mod_deflate & ssl on apache

Posted on 2009-02-19
Last Modified: 2012-06-27
- Server is ubuntu 8.10
- Apache is 2.2.9

Just wondered. I have a HTTP vhost that has some config as displayed in the code snippet. Would I need to replicate the same entry for the 443 vhost for the same server name? Is there any point in compressing then encrypting (could be vice-versa...not sure).

If not, what should I be doing. Help, suggestions, etc. most welcome.
<IfModule mod_deflate.c>

    SetOutputFilter DEFLATE

    BrowserMatch ^Mozilla/4 gzip-only-text/html

    BrowserMatch ^Mozilla/4\.0[678] no-gzip

    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # Don't compress images or txt

    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|txt|lx2|pdf)$ no-gzip dont-vary


Open in new window

Question by:Rowley
    LVL 3

    Expert Comment

    As far as I know the encryption happens (in term of TCPIP) before the compression (Application Layer) so basically you can't compress before encrypt.

    LVL 1

    Accepted Solution

    If you use the apache compression module then yes you can compress and SSL traffic, we ran it on a lot of our client sites for a while. However, this comes with a big warning sticker.... if your end user is sat behind a caching proxy and you have multiple users behind that proxy you may end up with them seeing each others content.

    Now if your site is a simple open website then thats not an issue. However if its an application where they log in and should see only their own data then you may have issues. We found that some versions of Microsoft IAS in particular cannot handle compressed SSL traffic in a standards compliant way.

    So tread carefully with this!
    LVL 1

    Expert Comment

    I forgot to answer your first question... the compression can be enabled system wide if done in the main httpd.conf file outside of the default server config section. Or you can do it on a per vhost level.
    LVL 13

    Author Comment


    Thanks for the reply and sorry for the delay in getting back to you.

    Yes indeed we are hosting a webapp where users log in the recommendation might be to turn this off eh? Do you have any sources where I can do some further reading on the subject?
    LVL 1

    Expert Comment

    We turned it off as the number of client support calls due to cache issues was ridiculous, its amazing how many corporates use old versions of IAS which are "broken" from a standards point of view.

    I would suggest you experiment though if you have the time as you may be able to use it for certain file types/pages in your system and you can set the compression up in many many ways, for example:
     - per apache host
     - per vhost
     - per subdirectory of a site
     - per file type
    So you may get some benefits from it.

    Docs wise I'd suggest google and a search for : mod_deflate apache
    Theres lots of sites about how to user and various sample configs.

    LVL 13

    Author Closing Comment

    Thanks for having a go. Whilst not completely answering my question your shared experience is valuable info nonetheless.


    Featured Post

    PRTG Network Monitor: Intuitive Network Monitoring

    Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

    Join & Write a Comment

    As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
    Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now