Re: [squid-users] Squid and NTLM passthrough from Steffan Corley on 2007-01-16 (squid-users)

From: Steffan Corley <scorley@dont-contact.us>
Date: Tue, 16 Jan 2007 16:37:53 +0000

Hi Henrik,

Thanks a lot for your help with this.

As far as the last point goes (pages being cached and then served to a
user who should be blocked from seeing them), I was wondering whether it
would be possible to get round this (in a fairly nasty way) using the
refresh_pattern configuration option?

If I had a configuration line something like:

refresh_pattern -i .* 0 0% 0 override_expire override_lastmod

would I be right in thinking that Squid would check whether every page
had been changed before serving it?

If I am right about this, how does Squid check whether a page has been
modified (when Squid is configured to use an upstream proxy)? Does it
cache pages even if they've expired and send an If-Modified-Since
request, or does it download the page again? Obviously, in the latter
case the Squid cache would be entirely redundant with the above
directive, so it's a particularly poor solution!

Regards, and thanks for any help,

Steffan

Henrik Nordstrom wrote:
> mån 2007-01-15 klockan 14:53 +0000 skrev Steffan Corley:
>
>> 1. Is NTLM passthrough actually implemented?
>>
> Yes.
>
>> I can find nothing in the Squid documentation.
>>
>
> Hmm.. thoght we had a blurb about this in the release notes, apparently
> not... I'll make sure there is one for the next release.
>
>> Does it do what I would need for this to actually work (i.e. maintain
>> a 1-1 mapping between client connections and connections to the
>> upstream proxy)?
>>
>
> You only need to do stuff if you don't want the feature.. (other than
> upgrading)
>
>> 2. Will the cached pages get served to different users without
>> checking whether the upstream ISA server would have blocked them for
>> this user?
>>
>
> If they are cacheable yes, or at least that's the intention. Have not
> verified.
>
>> I.e. if user A visits www.dodgy.com and is not blocked by ISA server,
>> will www.dodgy.com be served from the cache to user B regardless of
>> whether the ISA server would have blocked them or not.
>>
>
> Probably, if the page was cacheable.
>
> Regards
> Henrik
>
>
Received on Tue Jan 16 2007 - 09:38:04 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST