Re: [squid-users] Trying to cache no-cache objects

bijayant kumar wrote:
> Hi,
>
> Thanks for your reply and pointing out some basic thing about the policies. I will try to explain the same to the my people who want this settings. One thing is clear from your reply that i am able to cache the no-cache objects, right. One point you have mentioned that "I really, really, really, hope your squid is not being used with humans on the client-side. That caching model is one major disaster waiting to happen." This point i did not understand, what does it mean? I apologise to asking this question.
>

Well, what I meant was more of:

If its a reverse-proxy with only software on the 'inside' and the
internet on the 'outside', you may have enough control to make sure
things don't get too broken. That is the situation these overrides are
provided for.

If you are using it as a regular proxy with regular people on the
'inside' and the internet on the 'outside'. Things like those email
account mishaps start to get broken with every ignored no-cache etc. It
won't be a very long time before something critical gets stored and
served to the wrong person.

Amos

> Thanks & Regards
>
> Bijayant Kumar
>
>
> --- On Thu, 31/7/08, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
>> From: Amos Jeffries <squid3_at_treenet.co.nz>
>> Subject: Re: [squid-users] Trying to cache no-cache objects
>> To: bijayant4u_at_yahoo.com
>> Cc: "squid users" <squid-users_at_squid-cache.org>
>> Date: Thursday, 31 July, 2008, 9:48 AM
>>> Hello to list,
>>>
>>> I have a requirement to cache non-cachable objects. I
>> have tried on my
>>> own, googled a lot but could not able to do. Can any
>> body help me to
>>> achieve this, please. I know that this is against the
>> HTTP policy, but i
>>> have to do it. Many people have done this i think in
>> squid.
>>
>> Yes, many have. Which is one reason the www still logs
>> people into the
>> wrong bank accounts, email boxes etc. Security means
>> nothing when its
>> turned off.
>>
>> Whoever gave you that 'MUST' needs a good kick.
>>
>>> squid 3.0.7STABLE's squid.conf
>>>
>>> refresh_pattern ^ftp: 1440 20% 10080
>>> refresh_pattern ^gopher: 1440 0% 1440
>>> refresh_pattern (cgi-bin|\?) 999999 100% 999999
>> override-expire
>>> override-lastmod ignore-no-store ignore-reload
>> ignore-no-cache
>>> ignore-private
>>> refresh_pattern -i
>>>
>> \.(html|php|asp|dll|htm|aspx|mspx|shtml|cgi|php3|jse|phtml|po|pl|fcgi|jsp|py|php4|text|txt|js)$
>>> 999999 100% 999999 ignore-reload ignore-no-cache
>> ignore-no-store
>>> ignore-private ignore-auth
>>>
>>> refresh_pattern -i
>> (cam|kam|live|stream).*\.(gif|jpeg|jpg)(\?.*|)$
>> 999999
>>> 100% 999999 override-expire override-lastmod
>> ignore-reload
>>> ignore-no-cache ignore-no-store ignore-private
>> ignore-auth
>>> refresh_pattern -i
>> \.(gif|jpeg|jpg|swf|png|bmp|pic)$ 999999 100% 999999
>>> override-expire override-lastmod ignore-reload
>> ignore-no-cache
>>> ignore-no-store ignore-private ignore-auth
>>>
>>> refresh_pattern -i
>> \.(js|css|class|jar|xml|txt|cfm|doc|xls|pdf)$ 999999
>>> 100% 999999 override-expire override-lastmod
>> ignore-reload
>>> ignore-no-cache ignore-no-store ignore-private
>> ignore-auth
>>> refresh_pattern -i
>> \.(exe|gz|tar|tgz|zip|arj|ace|bin|cab|msi)(\?.*|)$
>>> 999999 100% 999999 override-expire override-lastmod
>> ignore-reload
>>> ignore-no-cache ignore-no-store ignore-private
>> ignore-auth
>>> refresh_pattern -i
>> \.(mid|mp[234]|wav|ram|rm|au)(\?.*|)$ 999999 100%
>>> 999999 override-expire override-lastmod
>> ignore-no-store ignore-reload
>>> ignore-no-cache ignore-private ignore-auth
>>>
>>> refresh_pattern -i
>> \.(mpg|mpeg|avi|asf|wmv|wma)(\?.*|)$ 999999 100%
>>> 999999 override-expire override-lastmod
>> ignore-no-store ignore-reload
>>> ignore-no-cache ignore-private ignore-auth
>>>
>>> refresh_pattern . 999999 100% 999999
>> override-expire override-lastmod
>>> ignore-reload ignore-no-cache ignore-no-store
>> ignore-private
>>> ignore-auth
>> Most of those refresh patterns are duplicates and causing
>> much slowdown
>> being processed on every request. This last pattern
>> '.' by itself can
>> replace all of your file type patterns.
>>
>>> And the header of the page to which i am trying to
>> cache is
>>> Set-Cookie:
>> sessioncookie=f8336e8eb4726523f2f8be76cb7f9be8; expires=Thu,
>>> 31 Jul 2008 01:02:46 GMT; path=/
>>> Expires: Mon, 26 Jul 1997 05:00:00 GMT
>>> Last-Modified: Wed, 30 Jul 2008 13:02:47 GMT
>>> Cache-Control: no-store, no-cache, must-revalidate
>>> Cache-Control: post-check=0, pre-check=0
>>> Pragma: no-cache
>>>
>>> When i am accessing this page, in access log i got
>>>
>>> 1217419381.382 1284 192.168.99.23
>> TCP_REFRESH_MODIFIED/200
>>> It means that the page is not in the cache. Please
>> help me i will be very
>>> thankful to you all.
>> No. It means the object was in cache but squid obeyed the
>> 'must-revalidate' (usually only used on
>> authenticated pages).
>> The page itself HAD changed between the last storage time
>> and the new
>> request so the server sent a new one. Changing is normal
>> for no-cache
>> objects, that is why they are no-cache (ie. "don't
>> bother wasting disk
>> resources").
>> In normal web traffic that would be a TCP_MISS.
>>
>> I really, really, really, hope your squid is not being used
>> with humans on
>> the client-side. That caching model is one major disaster
>> waiting to
>> happen.
>>
>> Amos
>
> Send instant messages to your online friends http://uk.messenger.yahoo.com

-- 
Please use Squid 2.7.STABLE3 or 3.0.STABLE8