Re: Apache-ssl and caching
I had almost forgotten about this one... On Mon, 2002-03-18 at 20:02, Benjamin Scott wrote: On Fri, 8 Mar 2002, at 10:50pm, Kenneth E. Lussier wrote: When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I am assuming the second sentence was intended to read the pages are NOT cached. Yes, I did mean that they are *NOT* cached. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). Given the fact that these dynamically generated objects are cached when using HTTP, it is not the dynamic nature of the objects which is throwing things off. I doubt Apache's mod_ssl is over-riding the regular headers (although I suppose it is possible). I'm not using mod_ssl, I'm using Apache-SSL. There's a difference. However, I seem to have found several things that point to a completely different problem. I tried using cache headers directly from the server config, but that didn't seem to work. But, I can honestly say that this can be written off as a Microsoft issue. What was happening was that IE was taking the dynamic content, and rather than passing the content off to Excel, it was passing the URL to Excel so that Excel could open it directly. The other browsers were passing the content itself to Excel. The problem turns out to be that Excel doesn't support importing of HTTPS data I should have known ;-) That leaves only one thing: The user agent (i.e., the browser). I suspect the browsers are deliberately not caching objects transfered using SSL, as a security measure. It's both the user agent and the application that it is trying to hand it off to. I think that this is a good argument against heavily integrated applications all hooked into the OS. They just don't Do The Right Thing(TM). C-Ya, Kenny -- In conclusion, please be wary where authority reigns -- Warrior Soul Kenneth E. Lussier Sr. Systems Administrator Zuken, USA PGP KeyID CB254DD0 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xCB254DD0 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache-ssl and caching
On Fri, 8 Mar 2002, at 10:50pm, Kenneth E. Lussier wrote: When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I am assuming the second sentence was intended to read the pages are NOT cached. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). Given the fact that these dynamically generated objects are cached when using HTTP, it is not the dynamic nature of the objects which is throwing things off. I doubt Apache's mod_ssl is over-riding the regular headers (although I suppose it is possible). That leaves only one thing: The user agent (i.e., the browser). I suspect the browsers are deliberately not caching objects transfered using SSL, as a security measure. Sorry. -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Apache-ssl and caching
All, Does anyone know how to configure Apache-SSL so that browsers can cache SSL encrypted documents? I thought that it was as easy as using the CachNegotiatedDocs setting, but I was apparently wrong. I know it defeats the purpose, but that's a different story TIA, Kenny -- --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache-ssl and caching
On Fri, 8 Mar 2002, at 7:56pm, Kenneth E. Lussier wrote: Does anyone know how to configure Apache-SSL so that browsers can cache SSL encrypted documents? I'm not sure I understand your question. Are you serving objects, and the browser is not caching them, and you think that is Apache's doing? Or are you using Apache as a caching proxy, and you want *it* to cache SSL objects? The latter is not possible; the SSL encrypted stream is passed through to the next system directly. The former depends on two things: The headers the web server sends to the client, and what the client does on its own. I suspect many browsers are configured internally to not cache encrypted objects. I know MSIE has an option for this, for example. Not sure about Mozilla. As far as the headers go, if your content is dynamically generated (as it often is for SSL), then it depends on what the generator (CGI script, for example) sends for headers. If the generator does not set things explicitly, then Apache will tell the client not to cache anything, since it was dynamically generated. If you are serving a static (plain old disk file) object, ummm... I'm not sure. Since the docs do not say or provide an option, either Apache's default behavior should be in place (allow caching), or the SSL module is explicitly using cache control headers to prohibit caching. Either way, I suspect a journey to the source code will be required. I thought that it was as easy as using the CachNegotiatedDocs setting, but I was apparently wrong. I assume you tried CacheNegotatedDocs as well? ;-) -- Ben Scott [EMAIL PROTECTED] | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
Re: Apache-ssl and caching
Benjamin Scott wrote: On Fri, 8 Mar 2002, at 7:56pm, Kenneth E. Lussier wrote: Does anyone know how to configure Apache-SSL so that browsers can cache SSL encrypted documents? I'm not sure I understand your question. Are you serving objects, and the browser is not caching them, and you think that is Apache's doing? Or are you using Apache as a caching proxy, and you want *it* to cache SSL objects? I have Apache-SSL serving pseudo-dynamic content via a PHP (yes, that horrid, insecure, evil language) script pulling data from MySQL. When I pull up the pages in a browser via http, the pages are cached, and I can do things such as export them to spreadsheets, etc. However, if I pull the pages via https, the pages are cached, and therefore, I can't export them. I'm hoping that it is an Apache thing, since that may be readily fixable. The latter is not possible; the SSL encrypted stream is passed through to the next system directly. The former depends on two things: The headers the web server sends to the client, and what the client does on its own. I suspect many browsers are configured internally to not cache encrypted objects. I know MSIE has an option for this, for example. Not sure about Mozilla. It doesn't matter what settings I try in the client. None of them cache https docs (ie, mozilla, NS, and Opera). As far as the headers go, if your content is dynamically generated (as it often is for SSL), then it depends on what the generator (CGI script, for example) sends for headers. If the generator does not set things explicitly, then Apache will tell the client not to cache anything, since it was dynamically generated. H This could be the problem. I may need to force the issue with some good old fashioned HTML. If you are serving a static (plain old disk file) object, ummm... I'm not sure. Since the docs do not say or provide an option, either Apache's default behavior should be in place (allow caching), or the SSL module is explicitly using cache control headers to prohibit caching. Either way, I suspect a journey to the source code will be required. I hate going there ;-) I thought that it was as easy as using the CachNegotiatedDocs setting, but I was apparently wrong. I assume you tried CacheNegotatedDocs as well? ;-) heh.. Yeah, that too ;-) C-Ya, Kenny --- Kenneth E. Lussier Geek by nature, Linux by choice PGP KeyID C0D2BA57 Public key http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xC0D2BA57 * To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the text 'unsubscribe gnhlug' in the message body. *
