IIS cache control header settings

Question

I'm currently working on a website that is accessed over https. We have recently come across a problem where we are unable to view .pdf files or any other type of file that is sent as an attachment (Content-Disposition:attachment).

According to Microsoft Knowledge Base this is due to the fact that Cache-Control is set to no-cache. However, we have a requirement that all pages be fully reloaded every time they are visited, so we have disabled caching on all pages (through our ASP code, not through IIS settings).

However, I have made a special case of this one page that shows the attachment, and it now returns a header with Cache-Control:private and the expiry set to 1 minute in the future. This works fine when I test it on my local machine, using https. However, when I deploy it to our test server and try it, the response headers still return Cache-Control:no-cache.

There is no firewall or anything between me and the server, so IIS itself must be adding these headers and replacing mine. I have no idea why it would do this, and it doesn't really make any sense, but it seems to be the only option at the moment (I haven't yet found any other place in the code that will change the cache headers).

Can anyone point me to a possible place where IIS might be setting these header values?

EDIT: It turns out that IIS wasn't messing with my cache settings. Rather, the folder I was publishing to was not the same folder that IIS was serving from. I discovered this when I examined the paths, and when I noticed that the files IIS was serving were much too old. Pointing IIS at the correct folder fixed all the problems I was having.

Answer 1

There are few places that can control caching in IIS.

All settings should be saved in web.config if appropriate feature configuration is allowed to be saved locally (look at Feature Delegation), otherwise it is saved in main config file: RootWeb.config (part of .NET framework, for example: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config) and/or ApplicationHost.config (C:\Windows\System32\inetsrv\config\ApplicationHost.config). Launch IIS Management Console (IIS Manager), then "Configuration Editor", then "Search Configuration" (on sidebar) and you will be able to see ALL configuration files known to IIS as well as search for specific settings.

1. HTTP Response Headers -- most likely the place to look after: there may be a custom header setup to explicitly forbids caching .. or via "Set Common Headers..." on sidebar/content menu.

2. Output Caching may also affect caching headers (I have never used this one myself and cannot tell more).

3. URL Rewrite v2.x may also be used to rewrite Response headers (outbound rules).

P.S. This question will be more appropriate to ask at ServerFault -- it is rather "sysadmin" category issue than web masters'.

Answer 2

How I solved my problem (as I also edited into question, but adding here to mark this as solved).

It turns out that IIS wasn't messing with my cache settings. Rather, the folder I was publishing to was not the same folder that IIS was serving from. I discovered this when I examined the paths, and when I noticed that the files IIS was serving were much too old. Pointing IIS at the correct folder fixed all the problems I was having.

Answer 3

In my case it turns out that the "Extensions" in the Caching Output setting was ".ext" instead of just "ext" so the policy I set wasn't taking effect. With that fixed, I also found that I didn't need to set the Cache-Control response header.