-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Apache module deflate disables server cache #13219
Comments
Yes. We definitely should detect this and give a warning. |
Generally speaking enabling a deflate mechanism is from a security PoV anyways a bad idea when using TLS: https://en.wikipedia.org/wiki/BREACH_%28security_exploit%29 |
So then it would be best if during installation deflate was disabled via .htaccess?
|
A possible solution was posten a longer time ago here: #4783 (comment) |
Hmm, is mod_deflate still corrupting files nowadays ? |
Good question, we still have also #4783 open. |
closing in favor of #4783 |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
On my server I had Apache module deflate enabled (
sudo a2enmod deflate
).I noticed that my server never returned HTTP response 304 (not modified) but instead always returns the whole document (with HTTP code 200).
Turns out, that there is for many years an issue with handling Etags together with the modified-since headers (-> https://issues.apache.org/bugzilla/show_bug.cgi?id=45023)
Is this an issue which oc should handle gracefully? Maybe by warning the admin? Or can we just ignore it?
One option would be of course to disable deflate module:
sudo a2dismod deflate
Another is to rewrite the "If-None-Match" header, sent by the client via .htaccess:
However, this requires:
sudo a2enmod headers
The text was updated successfully, but these errors were encountered: