Announcement

Collapse
No announcement yet.

Cache / Headers > Prevention?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #16
    Originally posted by cosmos

    Not on the proxy, but on the web server itself.
    No no access to the server files. Its an international site, and we only maintain a domain on that server.
    There are only 10 types of people in the world: Those who understand binary, and those who don't

    Comment


    • #17
      Originally posted by WizyWyg
      No no access to the server files. Its an international site, and we only maintain a domain on that server.
      Probably a virtual web server then. Its address (if you don't mind)?

      Comment


      • #18
        Nope not a virtual web server.
        sorry can't give the address, but I've used that link given earlier by tubedogg to examine the headers and it gave me the "info":

        HTTP/1.1 200 OK
        Date: Tue, 27 Nov 2001 19:09:06 GMT
        Server: Apache/1.3.22 (Unix) PHP/4.0.6
        Last-Modified: Wed, 24 Oct 2001 23:56:17 GMT
        ETag: "962793-909-3bd75521"
        Accept-Ranges: bytes
        Content-Length: 2313
        Connection: close
        Content-Type: text/html
        X-Pad: avoid browser bug

        but it doesn't help me since I can't go in an fix anything.
        There are only 10 types of people in the world: Those who understand binary, and those who don't

        Comment


        • #19
          I see... Too bad you don't have control over the server's configuration.

          EDIT: I had another Apache module in mind when I first posted this. Apologies. Contents of .htaccess files below have been corrected.

          The idea here is that you make a request to the web server administrator to include module mod_headers in the Apache configuration.

          Then suppose that you have a directory of images (example: the small images of vbulletin's forum which are under path /forum/images) that are very rarely changing. You could upload an .htaccess file on the server, in the directory that represents /forum/images that would contain the following line:
          Code:
          Header add Expires "Mon, 31 Dec 2001 23:59:59 GMT"
          With this line, all images downloaded by a cache/browser would be both cached and considered "fresh" till the end of this year. On January 1st, you could update the previous file content into:
          Code:
          Header add Expires "Tue, 31 Dec 2002 23:59:59 GMT"
          Once an image from that dir is cached, it will not be re-downloaded by the same browser and/or proxy till the expiration date! For vBulletin sites one can achieve an impressive gain in available bandwidth, while users enjoy an extremely fast (see immediate) image download speed!

          The other way around: suppose you have a web dir on which content should absolutely never be cached. If the web server includes the mod_headers module you can upload an .htaccess file into the same directory that holds the following lines:
          Code:
          Header add Expires "Thu, 01 Jan 1970 00:00:00 GMT" 
          Header add Cache-Control "no-store"
          Header add Pragma "no-cache"
          Last edited by cosmos; Wed 28th Nov '01, 5:44am.

          Comment


          • #20
            Originally posted by cosmos

            Not on the proxy, but on the web server itself.

            @Tora-tora: Are you talking about the cookies/security issue discussed in the other thread or about improving bandwidth use for your site here?
            truthfully, bandwidth is not a issue with us. Our site has unlimited at this point, and moves rite along with little or no troubles.

            I have no troubles as well with the log in log out problems that the other guys are, now that i turned on the cashe, however, my suggestion of setting the cookie timeouts might help in this situation with the other thread, due in part, if they are on the site and havent done any actions on your board, a person would think, they would be automatically timed out.
            I tried this the other night, and kept my activity to the lowpoint of basically not posting, with the cookie timeout set a litte lower, and if i went to post something, it would kick me to the log in screen, where i would have to log in before i could post. I also tried the refresh trick, and that didnt work persay unless i was already logged in, however, one thing that I did notice, is when i came into the board one time, I did not show up on the 'whos online', however i can still see the board. Once i hit refresh, or tried to post, i was there...but, i am thinking this is more of a browser problem, rather than the site, because prior to that, everything was working just fine.

            In short, I think if a person sets the cookie time out lower, and has a better cookie path, or just leaves it at "/" things should be fine. I think what also has not been adressed, is the simple fact of whether or not these guys have more than one site tied into thier vb board, or a hack such as "show threads" on home page, or something to that effect, to which the sessionhash variable is either not being used, or is being used, but not actually to the point where it is allowing the timeout to do its job. (off site projects, or off site links with session hashs involved) which would basically store the cookie off site, so when a person did log out, it wouldnt necessarily destroy the cookie, because there is another one stored from another part of the site...

