Re: [squid-users] How to determine why an object isn't being cached? from Denis Haskin on 2001-04-10 (squid-users)

From: Denis Haskin <dwhaskin@dont-contact.us>
Date: Tue, 10 Apr 2001 13:29:05 -0400

[apologies for the repost, but the formatting was pretty mucked up on
the first one.]

Toby Dickenson wrote:

> Thats correct. Alternatively if you want caches to store the object but
> still get every client to provide authorization:
>
> Cache-Control: public,s-maxage=0,proxy-revalidate
>
> (or maybe must-revalidate instead of proxy-revalidate; see RFC2616)

I'm unable to coax Squid into behaving the way I require (and expect).

I understand that I can't share authorized cached objects between
different authorization credentials, but that's okay in this
application.

What I'm trying to do is set my (origin server) response headers
appropriately so that an authorized request is validated and subsequent
requests for the same object with the same credential are satisfied out
of Squid's cache, but non-authorized requests are re-validated and
rejected.

Here's a scenario:

1. Client 1 requests object, it's not in Squid cache, Squid requests
from origin, response is 401, client supplies credentials, Squid returns
the object and caches it.

2. Client 2 requests (same) object, Squid revalidates object, origin
response is 401, client fails to supply credentials, Squid returns the
401 to client.

3. Client 1 requests (same) object (with credentials), it's in Squid
cache and is fresh, Squid returns the cached object.

Reading all the various documentation, FAQs, and specs, I *think* this
is possible, but I confess I'm not completely sure.

Here's the combinations of response headers I've tried, and the
resulting effect:

Headers:
Cache-control: public,s-max-age=0,proxy-revalidate
(no Expires)

Result:
Unauthorized requests properly rejected, but every request requires
an origin server request (e.g. TCP_MISS)

Headers:
    Cache-control: public,s-max-age=0,proxy-revalidate
    Expires (30 minutes in future)
or
    Cache-control: public,s-max-age=0,must-revalidate
    Expires (30 minutes in future)
or
    Cache-control: public,s-max-age=0,proxy-revalidate,max-age=(30
minutes in future)
    (no Expires)

Result:
After the object is in cache, both authorized AND UNauthorized
requests are satisfied from cache.

Am I trying to do something that can't be done? Am I being clear enough
about what I'm trying to do?

Much thanks,

dwh
Received on Tue Apr 10 2001 - 11:29:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:15 MST