SCHAPPY — 26. December 2006, 3:31

How to cache authorized content?

Environment: Apache2.x, mod_cache, mod_*_cache, mod_headers, mod_proxy, mod_rewrite.

Problem: As stated here, it is not possible to cache content which is retrieved via authorization by using mod_cache. This is reasonable, but it may be needed to cache also authorizated content, especially if the auth. is done transparent for the user via mod_headers.
“4. If the request contains an “Authorization:” header, the response will not be cached.”

One may think about manipulating the authorization header using mod_headers, but this filter seems to be processed after the caching module, thus it does not work.

Solution: Quick and dirty: create a multi-tier (two-tier) architecture, however not nice, but it works.

  1. Create a server listening only on localhost at any free port, e.g. localhost:8081
  2. Implement for this server the authorization using mod_headers and the retrival of the content, that requires authorization. Do not add any caching rules here!
  3. Create an additional server listing on your domain at the desired port, e.g. your.domain.tld:80
  4. Add all caching rules to this definition and add some rewriting rules for your local server, e.g.
    RewriteRule ^/(.*)$ http://localhost:8081/$1 [P,L]
    Additionally, it is possible to add here some referer checks to protect you content from bandwidth theft.

Pros: Especially when retrieving large contents such as multimedia content, the performance of your response depends essentially on the delay of the autorized content as it is served remotely and you are often not able to influence its response time. With increasing cache-hit ratio the impact of the remote server decreases and the remote server is released. Your traffic bandwidth is additionally freed.

Cons: For one incoming request at the frontier server you may need to open an additional local loopback server communication. Thus the impact of one request is doubled. Consider the open socket/port limit.

No Comments »

RSS feed for comments on this post.

Bisher noch keine Kommentare.

Kommentare verfassen

Sie müssen angemeldet sein, um Kommentare verfassen zu können.