            I know..i'm probably confusing the hell out of you, on what it is exactly i am trying to say, but hopefully you can understand a little bit of what im trying to convey....lol..

            Comment


            • #21
              ToraTora!, I would be inclined to agree with most of what you said about hacked boards etc, if it weren't for the fact that it indeed happening on this board. Are you saying Jelsoft has mis-configured their own board?
              Toddler from Hell

              Comment


              • #22
                Originally posted by ToraTora!
                truthfully, bandwidth is not a issue with us. Our site has unlimited at this point, and moves rite along with little or no troubles.
                That is a common misconception. You see, term "bandwidth" has a quite different meaning from a server operator's view than from a user's one. A server host can guarantee a specific "guaranteed" bandwidth up to a distance, in that cloud called Internet. What about the rest of the network? Can users on congested links see that a server indeed is that responsive? It should be obvious that it doesn't matter whether you can serve Gbytes of information to a client on the same subnet with the server. The problem here is to maximize the average transfer rate of information to client systems out there. These are different issues.

                That was one motivation for the inclusion of extensive caching mechanisms in HTTP 1.1. In these days of Code Red and Nimda attacks, where a large percentage of HTTP packets flying around consume Internet resources, taking into account caching does have its advantages.

                Comment


                • #23
                  Originally posted by Fusion
                  ToraTora!, I would be inclined to agree with most of what you said about hacked boards etc, if it weren't for the fact that it indeed happening on this board. Are you saying Jelsoft has mis-configured their own board?
                  lol no....i havent had these problems on this board, nor mine.

                  I was reading some interesting stuff on session controls, and some of it made sense to this discussion, so i thought i would share a little bit of it, as well as some of the other stuff i just now found out.

                  session.auto_start 0 (0=disabled) (Automatically starts sessions..)

                  session.cache_expire 180 (Live page cashe in minutes)

                  session.cookie_domain (The same thing i think that is "/" in the admin control panel...cookie path...)

                  session.cookie_lifetime 0 (How long the cookie will last on the users machine. 0 will automatically kill it, when the browser is closed...)

                  than, of course you have the setcookie ("cookiemonster","value");

                  than when you revisit, you have the:

                  $HTTP_COOKIE_VARS["cookiemonster"]

                  or, sending the cookie in a HTTP header...like cosmos pointed out...

                  Set-Cookie: NAME=VALUE; [expires=DATE;] [path=PATH [domain=DOMAIN_NAME;] [secure]


                  so, just with that above, one would think, that a person could have a expiration date, or a cookie killer when they left the site, or logged out...which would, or could possibly reduce this problem by changing the settings, because i am almost sure a good percentage of VB's session calls, are very similar to these..

                  And the unlimited bandwidth is a misconception by myself true, but i do like the sound of it at any rate.

                  Comment


                  • #24
                    Originally posted by cosmos

                    Code:
                    Cache-Control: no-store 
                    Pragma: no-cache 
                    Expires: Thu, 01 Jan 1970 00:00:00 GMT
                    couldnt a guy add those lines, rite into your header template, replacing the usual header code?

                    Comment


                    • #25
                      Originally posted by ToraTora!
                      couldnt a guy add those lines, rite into your header template, replacing the usual header code?
                      I suggested exactly that to John on Fusion's problem: to modify the experimental code sent to Fusion to emit this, in the HTTP responses.

                      Comment


                      • #26
                        Originally posted by cosmos

                        I suggested exactly that to John on Fusion's problem: to modify the experimental code sent to Fusion to emit this, in the HTTP responses.
                        John didn't send me any code, cosmos. He implemented it right here, and I'm still waiting for his next move. Btw, see my last note in robinchee's thread. Something's jiffy.
                        Toddler from Hell

                        Comment


                        • #27
                          Originally posted by Fusion
                          [B]John didn't send me any code, cosmos. He implemented it right here, and I'm still waiting for his next move.
                          If John implements my suggestion, would you be so kind and let me know what happens?

                          Btw, see my last note in robinchee's thread. Something's jiffy.
                          I am subscribed to all three threads, so don't worry!

                          Comment

                          Loading...
                          Working...
                          X