Chris thank you for the info.
In your previous mail you mention two things:
1. http_access allow all -> This is a temp configuration. Once I will
have all I need up and running I will start to limit the access.
2. maximum_object_size & Cache-peer size -> I have notice this when I
downloaded a 1GB file and change the cache peer size. Indeed it's a bit
funny.
As for the HTTP headers. I added to my back-end server the following:
Cache-control: public, must-revalidate, max-age=1
Public -> To enable caching of the data
Must-revalidate -> To force SQUID recheck with the back-end server. By
doing so the request will have to be authenticate otherwise the back-end
server returns Unauthorized http status code
Max-age=1 -> My back-end server is IIS, by default it return
max-age=259200. The must-revalidate enforce the validation check of the
data after the max-age expired.
My problem is that without the max-age directive SQUID won't force the
authentication against the back-end server after the first request of
the data and with that directive SQUID never uses the cache and always
download the data.
This is true only for SSL, under simple HTTP requests it works as
expected.
Any ideas?
-----Original Message-----
From: Chris Robertson [mailto:crobertson@gci.net]
Sent: Thursday, February 14, 2008 03:43 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] squid ver 3 ssl cache proxy
Tomer Brand wrote:
> I have notice that the SSL cache doesn't work only if the back end
> server requires authentication to serve the data.
> Can anyone please tell me if what I am trying to is supported by
squid?
>
> Thank you.
>
Well, usually a request that requires authentication has an HTTP
response header of "Cache-Control: private". See if you can get your
back end server to change that to a "Cache-Control: must revalidate"
which will still require authentication to download the object, but will
allow downloading it from the cache upon successful authentication.
Chris
Received on Wed Feb 13 2008 - 23:59:52 MST
This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST