PageSpeed URL Control

Restricting Rewriting Via Wildcards: Allow and Disallow

By default, all HTML files served by your server and all resources (CSS, images, JavaScript) found in HTML files whose origin matches the HTML file, or whose origin is authorized via Domain, will be rewritten. However, this can be restricted by using wildcards, using the directives:

Apache:

ModPagespeedAllow wildcard_spec
ModPagespeedDisallow wildcard_spec

Nginx:

pagespeed Allow wildcard_spec;
pagespeed Disallow wildcard_spec;

These directives are evaluated in sequence for each resource, to determine whether the resource should be consider for rewriting. This is best considered with an example.

Example 1: Excluding JavaScript files that cannot be rewritten

Some JavaScript files are sensitive to their own names as they traverse the DOM. Therefore any rewriting on these files is invalid. We cannot cache-extend them or minifiy them. When such files are identified, we can exclude from the rewriting process via:

Apache:

ModPagespeedDisallow "*/jquery-ui-1.8.2.custom.min.js"
ModPagespeedDisallow "*/js_tinyMCE.js"

Nginx:

pagespeed Disallow "*/jquery-ui-1.8.2.custom.min.js";
pagespeed Disallow "*/js_tinyMCE.js";

Example2: Specifying explicitly which types of files can be rewritten

By default, every resource referenced by HTML from authorized domains is rewritten, as if there was an implicit

Apache:

ModPagespeedAllow "*"

Nginx:

pagespeed Allow "*";

at the beginning of every configuration. To change the default to be exclusive, issue

Apache:

ModPagespeedDisallow "*"

Nginx:

pagespeed Disallow "*";

and then follow it with which files you want to include. For example:

Apache:

ModPagespeedDisallow "*"
ModPagespeedAllow "http://*example.com/*.html"
ModPagespeedAllow "http://*example.com/*/images/*.png"
ModPagespeedAllow "http://*example.com/*/styles/*.css"
ModPagespeedDisallow "*/images/captcha/*"

Nginx:

pagespeed Disallow "*";
pagespeed Allow "http://*example.com/*.html";
pagespeed Allow "http://*example.com/*/images/*.png";
pagespeed Allow "http://*example.com/*/styles/*.css";
pagespeed Disallow "*/images/captcha/*";

The later directives take priority over the earlier ones, so the Captcha images will not be rewritten.

Note: Wildcards include * which matches any 0 or more characters, and ?, which matches exactly one character. Unlike Unix shells, the / directory separator is not special, and can be matched by either * or ?. The resources are always expanded into their absolute form before expanding.

Note: The wildcard will be matched against the full URL including any query parameters. For example, if you want to match URL http://example.com/index.jsp?test=xyz you could use

Apache:

ModPagespeedAllow "*.jsp*"

Nginx:

pagespeed Allow "*.jsp*";

If you were to omit the trailing *, then URLs with query-params would not match.

These directives can be used in location-specific configuration sections.

Note: The names in wildcards are not evaluated with respect to the location specific configuration; the wildcards are evaluated against the fully expanded URL. So if you want to match js_tinyMCE.js you must prefix it with its full path, including http:// and domain, or use a wildcard, as shown above.

Restricting PageSpeed from combining resources across paths

By default, filters that combine multiple resources together are allowed to combine multiple resources across paths. This works well much of the time, but if there are location-specific access controls or path-specific cookies associated with JavaScript files, then you may need to turn off this feature.

Apache:

ModPagespeedCombineAcrossPaths off

Nginx:

pagespeed CombineAcrossPaths off;

This directive can be used in location-specific configuration sections.

Restricting PageSpeed from rewriting URLs of introspective JavaScript

Filters that change URLs of JavaScript files are at times incompatible with JavaScript code that does string-manipulation on its own URL. To avoid problems with introspective JavaScript files, PageSpeed can be configured to skip URL-rewriting for such files. PageSpeed uses simple heuristics to determine whether a JavaScript file is introspective.

This affects filters rewrite_javascript, combine_javascript, inline_javascript, extend_cache, and extend_cache_scripts.

This feature is on by default, but for many sites these heuristics are too conservative and prevent optimizations that would actually be safe. To turn it off:

Apache:

ModPagespeedAvoidRenamingIntrospectiveJavascript off

Nginx:

pagespeed AvoidRenamingIntrospectiveJavascript off;

This directive can be used in location-specific configuration sections.

Limiting the maximum generated URL segment length

The maximum URL size is generally limited to about 2k characters due to Internet Explorer: See http://support.microsoft.com/kb/208427/EN-US. Nginx doesn't apepar to have a limit here but Apache servers by default impose a further limitation of about 250 characters per URL segment (text between slashes). When running under Apache PageSpeed circumvents this limitation, but if you employ proxy servers in your path you may need to re-impose it by overriding the setting here. The default setting is 1024.

Apache:

ModPagespeedMaxSegmentLength 250

Nginx:

pagespeed MaxSegmentLength 250;

This directive can be used in location-specific configuration sections.

Limiting the maximum size of a resource to optimize

A resource with large content takes a long time and a large amount of memory to process. You can specify the maximum length (in bytes) of the content for PageSpeed to optimize. A setting of -1 means content of all lengths will be optimized, but risks server out-of-memory crashes.

Prior to 1.12.34.1 the default was -1 (unlimited), but in versions 1.12.34.1 and later the default is 16MB.

Apache:

ModPagespeedMaxCacheableContentLength 16777216

Nginx:

pagespeed MaxCacheableContentLength 16777216;

This directive can be used in <VirtualHost> scope (Apache) or server blocks (Nginx).

Signing pagespeed resource URLs

Note: New feature as of 1.9.32.1

PageSpeed can be set to automatically cryptographically sign and verify resource URLs. Turning on resource signing will cause any resource requested without the proper signature to return 404 Not Found or 403 Forbidden depending upon the InPlaceResourceOptimization setting. This option can be used to reduce the attack surface for denial of service attacks.

Apache:

ModPagespeedUrlSigningKey signature_key_string

Nginx:

pagespeed UrlSigningKey signature_key_string;

Resource signing can also be turned on, but not enforced, which may be used for the transition period of moving a site from unsigned resourced to signed resources. In this mode, signed URLs are generated and accepted, as well as URLs with no signature and URLs with invalid signatures.

Apache:

ModPagespeedAcceptInvalidSignatures true

Nginx:

pagespeed AcceptInvalidSignatures true;

This directive can be used in <VirtualHost> scope (Apache) or server blocks (Nginx).