0

我正在运行 DotNetNuke 7.2.2 社区版,默认情况下返回所有 HTML 页面

Cache-Control: private

在响应头中。在 DotNetNuke 平台上生成静态 HTML 页面在我们的服务器上通常需要 200-300 毫秒,但是当与基于 Apache HTTP Daemon v2.2 缓存页面的缓存代理混合时,页面生成只需要 20-30 毫秒在 Apache 的缓存中。

cache-control: private可以使用忽略标题中的

CacheEnable disk /
CacheRoot /path/to/disk/cache
CacheDirLevels 3
CacheDirLength 5
CacheIgnoreNoLastMod on
CacheStorePrivate on
CacheStoreNoStore on
CacheIgnoreCacheControl on # Needed!
CacheIgnoreQueryString off
CacheDefaultExpire 86400
CacheMaxFileSize 100000
CacheMaxExpire 172800

只要在经过身份验证后没有人访问该网站,此方法就可以正常工作。在通过身份验证工作时,在您通过身份验证时返回的页面也会被缓存,并且可以为安全漏洞提供挂钩。

经过身份验证后,URL-s 仍然相同,因此您不能对 URL 进行过滤以避免发生缓存。

有没有其他方法可以说服 Apache 在登录时不缓存来自 DotNetNuke 的页面?

4

2 回答 2

1

根据这篇文章,我的第一个想法是基于 cookie 的缓存:基于 cookie 的 Apache 缓存。但是根据那篇文章的答案,您需要显式添加一个无缓存标头,该标头可以添加到每个页面上的皮肤令牌中,以根据 Request.Authenticated 标志生成标头。

于 2014-05-26T15:14:21.167 回答
0

在@DotNetNuclear 的帮助下,构建了以下解决方案并发现它可以显着提高性能:

将 DNN 服务器上的 Default.aspx.cs 更改为首先确保所有未经身份验证的用户在其响应标头中都有 NoCache。并且经过身份验证的用户具有如下可缓存性设置:

            Response.Cache.SetCacheability(HttpCacheability.NoCache); // You can set host settings to 0. Is the same.
        }
        else
        {
                    // Unauthenticated users.
                    // MAKE CONFIGURABLE IN HOST SETTINGS.
                    Response.Cache.SetCacheability(HttpCacheability.ServerAndPrivate);
                    //
                    // Allow proxies to cache for one day.
                    //
                    // MAKE CONFIGURABLE IN HOST SETTINGS.
                    Response.Cache.SetProxyMaxAge(new TimeSpan(24, 0, 0));
                    //
                    // Enforce not caching at client.
                    //
                    // MAKE CONFIGURABLE IN HOST SETTINGS.
                    Response.Cache.SetMaxAge(new TimeSpan(0, 0, 30));
        }

已记录请求以允许最终用户配置这些更改。现在,您可以使用 Apache 中的以下设置来区分经过身份验证的 (NoCache) 和未经身份验证的/公共请求 (ServerAndPrivate):

CacheEnable disk /
CacheRoot /var/cache/mod_cache
CacheDirLevels 2
CacheDirLength 4
# Do not overrule the default settings whether to cache.
# Can not be off, sorry.
CacheIgnoreNoLastMod on
#
# Use ServerAndPrivate since otherwise the Set-Cookie makes the cache
# being unused.
#
CacheStorePrivate on
CacheStoreNoStore on
#
# Ensure you set authenticatedcacheability on server to NoCache.
#
# Set to this off to allow logins.
CacheIgnoreCacheControl off
#
CacheIgnoreQueryString off
#
# Avoid cookies being put in cache.
# Use removal of the Server header as a sign that something is coming from cache.
# It requires Apache 2.4 to indicate that more nicely.
#
CacheIgnoreHeaders Set-Cookie Server
#
# Cache by default when not specified otherwise in last-modified or expiry date.
# In seconds.
CacheDefaultExpire 86400
CacheMaxFileSize 100000
#
# Always check every two days.
#
CacheMaxExpire 172800
# Disable caching on locations which we know to contain static content already
# cached by IIS.
CacheDisable ...some locations...

#
# Rewrite DNN caching.
#
#
# Set public instead of no-cache cahing on these specific files. IIS wants to
# use with max-age but without public. Probably since a cookie is involved, but that
# cookie is cleaned away in the cache.
#
SetEnvIfNoCase Request_URI "DependencyHandler\.axd$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "sb-client\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "main\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "inpage_linkid\.js$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.gif$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.png$" rewrite_to_public_cache
SetEnvIfNoCase Request_URI "\.jpg$" rewrite_to_public_cache
Header edit Cache-Control no-cache public env=rewrite_to_public_cache
于 2014-05-26T19:39:08.247 回答