htaccess caching code – Speed Boost Cache Code

Home Forums BulletProof Security Pro htaccess caching code – Speed Boost Cache Code

Viewing 2 posts - 31 through 32 (of 32 total)
  • Author
    Posts
  • #39864
    Living Miracles
    Participant

    Hello,

    I’m working with an SEO consultant who is using Moz Pro to scan/crawl our websites. At first, our sites were blocking their crawlers (their user agents are called “rogerbot” and “dotbot”). However, I was never able to find anything showing up in the security log that could point to exactly what needed to be whitelisted.

    I did some experimentation in our .htaccess file and used this third-party tool (suggested by Moz Pro) for testing. Ultimately, I discovered that removing a small portion of the “Speed Boost Cache Code” seemed to resolve the issue (i.e., in the third-party tool, I would get a “200 OK” response vs. a “403 Forbidden” response).

    Essentially, the change I made was to remove private, no-cache, no-store, from this line:

    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"

    So, it ended up looking like this:

    Header set Cache-Control "proxy-revalidate, no-transform"

    After confirming that this change worked, I reverted the code back (as well as tried various combinations of things) and was able to re-confirm that the change did seem to resolve the issue. However, this has left me with a few questions:

    1. Does this change (i.e., removing those few words from the line of code) make sense to you in terms of why it would solve this particular issue?
    2. Could there be any significant negative impact from this change that we should be aware of?
    3. Is there a better, more “standard” way that you would advise for handling the issue?

    Any advice is greatly appreciated.

    #39865
    AITpro Admin
    Keymaster

    This section of the BPS Speed Boost Cache Code below only affects these file types: .php, .cgi, .pl, .htm and .xml.
    Here is a help link to Cache-Control HTTP header directives > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
    Not sure what you tested or any other factors. So I can’t provide any sort of answers. In general this entire section of caching code is not critical. So modifying to get it to work is ok.

    <FilesMatch "\.(php|cgi|pl|htm|xml)$">
    Header set Cache-Control "private, no-cache, no-store, proxy-revalidate, no-transform"
    Header set Pragma "no-cache"
    </FilesMatch>

    Here is a simpler explanation of what these directives do:
    https://stackoverflow.com/questions/4480304/how-to-set-http-headers-for-cache-control

    HTTP 1.1. Allowed values = PUBLIC | PRIVATE | NO-CACHE | NO-STORE.

    Public – may be cached in public shared caches.
    Private – may only be cached in private cache.
    No-Cache – may not be cached.
    No-Store – may be cached but not archived.

    The directive CACHE-CONTROL:NO-CACHE indicates cached information should not be used and instead requests should be forwarded to the origin server. This directive has the same semantics as the PRAGMA:NO-CACHE.

    Clients SHOULD include both PRAGMA: NO-CACHE and CACHE-CONTROL: NO-CACHE when a no-cache request is sent to a server not known to be HTTP/1.1 compliant. Also see EXPIRES.

    Note: It may be better to specify cache commands in HTTP than in META statements, where they can influence more than the browser, but proxies and other intermediaries that may cache information.

Viewing 2 posts - 31 through 32 (of 32 total)
  • You must be logged in to reply to this topic.