Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect behind mod_disk_cache (Use Apache to proxy webmail into internal network)

Messages: 8
Karma: 0
Send a private message to this user
Hi all,

for a while now we are using a public Apache2 server for proxying back into our internal network to kerio. This apache configuration actually works, when forwarding port 443 to kerio connect in our internal network.

<VirtualHost *:443>


SSLEngine on
SSLProxyEngine on

<IfModule mod_proxy.c>
ProxyVia Block
ProxyPreserveHost off
<ProxyMatch https://IPADDRESSOFFIREWALL:443/.*>
Order deny,allow
Allow from all
<LocationMatch "^[^/]">
Deny from all

ProxyPass / https://IPADDRESSOFFIREWALL:443/
ProxyPassReverse / https://IPADDRESSOFFIREWALL:443/


In order to make this a little bit quicker i tought of adding cacheing, so that CSS and JS can be cached. So i added this to the above virtualhost config:

<IfModule mod_cache.c>
<IfModule mod_disk_cache.c>
CacheRoot /var/cache/apache2/OURPUBLICHOSTNAME
CacheEnable disk /
CacheDirLevels 2
CacheDirLength 1
CacheDefaultExpire 3600
CacheMaxFileSize 1000000
CacheMinFileSize 1
CacheIgnoreCacheControl On
CacheIgnoreNoLastMod On
CacheIgnoreHeaders None
CacheLastModifiedFactor 0.1
CacheDefaultExpire 3600
CacheMaxExpire 86400
CacheStoreNoStore On
CacheStorePrivate On

# CacheDisable /static

This works on the login screen and it is quite faster now. But unfortunatley after being logged in, the browser keeps reloading the page.

Anyone has something like this running? Or may give a clue what to change?

thank you

Pavel Dobry (Kerio)

Messages: 5245
Karma: 251
Send a private message to this user
What's wrong? Maybe the whole concept. Browsers already do cache some files.

But if you want to enter this dangerous field of MITM caching, make sure that certain requests MUST not be cached anytime: 302 redirects, all POST responses and requests and all responses which explicitly forbids caching. In other words, option "CacheIgnoreCacheControl On" must be OFF.

Messages: 8
Karma: 0
Send a private message to this user
I changed the option, but it does not work either.

Besides that:
- i want to save our bandwidth, that's why we cache it
- i think it is more secure than having kerio directly on the internet
- we cleanup the cache from timt to time to prevent cache-poisoning

You obvisouly do not like the concept. Can you explain more? How do you do it?

[Updated on: Thu, 16 September 2010 12:15]

Previous Topic: Blackberry Connector - MAPI call failed
Next Topic: [Solved] Missing Tab
Goto Forum:

Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Oct 24 09:38:13 CEST 2017

Total time taken to generate the page: 0.00410 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.