Sunday, April 23, 2017

Removing Xforward-ssl from Vary Header on Apache Webserver


If you insert any header for redirect  on your apache webserver then it will appear vary header.

RewriteCond %{HTTP:X-Forwarded-SSL} ^on$ [NC]
 RewriteRule ^/url.* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
eg .

  1. Content-Type:
    application/pdf
  2. Date:
    Sat, 22 Apr 2017 19:11:35 GMT
  3. Expires:
    Sun, 23 Apr 2017 19:11:35 GMT
  4. Keep-Alive:
    timeout=10, max=499
  5. Last-Modified:
    Thu, 19 Jan 2017 01:18:14 GMT
  6. Server:
    Apache
  7. Strict-Transport-Security:
    max-age=31536000; includeSubDomains
  8. Vary:
    X-Forwarded-SSL



This is ok if you don't have CDN ,since CDN don't like this header on vary, and you will have cache miss.

To over come this issue you need to make some changes on your Apache rewrite.

RewriteCond %{HTTP:X-Forwarded-SSL} ^on$ [NC,NV]
 RewriteRule ^/url.* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 NV is for no vary.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

curl and cacert

curl -v --cacert cacert.pem https://www.example/cgi-bin/f ile.xgi -I -X POST

  • Run Apache on 80 with nonroot user
    Command to Run setcap 'cap_net_bind_service=+ep' /opt/apache/bin/httpd httpd is the custom script i made to run apache.
  • Comparing SSL KEY/CSR/CRT
     Comparing openssl key/csr/crt is useful to make sure signature between key/csr/crt are same openssl x509 -noout -modulus -in certificat...
  • Linking Script with Rc.5
    Here i have created a script for starting and stopping tomcat service named it as ts and placed it on /etc/init.d  in order to make this scr...