Image caching over SSL


#1

I understand that in SSL (https), images and content are not cached. However, I read on a few articles that it might be possible to change the headers to tell the browsers to cache images or other content for a certain amount of time using an Apache module, mod_expires or some such.

  1. Does Dreamhost have this?
  2. Is there any documentation for this? Given that we do not have access to the Apache configuration files on a standard hosting account, I presume there is a way to do this by dropping a .htaccess file in an /images directory or somesuch.

Thanks.


#2

I believe the answer is two-fold. For one, there are client side options to tell whether or not to cache SSL data. For instance, in Firefox under about:config, there is this entry: “browser.cache.disk_cache_ssl”. Similar options exist in IE and the other browsers. So that’s looking from the client perspective.

If you’re talking about caching content on the host end, then yes, I believe that can be controlled in one of the Apache config files… but I don’t think it would be through .htaccess files. I would imagine the level of editing you would have to get to in the Apache configs, you will not be able to gain that kind of access or control over the configuration. Note: This is all guesswork on my part, but just throwing in what I believe to be true. I do not know the depths of what all you can do with .htaccess files other than limit and define access to users/groups to areas. If I’m underestimating that, my mistake.

If you don’t mind me asking… for what purpose or to what end are you trying to satisfy by doing so? – In simple terms, what is the purpose or usefulness to you in this configuration? Not to pry, I’m just trying to understand and maybe learn something new…


#3

mod_expires is loaded by default, and you should be able to use it normally by placing Expires directives in an .htaccess file.

With regard to SSL caching in general, it’s not quite correct to say that SSL content is not cached. Rather, what’s more the case is that browsers are more cautious about caching content served from secure domains, and will err on the side of not caching, rather than caching by default as they do for normal domains. Setting an explicit expiration date on SSL content will do the job, as will sending a “Cache-Control: public” header.


#4

In regards to this, and tying in with what I was talking about where browsers have explicit settings that say DO NOT save SSL content to disk, etc – that does tie in with what he’s talking about? Client side caching of secure content?

If so, do you know what takes priority in this case? Does the client/browser setting override the server’s directive, or does the server directive merely ALLOW the client TO cache the content in the first place? Hopefully I’m making myself clear…


#5

Hi,
Thanks for the replies.

I am looking for a resource on how to implement this on the server-side. I cannot manipulate the browser settings, since I’m serving the page to different users. I do not want to use meta expiry tags, since they are unreliable (i.e. the browser may or may not honor them).

For my use case, I only want certain images on my site to cache.

Thanks for mentioning the Expires directive. I can now start doing searches on Google or the Apache docs to see how that directive works.


#6

I found documentation that talked about Cache-Control: public. Do the Dreamhost servers have mod_headers installed?


#7

I read more into the Apache docs and this page http://www.mnot.net/cache_docs/. I think my .htaccess files working now.