FAQ
Hi
I have set up Apache HTTP Server 2.2.3 with mod_proxy, mod_proxy_ajp and
mod_cache as a reverse proxy in front of a Tomcat 5.5 server. The
solution works fine except that I am having trouble getting Apache to
cache content from a directory that is protected using Basic
Authentication.

Both servers are running on Windows XP.
From the Apache documentation I have read that Apache won't cache
Authenticated content:

"If the request contains an "Authorization:" header, the response will
not be cached."

Is there any way to force Apache HTTP Server to cache responses from
Tomcat protected with Basic Authentication?

I have tried using the Cache-Control header with the "public" option
with no luck.

My settings from httpd.conf:
============================

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

<Location /MyFolder>
ProxyPass ajp://appsrv:8009/MyApp
ProxyPassReverse ajp://appsrv:8009/MyApp
</Location>

LoadModule cache_module modules/mod_cache.so

<IfModule mod_cache.c>
LoadModule disk_cache_module modules/mod_disk_cache.so

<IfModule mod_disk_cache.c>
CacheRoot c:/cacheroot/
CacheEnable disk /MyFolder/data/
CacheEnable disk /MyFolder/images/
CacheEnable disk /MyFolder/js/
CacheEnable disk /MyFolder/css/
CacheEnable disk /MyFolder/secure/
CacheDirLevels 5
CacheDirLength 3
</IfModule>
</IfModule>



Regards

Roland Rabben
Scala Inc.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Search Discussions

  • Joshua Slive at Dec 20, 2006 at 2:58 pm

    On 12/20/06, Roland Rabben wrote:
    Hi
    I have set up Apache HTTP Server 2.2.3 with mod_proxy, mod_proxy_ajp and
    mod_cache as a reverse proxy in front of a Tomcat 5.5 server. The
    solution works fine except that I am having trouble getting Apache to
    cache content from a directory that is protected using Basic
    Authentication.

    Both servers are running on Windows XP.

    From the Apache documentation I have read that Apache won't cache
    Authenticated content:

    "If the request contains an "Authorization:" header, the response will
    not be cached."

    Is there any way to force Apache HTTP Server to cache responses from
    Tomcat protected with Basic Authentication?
    I believe you'd need to change the source code, although the required
    change would likely be very minor.

    But my question is: exactly why do you want to do this? Do you
    realize that by caching authenticated content, you essentially remove
    the authentication?

    Joshua.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Roland Rabben at Dec 20, 2006 at 5:15 pm

    -----Original Message-----
    From: jslive@gmail.com On Behalf Of Joshua Slive
    Sent: 20. desember 2006 15:58
    To: users@httpd.apache.org
    Subject: Re: [users@httpd] Caching Authenticated content with
    mod_cache
    On 12/20/06, Roland Rabben wrote:
    Hi
    I have set up Apache HTTP Server 2.2.3 with mod_proxy, mod_proxy_ajp
    and
    mod_cache as a reverse proxy in front of a Tomcat 5.5 server. The
    solution works fine except that I am having trouble getting Apache
    to
    cache content from a directory that is protected using Basic
    Authentication.

    Both servers are running on Windows XP.

    From the Apache documentation I have read that Apache won't cache
    Authenticated content:

    "If the request contains an "Authorization:" header, the response
    will
    not be cached."

    Is there any way to force Apache HTTP Server to cache responses from
    Tomcat protected with Basic Authentication?
    I believe you'd need to change the source code, although the required
    change would likely be very minor.

    But my question is: exactly why do you want to do this? Do you
    realize that by caching authenticated content, you essentially remove
    the authentication?
    My goal was to use the "Cache-Control: public, no-cache" header. From
    what I understand that should make a cache-server cache the response,
    but still require authentication from the origin server before the cache
    releases its local representation to the next user/request.

    Roland

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org
  • Joshua Slive at Dec 20, 2006 at 5:30 pm

    On 12/20/06, Roland Rabben wrote:

    My goal was to use the "Cache-Control: public, no-cache" header. From
    what I understand that should make a cache-server cache the response,
    but still require authentication from the origin server before the cache
    releases its local representation to the next user/request.
    Is the origin server capable of generating 304 responses without using
    resources? Otherwise, this is pointless.

    An in any case, as you've noticed, it isn't supported at the moment.
    Just taking out the Authorization check may make it work, but I'm not
    sure.

    Joshua.

    ---------------------------------------------------------------------
    The official User-To-User support forum of the Apache HTTP Server Project.
    See <URL:http://httpd.apache.org/userslist.html> for more info.
    To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
    " from the digest: users-digest-unsubscribe@httpd.apache.org
    For additional commands, e-mail: users-help@httpd.apache.org

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupusers @
categoriesapache
postedDec 20, '06 at 2:06p
activeDec 20, '06 at 5:30p
posts4
users2
websitehttpd.apache.org
irc#httpd

2 users in discussion

Roland Rabben: 2 posts Joshua Slive: 2 posts

People

Translate

site design / logo © 2022 Grokbase