1.
Fearless HTTP
requests abuse
Luís Cipriani
@lfcipriani (twitter, linkedin, github, ...)
20o. GURU (2011-11-26) - Sao Paulo/Brazil

2.
ME

3.
Motivation
http://www.youtube.com/watch?v=8FpigqfcvlM
“REST implies doing SEVERAL
HTTP requests, this is bad, doesn’t
scale, blah blah blah...”

4.
Motivation
http://www.youtube.com/watch?v=8FpigqfcvlM
Shut UP! Don’t think like that!
SEVERAL people already solved this
problem SEVERAL ways.

5.
Motivation
http://www.youtube.com/watch?v=8FpigqfcvlM
One of the ways is HTTP cache

6.
http cache BENEFITS
• reduce bandwidth
• reduce latency
• reduce server load
• hide network failures

7.
http cache LOCALIZATION

8.
http cache HEADERS
11 headers +15 directives

9.
http cache FLOW
1. may I cache?
2. if it’s cached, is it fresh?
3. if stale, is it valid on server?
4. anything else I need to know?
11+15

10.
http cache 1. POSSO CACHEAR?
cache-control should revalidate,
may I cache locally? may I cache anywhere?
directive even being fresh?
no-store no no n/a
private yes no no
no-cache yes yes yes
public yes yes no
1. locally means a cache that servers only one consumer
2. these directives override any configuration of the cache
3. by default, we can cache non safe/authenticated requests, GET and HEAD and
those with status code 200, 203, 206, 300, 301, 410
10 +11

11.
http cache 2. IF IT IS CACHED, IS IT FRESH?
the server should send the expiration time of
an answer
Expires: [RFC 1123 date]
Cache-Control: max-age=600
but if the server didn’t do this, cache may
assign heuristically the expiration time.
9 +10

12.
http cache 2. IF IT IS CACHED, IS IT FRESH?
Age calculation
7 +10

13.
http cache 2. IF IT IS CACHED, IS IT FRESH?
freshness_lifetime = Cache-Control: max-age | | Expires - Date
response_is_fresh = freshness_lifetime > Age
7+7

14.
http cache 3. IF STALE, REVALIDATE
Validators
Last-Modified ETag
Conditionals
If-Modified-Since If-None-Match
if conditional request == false
304 Not Modified
“... only return me a new resource if [conditional] applies on [validator] ...”
3+7

15.
http cache 3.1. CONTROLLING REVALIDATION
through client
Cache-Control: no-cache + Pragma: no-cache
Cache-Control: max-age=0
Cache-Control: only-if-cached
2+6

16.
http cache 3.1. CONTROLLING REVALIDATION
through origin server
Cache-Control: must-revalidate
after stale
Cache-Control: proxy-revalidate
Cache-Control: no-cache always
2+4

17.
http cache 4. WHAT ELSE SHOULD I KNOW?
Vary is part of cache key
expired response, failed revalidation,
Warning advanced age (more than 24 hours)
don’t allow transformation
Cache-Control: no-transform on the content
Cache-Control: extensions for example, channels
Cache-Control: stale-if-error availability over consistency
Cache-Control: stale-while-revalidate background revalidation
0+0

18.
http cache TIPS
1. use URLs consistently
2. common image library
3. use cache for pages that changes in low frequency
4. update cache with updated resources
5. don’t change files unnecessarily
6. use cookies only when necessary
7. minimize the use of SSL
8. validate your strategy on REDbot.org
stolen from http://www.mnot.net/cache_docs/#TIPS
0+0

19.
http cache REFERÊNCIAS
1. http://en.wikipedia.org/wiki/Web_cache
2. http://www.w3.org/Protocols/rfc2616/rfc2616.html
3. http://www.mnot.net/cache_docs/
4. http://redbot.org/
5. http://www.mnot.net/blog/2008/01/04/cache_channels
6. https://github.com/abril/cachebag
0+0

20.
Reformulação Box de Login Abril ID
http://abril-engineering-en.tumblr.com/
FIM