Denis Haskin wrote:
> What I'm trying to do is set my (origin server) response headers
> appropriately so that an authorized request is validated and subsequent
> requests for the same object with the same credential are satisfied out
> of Squid's cache, but non-authorized requests are re-validated and
> rejected.
Not something a shared cache is designed really to support. HTTP
basically allows you to tell
a) The object is public and may be served to all
b) The object is mostly public, but check with the origin server every
now and then to verify that there is authorized users. Useful to stop
the object from being served from the cache when there is no "active"
authorized users.
c) The object is shareable but requires authorization. Verify with the
origin server on each request if it is OK to send this to the client or
not.
That said, whan you describe above can be done in HTTP by combining Vary
and "cache-control: public" or a similar directive. Say that the reply
varies based on Authorization: but is public. This way the shared cache
can be abused to implement private caches.
Vary support in Squid is available from
http://squid.sourceforge.net/vary/
Support for "Cache-Control: public" is already in there.
As I said Squid does not yet implement the s-... cache-control
directives, so alternatives (b) or (c) can only be done using the
general cache directives.
Cache-Control: public, max-age=0
Or in case of Squid's wrong implementation of proxy-revalidate (c)
should also be possible via:
Cache-Control: public, proxy-revalidate
If you find that replies marked with max-age=0 are served from the cache
without prior revalidation with the origin server then there is a bug
which needs fixing.
Also, if you find that Squid returns replies marked with
proxy-revalidate or must-revalidate from cache without verifying with
the origin server then there is also a bug in Squid, even thou HTTP in
many cases allows this.
-- Henrik Nordstrom Squid HakcerReceived on Tue Apr 10 2001 - 14:16:37 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:16 MST