On Sat, 2002-10-05 at 20:59, Sebastian Viudez Ortega wrote:
>
> We have a problem when we attempt to read the
> mail from our internal net to a external imp webmail
> -we get out from our internal net through the Squid
> 22STABLE4 at our DMZ-.
You should upgrade this cache. There are security vulnerabilities that
have been found. The current released version is 2.5Stable1. Or 2.4S7
has seen lots of use and is very stable, if you are concerned about
using the latest release.
> This worked 2 or 3 weeks ago, and we have
> nothing changed at our SQUID configuration. We have
> contacted with the external WebMail Admin and he say us
> that they have changed recently their WebMail architecture:
> now they have two webmail interfaces in two machines
> configurated as 'Round Robin' at the DNS. It seems a
> related 'cookies' problem.
Right. Well squid deliberately removes the setting of cookies from cache
hits. This will break web applications that
a) depend on setting a unique cookie per user
b) allow caching of those same pages by shared caches.
BUT: It can be argued that such sites are broken anyway. That may not be
your problem because with no_cache deny all nothing will get cached.
Also, I'm not sure if 2.2S4 does that though, you might like to check
your source (see clientBuildReplyHeader).
However: be sure to purge the objects from that domain after you enable
no_cache, otherwise you may still be getting hits.
Cheers,
Rob
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:10:36 MST