be cached with a parameter remembering this last
"User-agent".

So, again as they said, change your PHP application/script so that it
will not add this "Vary" header to the response, and the symptom will
magically disappear.

That's what I'm guessing anyway..


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote:
> When requiring a username & password with AuthType Basic, is it possible
> to include them in a POST or GET request to the server so that it won't
> ask for them (because they were provided)?
>
> If it's possible, what variable names are assigned to them.
>
Jeff,
I believe you have a bit more studying to do in terms of HTTP
authentication scriptures.

I recommend to you the following on-line documents, in that order :
a) http://en.wikipedia.org/wiki/Basic_access_authentication
b) http://httpd.apache.org/docs/2.2/howto/auth.html
c) http://tools.ietf.org/html/rfc1945#section-11.1

The truth is in there. Unfortunately, these documents can be a bit
hermetic to the non-initiated, so here is a short introduction :

On a webserver, you usually define different areas containing documents,
and corresponding URLs to access them.
In Apache, these areas and URLs correspond more or less to configuration
sections such as and .
(You can also use a .htaccess file inside of the directory itself, but
that is frowned upon if you have access to the main webserver
configuration).

If you want to protect access to such a Directory or Location, you can
specify rules, as described in (b) above.

For the "basic" type of authentication, ("AuthType Basic"), the
parameter : "AuthName xxxxxxxxxxxx" is also very important.

You can have different server areas which are covered by the same
"AuthName". This is like in a building, you could have different rooms
marked "Prophets Only", while other rooms are marked "Mere Converts OK".
As soon as one has authenticated for one of the "Prophets Only" areas,
he is allowed to access any other room marked "Prophets Only", without
needing to supply his credentials again.

The way it works, is that a browser "remembers" that it has already
accessed one of the "Prophets Only" areas previously within the same
browser session.
So when he accesses a new area, when the server responds that for this
one, one needs a "Prophets Only" authentication, the browser just looks
in its cache to see if it already has one of those, and if yes, it
re-issues the same request again, without user intervention, but this
time with the appropriate request header providing his "Prophets Only"
authentication credentials.
This all happens automatically, without the user even noticing.

It is only the first time that the browser accesses a "Prophets Only"
area, that it does not find this in its cache, and has to ask the user
to provide a user-id and password.

So, to get back to your original question above :
- you do not need to do anything special to get this behaviour, other
than making sure that the different areas of your server which you want
to be covered by the /same/ credentials, use the /same/ "AuthName" value.
- there are no "variables" assigned to this. It happens via HTTP
headers which the browser automatically adds to the request, when
applicable.(*)

Now I suggest that you re-read document (b) above once more, hoping that
with this short overview it will now be more accessible.


(*) This is not entirely true. It is generally the case, when a request
has been "authenticated" by Apache, that a script running under Apache
can access the authenticated user-id assigned to this request.
To see how however, you will have to consult yet more documentation,
depending on the programming language these scripts are written in.


------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Thanks Andre, Mike, Eric and Nick... I will read up on authentication so
I can better grasp it!!


André Warnier wrote:
> Jeff Sherk Forerunner Ministries wrote:
>> When requiring a username & password with AuthType Basic, is it
>> possible to include them in a POST or GET request to the server so
>> that it won't ask for them (because they were provided)?
>>
>> If it's possible, what variable names are assigned to them.
>>
> Jeff,
> I believe you have a bit more studying to do in terms of HTTP
> authentication scriptures.
>
> I recommend to you the following on-line documents, in that order :
> a) http://en.wikipedia.org/wiki/Basic_access_authentication
> b) http://httpd.apache.org/docs/2.2/howto/auth.html
> c) http://tools.ietf.org/html/rfc1945#section-11.1
>
> The truth is in there. Unfortunately, these documents can be a bit
> hermetic to the non-initiated, so here is a short introduction :
>
> On a webserver, you usually define different areas containing
> documents, and corresponding URLs to access them.
> In Apache, these areas and URLs correspond more or less to
> configuration sections such as and .
> (You can also use a .htaccess file inside of the directory itself, but
> that is frowned upon if you have access to the main webserver
> configuration).
>
> If you want to protect access to such a Directory or Location, you can
> specify rules, as described in (b) above.
>
> For the "basic" type of authentication, ("AuthType Basic"), the
> parameter : "AuthName xxxxxxxxxxxx" is also very important.
>
> You can have different server areas which are covered by the same
> "AuthName". This is like in a building, you could have different
> rooms marked "Prophets Only", while other rooms are marked "Mere
> Converts OK".
> As soon as one has authenticated for one of the "Prophets Only" areas,
> he is allowed to access any other room marked "Prophets Only", without
> needing to supply his credentials again.
>
> The way it works, is that a browser "remembers" that it has already
> accessed one of the "Prophets Only" areas previously within the same
> browser session.
> So when he accesses a new area, when the server responds that for this
> one, one needs a "Prophets Only" authentication, the browser just
> looks in its cache to see if it already has one of those, and if yes,
> it re-issues the same request again, without user intervention, but
> this time with the appropriate request header providing his "Prophets
> Only" authentication credentials.
> This all happens automatically, without the user even noticing.
>
> It is only the first time that the browser accesses a "Prophets Only"
> area, that it does not find this in its cache, and has to ask the user
> to provide a user-id and password.
>
> So, to get back to your original question above :
> - you do not need to do anything special to get this behaviour, other
> than making sure that the different areas of your server which you
> want to be covered by the /same/ credentials, use the /same/
> "AuthName" value.
> - there are no "variables" assigned to this. It happens via HTTP
> headers which the browser automatically adds to the request, when
> applicable.(*)
>
> Now I suggest that you re-read document (b) above once more, hoping
> that with this short overview it will now be more accessible.
>
>
> (*) This is not entirely true. It is generally the case, when a
> request has been "authenticated" by Apache, that a script running
> under Apache can access the authenticated user-id assigned to this
> request.
> To see how however, you will have to consult yet more documentation,
> depending on the programming language these scripts are written in.
>
>
> ------------------------------------------------------------ ---------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Per Erics earlier response, if I encode the username and password in the URL with https instead of
http, is it secure?

Like this https://username:password@mydomain.com/foo




------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Jeff Sherk Forerunner Ministries wrote:
> Per Erics earlier response, if I encode the username and password in the
> URL with https instead of
> http, is it secure?
>
> Like this https://username:password@mydomain.com/foo

Provided you are using https: SSL or TLS Upgrade you are assured it is
secure because nothing has been transmitted before handshaking is complete.

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: Can you supply username & password for AuthTypeBasic within a POST/GET?

Thanks William... yes we are using SSL... just wanted to make sure it
was secure as well!
Thanks

------------------------------------------------------------ ---------
The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org