How do I cache control? - cache-control

How do I get my website to save images to clients computer and use them, not redownload them every page reload?
I tried to send header("Cache-Control: max-age=3600"); but that had no effect.

You'll need to sand caching headers for the image files, not for your HTML document. You can use the header function only if the files are actually served by a PHP script - not if they are static files handled by the web server. If they are static files, check the documentation for your web server of choice.
Also consider sending en Expires header, and disable ETags.

Related

IIS App recycling vs manual browser cache delete

We have an .NET app. After deployment, we noticed that a number of users had to clear their cache in order for the page to work properly.
I was wondering if an IIS app recycling would do the same thing so the users do not need to clear their local cache.
The server provides caching hints to the client in the response to each resource--many websites have different responses depending on the resource type (static files like .js libraries, css and images, versus dynamic results from .asp pages or API calls). You can use Postman or Fiddler or the developer tools in your browser to view the response headers...and then you can control expiration either in the web.config, the global.asax or your individual code file.
For more information see:
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/staticcontent/clientcache
https://thedeveloperblog.com/expiration#:~:text=Expiration%20is%20key%20to%20caching%20in%20ASP.NET.%20We,performance%2C%20resulting%20in%20pages%20being%20expired%20much%20sooner.

Preventing file fownload (any file even css and js) in IIS8

Is there any way to set up IIS in a way that no file can be downloaded? (without xml configuration and using the IIS UI only).
I know I can remove all mime-types but that is inconvenient, I'm looking for a better option.
You cannot stop of css or js as the server cannot differentiate between a normal
request and a download request when it comes to css or js.
Say you have a CSS or js included in your webpage any html page .This css file will need to be downloaded by the browser.So at server side(IIS) you cannot differentiate a normal download request or browser request. You can deny the download request if the referrer is not matching.For example if someone take sthe URL and directly copying and pasting it in another browser,the referrer header will not be present.Similarly if someone else hotlink to your resources(css,js files),you can stop that too.
By deny download based on Referrer using URLRewrite

How to prevent users from browsing certain files of my website

I have recently launched a website on GoDaddy hosting. I have keept some images and JavaScript files used in website, in separate folders. I want to prevent the users from browsing those images and files by simply appending the folder and file name in the website URL. For example
www.example.com/images/logo.png
If I understand correctly, you want to have html file with images, that shouldn't be accessible alone? If yes, then it cannot be done. You can watch for correct HTTP Referrer header, but it can be simply faked and it also makes it inaccessible for browsers that don't send referrer or having sending it forbidden for "privacy" reasons.
If you want hide files to be accessible only by server side scripts, ftp/scp, then you can try to use .htaccess (if GoDaddy runs on Apache) and correct configuration: https://httpd.apache.org/docs/2.2/howto/access.html
Another way could be hiding that files and creating one-shot token like this:
<img src=<?pseudocode GEN_TOKEN("file.jpg") ?> /> with another file serving these hidden files just for generated token, then deleting it from DB. Nevertheless, this will not protect anybody from downloading or accessing these files, if they want...
But, anyway, try to clarify your question better...
If you are keeping images/files in folder which is open to public, I guess you kept in that folder for purpose, you want public to access those images and files.
How public know images file name? Stop file content listing for your web site.
I am not aware which language you are using on web server, but in ASP.NET you may write module/ middle ware which can intercept in coming request and based on your logic (e.g. authentication and authorization) you can restrict access. All modern languages support this kind of functionality.

Prevent web brower cache file from being downloaded

My website has some of its files temporarly saved in the web browser cache.
Concerning CSS and images files, no problem but for some files it's a real security issue.
Is there a way to prevent some files from :
- being downloaded from the cache ?
- being visible in the cache ?
or crypt them maybe
Thanks.
David
Well you can configure your webserver so it sends certain http headers for certain file types such as javascript. For example for Apache web server we can use mod_expires module.
Another option is to add a random string to the end of each file that should not be cached by the web browser. for example the file script_name.js can be server as script_name.js?somerandomstring

Http cache for symfony

I want to follow Google's directive in terms of cache headers for images, scripts and styles.
After reading symfony's documentation about http cache, I decided to install FOSHttpCacheBundle. The I set up rules for path like ^/Resources/ or ^/css/. I then fail to see it the proper headers for my images using Chrome's console.
Alternatively, I have read that, since my server is handling the resource, this is not Symfony that deals with this matter (yet I read in the doc that Symfony Proxy was good for shared-hosting servers, which is what I have).
So should I just add lines to my .htaccess as explained in here, or am I simply misusing FOSHttpCacheBundle? (Or both.)
Static files (including javascript files, CSS stylesheets, images, fonts...) are served directly by the web server. As the PHP module is not even loaded for such files, you must configure the server to set proper HTTP headers. You can do it using a .htaccess file if you use Apache but doing it directly in httpd.conf/apache2.conf/vhost conf (depending of your configuration) will be better from a performance point of view.
If you also want want to set HTTP cache headers for dynamic content (HTML generated by Symfony...), then you must use FosHttpCache or any other method provided by Symfonny such as the #Cache annotation.

Resources