I am trying to implement GZIP compression for my website. I copied the below code in my .htaccess file:
ExpiresActive On
ExpiresDefault A604800
Header append Cache-Control "public"
<IfModule mod_deflate.c>
<FilesMatch "\.(js|css)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
what happens is when I type username and password the page reloads but still the login form is displayed but session is set. When I refresh the page using ctrl + R the login form goes and the username is displayed. what will be the problem. wwaiting for ur reply.
I think it's mod_expires settings, not mod_gzip cause such behavior.
You just told your browser not to reload your page for the the week. It obeys.
I think you have to put expires settings at least inside of FilesMatch container. Or take any other sensible actions according to your real needs.
I guess, its just because of your browser cache, try clearing your browser cache. Or give it a try on different browser to confirm it is a cache issue or not.
Related
I'm using Laravel 5.6.
I'm trying to cache my css/js files. The way I'm doing it is using a middleware.
public function handle($request, \Closure $next, $guard = null)
{
$request->header('Cache-Control', 'max-age=86400, public');
$request->header('X-www-test-header', 'test-value');
return $next($request);
}
And wrapping basically every route in this middleware. This seems like a really bad idea from where I'm standing but to be perfectly honest I can't find another way to do it(any suggestions are welcome). But that's not the problem.
The problem is that my headers don't make thru.
I've also tried setting the headers via .htaccess
<IfModule mod_headers.c>
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=2678400, public"
</filesmatch>
<filesmatch "\.(html|htm)$">
Header set Cache-Control "max-age=7200, private, must-revalidate"
</filesmatch>
<filesmatch "\.(pdf)$">
Header set Cache-Control "max-age=86400, public"
</filesmatch>
<FilesMatch "\.(js|css)$">
ExpiresActive On
ExpiresDefault "access plus 1 weeks"
</FilesMatch>
That doesn't work either.
I'm honestly not sure what the problem is. Either laravel is somehow rewriting all the headers or apache or something.
Literally any pointing in the right direction is appreciated.
Laravel does not handle assets requests. Those requests are handled by the WEB server.
That's why try to enable apache headers module by executing a command a2enmod headers
The first problem is you are using request header getters to set a header, which won't work of course. So $request->header(key, default) will return the header with the specified key from the request and if that header is not present, the default you specified will be returned.
setting headers on response
return response($content)
->header('Content-Type', $type)
->header('X-Header-One', 'Header Value')
->header('X-Header-Two', 'Header Value');
the above code shows how you should attach header to a response and here is the Laravel documentation on that
Enable caching for static assets
So now if you want to set expiration time on assets so they can be cached, the best way to do so is to utilize your web server. For example if you are using Apache, this tutorial will help.
By the way, you should utilize your web server because for the most part, Laravel doesn't respond to static asset requests (your web server does), unless you specify so.
In short you need to enable to mod_expires module and the configure it bu setting an expiration time
a2enmod expires
and use it as belows
[...]
<IfModule mod_expires.c>
<FilesMatch "\.(jpe?g|png|gif|js|css)$">
ExpiresActive On
ExpiresDefault "access plus 1 week"
</FilesMatch>
</IfModule>
[...]
According to checkgzipcompression all my .js and .css are correctly GZIP compressed.
Except for my php webpages:
www.website.nl/webpages.php seem not gzipped, resulting in a 75% increase in "wasted" data transfer. My .htaccess file ends with the following below. What needs to be changed here to get GZIP compression for my php webpages to work properly? (Excluding the .php files from the /includes/ folder ofcourse since those are not "transferred to the browser" and are processed internally so they need no compression). Thanks!
# compress speficic filetypes
<IfModule mod_deflate.c>
<FilesMatch "\.(js|css|txt|php)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
Pages served in the browser with .php extension are considered html. PHP uses Content-Type "text/html" as default.
I would say, find out what's your web server, and then find out the correct compression method for it.
Good luck!
