Re: [squid-users] Connection: close

Thanks for the quick response Henrik,

- I don't understand what are the persistent_connections are for then, if
squid is only HTTP/1.0 based at the moment ?

Still my primary problem is trying to cache authenticated content. One
thought I had (hair brain scheme I know) is to use the proxy authentication
features in a reverse proxy environment. I have never worked with squid in
any situation except for reverse so I would just like to see if this is even
an option.

Could I use the "authenticate_program" option to run an external process
which queries the origin server to see if the client should be
authenticated. Does squid send the Realm, username and password to the
external program (Login and Password are obvious, but what about realm ?)

The content I have behind squid is VERY cpu intensive and if there is any
way that I can cache this content and only deliver it to authenticated
clients I would be very happy, and I'm sure my client would be to. (They all
receive identical content but I need to ensure that only authenticated
people can access the content).

Thanks
Warrick FitzGerald

----- Original Message -----
From: "Squid Support (Henrik Nordstrom)" <hno@marasystems.com>
To: "Warrick FitzGerald" <wfitzgerald@livetechnology.com>; "Squid-Users"
<squid-users@squid-cache.org>
Sent: Sunday, May 19, 2002 7:20 PM
Subject: Re: [squid-users] Connection: close

> You are probably correct on terms of IE.
>
> Squid is a HTTP/1.0 proxy and as such has to downgrade the reply and
> requests to the HTTP version it supports, or else things would break
> badly.
>
> httpd_accel_uses_host_header has nothing to do with ETag, only the
> Host header.
>
> Note: There is pending patches for ETag support to Squid thanks to
> the financial support of another company needing it. Will at least
> make Squid use If-None-Match when revalidating it's cache.
>
> Regards
> Henrik
>
>
> On Sunday 19 May 2002 23:12, Warrick FitzGerald wrote:
> > Hi All,
> >
> > Just spent a very long and frustrating day trying to figure out why
> > IE is giving me such a hard time with ETags, as was hoping someone
> > could shed some light on my painfull day.
> >
> > - I was initially running Version 2.4.STABLE1 but upgraded to
> > Version 2.4.STABLE4.
> > - I am running my box as a reverse proxy with a single origin
> > server on the back end.
> > - client_persistent_connections and server_persistent_connections
> > or "on"
> >
> > I have configed apache with a .htaccess file that looks like this
> > (Simply for testing) :
> > -----------
> > Header append Content-Location: "http://my.test.proxy/"
> > Header append Last-Modified "Fri, 17 May 2002 23:56:14 GMT"
> > Header append ETag "\"1095d76dfefdc11:897\""
> > -----------
> >
> > 1. When my client (IE 6.0.26) connects directly to the server the
> > server it sends a HTTP/1.1 header and recieves a HTTP/1.1 in
> > response. 2. The next time the client makes the request it send a
> > "If-None-Match" in the header with the ETag it recieved (as per
> > HTTP/1.1 spec).
> >
> > What had me VERY VERY confused today was that when I made this
> > request through my squid box, all of a sudden this stopped working
> > as expected. After a lot of playing arround I discovered that my
> > squid box was making a HTTP/1.0 request back to the origin server
> > and even though the origin server responds with a http/1.1 header,
> > will still respond to the client with the 1.0 header.
> >
> > My theory (pls. someone correct me if I'm wrong) is that this
> > little problem in turn causes IE not to send the "If-None-Match".
> > I'm guessing that this happens because IE sees the response as a
> > 1.0 response and decides that the ETag is not part of the spec, so
> > just throws it away ?
> >
> > I then found a param in squid.conf called
> > httpd_accel_uses_host_header (Note that I'm pulling straws at this
> > point). Tried turning this on and still no joy. I'm am no squid
> > expert so I would appreciate if someone could please explain what
> > I'm doing wrong.
> >
> > I have included my config below.
> >
> > Thanks in advance
> > Warrick FitzGerald
> >
> > [root@WarrickLinux squid]# cat squid.conf | grep -v "^#" | grep
> > "\w" hierarchy_stoplist cgi-bin ?
> > acl QUERY urlpath_regex cgi-bin \?
> > no_cache deny QUERY
> > cache_dir ufs /var/spool/squid 100 16 256
> > debug_options ALL,9
> > acl all src 0.0.0.0/0.0.0.0
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/255.255.255.255
> > 10.10.52.99/255.255.255.255 acl SSL_ports port 443 563
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 443 563 # https, snews
> > acl Safe_ports port 70 # gopher
> > acl Safe_ports port 210 # wais
> > acl Safe_ports port 1025-65535 # unregistered ports
> > acl Safe_ports port 280 # http-mgmt
> > acl Safe_ports port 488 # gss-http
> > acl Safe_ports port 591 # filemaker
> > acl Safe_ports port 777 # multiling http
> > acl CONNECT method CONNECT
> > acl PURGE method PURGE
> > http_access allow PURGE all
> > http_access allow localhost
> > http_access allow all
> > icp_access allow all
> > httpd_accel_single_host on
> > httpd_accel_uses_host_header on
> > client_persistent_connections on
> > server_persistent_connections on
> > ie_refresh off
> > httpd_accel_with_proxy on
> > httpd_accel_uses_host_header on
> > http_port 10.10.52.99:80
> > httpd_accel_host 10.10.52.129
>
> --
> MARA Systems AB, Giving you basic free Squid support
> Your source of advanced web reverse proxying solutions
> http://www.marasystems.com/products/
>
>
Received on Sun May 19 2002 - 17:38:23 MDT