我正在运行DotNetNuke 7.2.2 Community Edition,它默认返回所有带有
的HTML页面Cache-Control: private
在响应标头中。在DotNetNuke平台上生成静态HTML页面通常需要200-300毫秒才能在我们的服务器上运行,但是当与基于Apache HTTP Daemon v2.2缓存页面的缓存代理混合使用时,页面只需要20-30毫秒在Apache的缓存中。
使用
可以忽略标题中的cache-control: private
CacheEnable disk /
CacheRoot /path/to/disk/cache
CacheDirLevels 3
CacheDirLength 5
CacheIgnoreNoLastMod on
CacheStorePrivate on
CacheStoreNoStore on
CacheIgnoreCacheControl on # Needed!
CacheIgnoreQueryString off
CacheDefaultExpire 86400
CacheMaxFileSize 100000
CacheMaxExpire 172800
只要在验证时没有人访问网站,这样就可以正常工作。在进行身份验证时,经过身份验证时返回的页面也会被缓存,并且可以为安全漏洞提供挂钩。
经过身份验证后,网址仍然相同,因此您无法对网址进行过滤以避免发生缓存。
还有其他方法可以说服Apache在登录时不从DotNetNuke缓存页面吗?
答案 0 :(得分:1)
我的第一个想法是根据本文基于cookie的缓存:Apache caching based on cookie。但根据该文章的答案,您需要显式添加一个无缓存标头,该标头可以添加到每个页面上的皮肤标记,以根据Request.Authenticated标志生成标头。
答案 1 :(得分:0)
在@DotNetNuclear的帮助下,我们构建了以下解决方案,并大大提高了性能:
更改DNN服务器上的Default.aspx.cs,首先确保所有未经身份验证的用户的响应标头中都有NoCache。经过身份验证的用户具有以下可缓存性设置:
Response.Cache.SetCacheability(HttpCacheability.NoCache); // You can set host settings to 0. Is the same.
}
else
{
// Unauthenticated users.
// MAKE CONFIGURABLE IN HOST SETTINGS.
Response.Cache.SetCacheability(HttpCacheability.ServerAndPrivate);
//
// Allow proxies to cache for one day.
//
// MAKE CONFIGURABLE IN HOST SETTINGS.
Response.Cache.SetProxyMaxAge(new TimeSpan(24, 0, 0));
//
// Enforce not caching at client.
//
// MAKE CONFIGURABLE IN HOST SETTINGS.
Response.Cache.SetMaxAge(new TimeSpan(0, 0, 30));
}
记录了一个请求,允许最终用户配置这些更改。现在,您可以使用Apache中的以下设置来区分经过身份验证的(NoCache)和未经身份验证的/公共请求(ServerAndPrivate):
CacheEnable disk /
CacheRoot /var/cache/mod_cache
CacheDirLevels 2
CacheDirLength 4
# Do not overrule the default settings whether to cache.
# Can not be off, sorry.
CacheIgnoreNoLastMod on
#
# Use ServerAndPrivate since otherwise the Set-Cookie makes the cache
# being unused.
#
CacheStorePrivate on
CacheStoreNoStore on
#
# Ensure you set authenticatedcacheability on server to NoCache.
#
# Set to this off to allow logins.
CacheIgnoreCacheControl off
#
CacheIgnoreQueryString off
#
# Avoid cookies being put in cache.
# Use removal of the Server header as a sign that something is coming from cache.
# It requires Apache 2.4 to indicate that more nicely.
#
CacheIgnoreHeaders Set-Cookie Server
#
# Cache by default when not specified otherwise in last-modified or expiry date.
# In seconds.
CacheDefaultExpire 86400
CacheMaxFileSize 100000
#
# Always check every two days.
#
CacheMaxExpire 172800
# Disable caching on locations which we know to contain static content already
# cached by IIS.
CacheDisable ...some locations...
#
# Rewrite DNN caching.
#
#
# Set public instead of no-cache cahing on these specific files. IIS wants to
# use with max-age but without public. Probably since a cookie is involved, but that
# cookie is cleaned away in the cache.
#
SetEnvIfNoCase Request_URI "DependencyHandler\.axd$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "sb-client\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "main\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "inpage_linkid\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.gif$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.png$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.jpg$" rewrite_to_public_cache
Header edit Cache-Control no-cache public env=rewrite_to_public_cache