2

we have nearly 13 domains within our company and we would like to serve images from one application in order to leverage caching.

for example, we will have c1.example.com and we will put all of our product images under this application. but here I have some doubts;

1- how can I force client browser's to cache the image and do not request it again?

2- when I reference those images on my application, I will use following html markup;

<img scr="http://c1.example.com/core/img1.png" />

but this causes a problem when I run the website under https. It gives warning about the page. It should have been used https//c1.example.com/core/img1.png when I run my apps under https. what should I do here? should I always use https? or is there a way to switch between auto?

I will run my apps under IIS 7.

tugberk
  • 57,477
  • 67
  • 243
  • 335

2 Answers2

1

  1. You need to use HTTP headers to tell the browser how to cache. It should work by default (assuming you have no query string in your URLs) but if not, here's a knowledge base article about the cache-control header:

    http://support.microsoft.com/kb/247404

    I really don't know much about IIS, so I'm not sure if there are any other potential pitfalls. Note that browsers may still send HEAD requests sometimes.

  2. I'd recommend you setup the image server so that HTTP/S is interchangeable, then just serve HTTPS Urls from HTTPS requests.

John Chadwick
  • 3,193
  • 19
  • 19
  • forgive my lack of info here but not sure what you mean by this sentence : *"I'd recommend you setup the image server so that HTTP/S is interchangeable, then just serve HTTPS Urls from HTTPS requests"* – tugberk May 05 '11 at 12:53
  • I'm basically saying, set it up so that if you request an image with HTTP or HTTPS, you get the same file back. So, if I visit http://c1.example.com/core/img1.png and https://c1.example.com/core/img1.png, I get the same thing back. Then set it up so whatever links to the images automatically changes it between http/https depending on whether or not the page is https. – John Chadwick May 05 '11 at 13:11
  • i don't think his problem is that he can't request an image via https. But if all the image hrefs in his html is hardcoded to use http he needs some kind of Response Filter to change those when the page is served over https. – Pauli Østerø May 05 '11 at 13:21
  • Imho, it's better to just avoid hardcoding the image URLs when possible. However, if that's not feasible for whatever reason, I can't help much; I don't know anything about IIS. – John Chadwick May 05 '11 at 13:23
  • so in your case, the problem is that If I am not serving images under SSL, the browser will give warning. so, how can I serve secure page under http? – tugberk May 05 '11 at 13:29
1

Yes you need to serve all resources over https when the html-page is served over https. Thats the whole point of using https.

If the hrefs are hardcoded in the html one solution could be to use a Response Filter that will parse all content sent to the client and replace http with https when necessary. A simple Regular Expression should do the trick. There are plenty of articles out there about how these filters are working.

About caching you need to send the correct cache-headers and etag. There are several of questions and answers on this on SO like this one IIS7 Cache-Control

Community
  • 1
  • 1
Pauli Østerø
  • 6,878
  • 2
  • 31
  • 48
  • *"Yes you need to serve all resources over https when the html-page is served over https. Thats the whole point of using https"* I agree on that but what kind of solution should I implement to accomplish that? I will put image urls as http and I want them to be converted to https if the page is run under https. – tugberk May 05 '11 at 13:02
  • use Response Filter to replace all the http-hrefs with https in your html. Updated my answer with links. – Pauli Østerø May 05 '11 at 13:22
  • not a good idea. what if I have some links which does not support https? what if I have some image links which is not served under https? I need to write a regex for this I guess. I need to change http with https for img tags whose src is pointed to c1.example.com. am I on the right way here? – tugberk May 05 '11 at 13:26
  • if you have stuff that can't be served over https, you should 1) make an effort to make sure it can be served over https or 2) consider not including those resources. But yes, your regex should include ie. your image-domain so you can recognize the links your after in the html. – Pauli Østerø May 05 '11 at 13:29
  • sorry but this is not a solution on programming world I guess. but I think that regex one would solve the problem. – tugberk May 05 '11 at 13:32