I am looking for a way to implement cache control & expire headers to my images/css/js files. I looked for tutorials & only found ways to add cache control using file extensions. The code below is the one got from http://betterexplained.com/
<FilesMatch "\.(jpg|jpeg|png|gif)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
This sets all the images of the mentioned extensions to be cached for one week. However I don't want all the images to be cached, because there are some images that are upload by the users. I only want my static images eg: logo, icons used for buttons to be cached. It would be great if someone could point out a way or a tutorial on how this could be achieved.
or again you could just move the htaccess file in the folder that will be cached and save the user image in another :D
You can change the FilesMatch filter to include a part of a path. I assume the user images are in another directory than your static images.
i.e.
<FilesMatch "^/staticdir/.+\.(jpg|jpeg|png|gif)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
You can make your regex more restricitive by including only only know images for caching:
<FilesMatch "(logo|icon|favicon|header)\.(ico|jpe?g|png|gif)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
How can I add cache control code to .htaccess?
My site is slow and I found 35 static components without a far-future expiration date.
How can I add expiration data for that? I was informed that this could be done in the .htaccess file but I don't know how.
You can use something like this:
# Cache Files
<filesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=604800, public"
</filesMatch>
This caches any file ending with ico|pdf|flv|jpg..... for 604800 seconds, which is one week, you can change that number to cache for however long you feel you need.
REF: https://en.wikipedia.org/wiki/Content_delivery_network
A content delivery network or content distribution network is a system of computers where our website is stored so it’s data (images/videos) can be served from multiple locations.
However I dont want to use any online paid/unpaid CDN services but would like to setup CDN on my own high speed server. I did google a lot but dont see any such CDN script which i can install on my server.
I am looking for such script which can support High level cache-control.
Can you please share if you know any good CDN script developed in PHP?
This isn't done in PHP, this done in Apache.
What I've done on my own home server (that's probably what you want) is set up a cookieless sub-domain for serving content, and enable caching and GZip. The following Apache configurations are all located in a .htaccess file in the website directory.
# GZIP compression
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(eot|ico|gif|jpe?g|php|png|ttf|svg|woff)$ no-gzip dont-vary
# Fonts on a cookieless subdomain
<FilesMatch "\.(eot|ttf|svg|woff)$">
Header set Access-Control-Allow-Origin "*"
</FilesMatch>
# Cookieless Static Content
<FilesMatch "\.(css|eot|ico|gif|jpe?g|js|png|ttf|svg|woff)$">
Header unset Cookie
Header unset Set-Cookie
</FilesMatch>
# Caching
ExpiresActive On
ExpiresDefault A0
<FilesMatch "\.(eot|ico|gif|jpe?g|png|ttf|svg|woff)$">
# 2 year caching for images and stuff
ExpiresDefault A31536000
Header append Cache-Control "public"
</FilesMatch>
<FilesMatch "\.(css|js)$">
# 1 week caching for styles and scripts
ExpiresDefault A604800
Header append Cache-Control "public"
</FilesMatch>
#Other Header Manipulation
FileETag MTime Size
Header unset X-Powered-By
AddDefaultCharset UTF-8
DefaultLanguage en-US
So long as you don't mind caching and GZip on your primary domain (which you shouldn't), just link to your cookieless content using your designated cookielesss sub-domain, and Apache takes care of the rest.
Update
I added a few things I've learned about since posting this answer, such as:
Allowing any domain to link to fonts so that they may be served without cookies.
Setting the ETAG header since it should be set.
A few other header fields that aren't bad to include/get rid of.
However, there's one last security concern to keep in mind if you're using HTTPS, and that is BREACH. To protect against this decryption technique, you can remove gzip compression from any page that displays dynamic content (GZIPping static content like static HTML, CSS, or JS is still ok). To avoid compressing a certain file type (like PHP), add it to the SetEnvIfNoCase directive near the start of this config.
Alternatively, you can keep compression enabled and use the GCM cipher method since the BREACH family of attacks only work on the CBC cipher method. As much as I hate to be "that guy", the manual is really the best reference for this if you want to get into configuring such things. It's a fairly complicated topic and the manual does a good job of explaining the basics.