.htaccess issues

Francis Daly francis at daoine.org
Sun Feb 12 16:49:24 UTC 2012

On Fri, Feb 10, 2012 at 03:08:24PM -0200, Guilherme wrote:

Hi there,

> The first time when a allowed IP access this area (i.e. /downloads), the
> object is cached, but when a unauthorized IP access the same dir, it gets
> the object from cache.
> Is there a way to deal with that?

Unfortunately, the only answer is "fix your application".

If you (apache) want the content not to be cached, you must set the
"please do not cache" http headers.

Any proxy between the client and the server can cache the content, and
serve it to other clients, unless the origin server marks it
uncacheable. This isn't nginx-specific.

See, for example, http://httpd.apache.org/docs/2.2/mod/mod_cache.html
and http://httpd.apache.org/docs/2.2/caching.html#security for apache's
notes on the same topic.

If you can't configure apache to correctly declare what is and isn't
cacheable, then you must decide yourself which responses nginx should
(or should not) cache. After you've decided which they are, you can
configure nginx to match.

If you can't reliably tell nginx what is cacheable, the only safe option
is to cache nothing in nginx. But you'll (probably) have to address the
same issue for any proxy between the client and the server.

Good luck with it,

Francis Daly        francis at daoine.org

More information about the nginx mailing list