2

In the response header of all requests, there is a cache-control: private , and Expires that is set. I'd like to know where this is set.

I have the following setup: 1. F5 load balanced to two CentOS 6.4 servers hosting Tomcat 7.0.42.0 2. I've set an ExpiresFilter for images, css and js files. However, these types are not always cached.

There are two environments , however only 1 of the environments is showing the response header Cache-Control private, and Expires Wed, 31 Dec 1969 19:00:00 EST. The other env does not show this.

I've done a diff of the server.xml, web.xml and context.xml of Tomcat, and there are no major differences.

Googling results in some posts related to SSL config, but I cant figure what exactly the issue is.

Response header with cache-control and expires in the past:

    Cache-Control   private
    Content-Length  0
    Date    Fri, 06 Mar 2015 16:08:16 GMT
    Expires Wed, 31 Dec 1969 19:00:00 EST
    Location    https://myhost.com/mypage
    Response    HTTP/1.1 302 Found
    Server  Apache-Coyote/1.1
KD_stack
  • 141
  • 5
  • 13

2 Answers2

3

I had exactly the same problem. My tomcat installation has custom [web.xml] and [conf.xml] files at conf folder, to serve HTTPS connections. In my case, the problem was with a HTTPS security constraint inside [conf.xml] file:

<security-constraint>
    <web-resource-collection>
        <web-resource-name>Protected Context</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
</security-constraint>

This constraint force clients to use always HTTPS, even with port 80 opened. Once this contraint was removed from web.xml, cache began to work ("cache-control" header with "max-age", and "expires" with the correct date).

Luis
  • 61
  • 4
0

Found a resolution to the issue, but not the exact cause.

I installed a new instance of tomcat on the same host, but in another directory, and this resolved the header 'Expires Wed, 31 Dec 1969 19:00:00 EST' and 'Cache-Control private'. Also copied over the tomcat-users.xml, server.xml, and web.xml from the previous Tomcat installation of the same host.

I suspect there were some leftover config somewhere from the removal of the Apache Web Server on the original installation that was causing the issue.

KD_stack
  • 141
  • 5
  • 13
  • My guess is the default ROOT application contains web.xml which may have CONFIDENTIAL transport-gurantee whci doee not exist in the new installation. – bhantol Sep 21 '18 at 17:55