We are attempting to enforce a set of non-cache headers in cases where a reverse proxy does not return any cache headers, in an effort to allow independent backend developers to set headers as they please, but fall back to a safe option. However, my attempts to far have been unsuccessful, so I'm asking if someone else has accomplished this or can see the fault in my current attempt?
effectively implementing the pseudo code
if (neither Cache-Control nor Expires is set) {
set safe default for Cache-Control and Expires
}
As the two, or more, headers need to be considered as a group, the Header setifempty directive is insufficient.
Instead I came up with the following, to be applied after proxing the request, and getting a response back from the proxied system.
SetEnvIfExpr "-n resp('Cache-Control') || -n resp('Expires')" response_has_cache_headers
Header set Cache-Control "private, max-age=0, no-cache" env=!response_has_cache_headers
Header set Expires "Thu, 01 Jan 1970 00:00:00 GMT" env=!response_has_cache_headers
However, SetEnvIfExpr always evaluates to false, regardless of the value of the response headers as sent from the proxied backend system.
We are using a recent Apache 2.4, mod_setenvif and mod_headers are enabled.
