Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FAQ
It is currently Thu Dec 07, 2023 9:29 am


This forum is dedicated to Apache, Nginx, Lighttpd, Squid and other HTTP transport protocol related software

Author Message
debuser
  Post  Post subject: How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server  |  Posted: Tue Aug 03, 2010 3:30 am

Joined: Thu Aug 06, 2009 2:48 am
Posts: 105

Offline
 

How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server

To test a server for deflate/gzip compression, it needs to be notified that you, as a client (browser) accept compressed encoding.

This is done, by adding an "Accept-Encoding: compress, gzip" in the header of the request.

Testing an https Apache server for deflate/gzip compression, initiating a connection using openssl client
Code:
$ openssl s_client -connect  192.168.1.1:443
...Some output about ssl certificate and ssl protocol and cipher used....
GET / HTTP/1.1
Host: test.server.ro
Accept-Encoding: compress, gzip -->press RETURN
-->press RETURN again


HTTP/1.1 200 OK
Date: Tue, 03 Aug 2010 07:17:45 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Set-Cookie: SQMSESSID=8e7a8619ba2821ea61c4f24f7dbc2467; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: SQMSESSID=8e7a8619ba2821ea61c4f24f7dbc2467; path=/; secure; HttpOnly

Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1022
Content-Type: text/html; charset=iso-8859-1
?Vmo?6??_q?04if?Z?v?%h?a?.X=C?DIL(R%)'????#?7%???d?w??=|???ٟ??.?????\??????0
                                                                            ??????;8   F?4??[?$a8?H&?A\?Z?7??d??R??f   ?*U?Ȕ?LڄH?e????PB?;?????H?????1K?>4??{CT?      ??V?f?m?
Th,??7????@A?ac<-Z?9^?|i??rj??\8???J            ?s*?0?cYn??/??Y?!\???8?b?i?XT?--?????f??;[??p8XP
E?C??r?P#%???J?????֪?Y?ٹf??
                          *Z?H/??c??
                                    8??q???V????銘



The line that shows us that the HTTPS Apache server is sending compressed information (besides the output obviously) is:
Code:
Content-Encoding: gzip


As I stated, it is very important to inform the server that you accept compressed content, otherwise the server will send plain text. To advertise this, just add Accept-Encoding: compress, gzip in the request's header.

To test without advertising that compressed content is accepted, the https server will just send the same page in plain text:
Code:
$ openssl s_client -connect  192.168.1.1:443
...Some output about ssl certificate and ssl protocol and cipher used....
GET / HTTP/1.1
Host: test.server.ro -->press RETURN
-->press RETURN again

HTTP/1.1 200 OK
Date: Tue, 03 Aug 2010 07:24:01 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Set-Cookie: SQMSESSID=5a31331a117256cbbfd26e4180287ccc; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: SQMSESSID=5a31331a117256cbbfd26e4180287ccc; path=/; secure; HttpOnly
Vary: Accept-Encoding
Content-Length: 2369
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>

<head>
<meta name="robots" content="noindex,nofollow">
<link rel="stylesheet" type="text/css" href="../themes/css/verdana-10.css">


Now, the Content-Encoding: gzip attribute in the server response's header is missing and the output is plaintext.





Top
Display posts from previous:  Sort by  
E-mail friendPrint view

Topics related to - "How to test deflate/gzip compression on a HTTPS (HTTP over SSL) Apache server"
 Topics   Author   Replies   Views   Last post 
There are no new unread posts for this topic. Apache - Restricting "Server" information in HTTP response header with ServerTokens

debuser

0

2340

Thu Nov 10, 2011 6:39 am

debuser View the latest post

There are no new unread posts for this topic. Apache: how to list virtual hosts that are currently configured on my Apache server ?

LaR3

0

4777

Sun Feb 07, 2010 10:04 am

LaR3 View the latest post

There are no new unread posts for this topic. NGINX: How to redirect http to https website

mandrei99

0

3907

Mon Feb 09, 2015 3:27 pm

mandrei99 View the latest post

There are no new unread posts for this topic. Apache to Nginx Server parameters translation with php function

debuser

0

105131

Thu Aug 26, 2010 7:47 am

debuser View the latest post

There are no new unread posts for this topic. Remove "X-Powered-By: PHP/5.2.11" from HTTP headers of your web server

debuser

0

5295

Wed Mar 24, 2010 6:49 am

debuser View the latest post

There are no new unread posts for this topic. Apache 2.2 installation of mod_rewrite module without recompiling whole apache

debuser

0

6355

Tue Mar 23, 2010 11:22 am

debuser View the latest post

There are no new unread posts for this topic. Attachment(s) Nginx + apache (for PHP) with real IP addresses in logs

designeru

0

3095

Tue May 18, 2010 9:49 am

designeru View the latest post

There are no new unread posts for this topic. How can I see what modules are loaded on my custom built Apache binary

LaR3

0

3087

Sun Feb 07, 2010 9:54 am

LaR3 View the latest post

There are no new unread posts for this topic. Converting PhpBB-SEO Apache RewriteRule to Nginx rewrite

debuser

0

10586

Tue Feb 23, 2010 5:00 am

debuser View the latest post

There are no new unread posts for this topic. Apache Invalid command 'AuthGroupFile', perhaps misspelled or defined by a module not included

LaR3

0

6389

Mon Sep 21, 2009 6:42 pm

LaR3 View the latest post

 

Who is online
Users browsing this forum: No registered users and 0 guests
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum
Jump to:  
News News Site map Site map SitemapIndex SitemapIndex RSS Feed RSS Feed Channel list Channel list


Delete all board cookies | The team | All times are UTC - 5 hours [ DST ]



phpBB SEO