Re: [squid-users] why is 403 cached? from David Q Levitt on 2010-12-02 (squid-users)

From: David Q Levitt <dqlevitt_at_us.ibm.com>
Date: Thu, 2 Dec 2010 22:47:23 -0500

Hi Amos -

I'm running squid 2.7 STABLE8.

WRT negative_ttl, I see this comment in squid.conf:
# negative_ttl=n
# TTL for cached negative lookups (default same
# as ttl)

but don't see any uncommented entries specifying negative_ttl. Are you
saying that the problem I'm seeing could be caused by an "internal"
negative_ttl setting? If so, is there a workaround? Or should I install a
different version of squid?

Thanks for your help.

- Dave

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Amos Jeffries <squid3_at_treenet.co.nz> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |squid-users_at_squid-cache.org |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |12/02/2010 08:42 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Re: [squid-users] why is 403 cached? |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

On 03/12/10 07:44, David Q Levitt wrote:
>
> I am running some tests to see how squid handles a 403 status. The
> problem is that squid seems to be caching the 403 (despite
'Cache-Control:
> no-cache, no-store, must-revalidate'), so that even if subsequent
responses
> from the origin server (for the same request) contain a 304 I still get
the
> 403!

By "squid" what version do you mean? All the current releases have
different levels of HTTP compliance as we rolled HTTP/1.1 in.

The older releases shipped with negative_ttl wrongly set to a non-zero
value. The newer ones have it at zero and will obey the headers.
To compound that problem there are still a lot of old installs and
tutorials floating around which tell people to set it as non-zero.

>
> I have a PHP script and am using Poster to submit GET requests to it (to
> simulate an XHR and eliminate the browser as a source of confusion). I'm
> using max-age=0. in order to force the request to be submitted to the
> origin server each time.
>
> The first time I submit the request:
> http://localhost:80/GetandPost3.php?thename=Fred&theage=11
> the PHP script looks like this:
> <?php
> $eTag = 'mmm3';
> $cc = 'max-age=0';
> header('Cache-Control: '.$cc);
> header('Etag: '.$eTag);
> ?>
> <html>
> The name is<?php echo $_GET["thename"]; ?>.
> The age is<?php echo $_GET["theage"]; ?>.
> </html>
>
> The response is as expected (with a 200 status).
>
> Now I change the PHP script to the following and submit the same request
> again:
> <?php
> $eTag = 'mmm3';
>
> header('HTTP/1.1 403 Not Authorized');
> header('Cache-Control: no-cache, no-store, must-revalidate');
> header('Etag: '.$eTag);
> ?>
> <html>
> The request is NOT AUTHORIZED
> </html>
>
> :Again, the response is as expected: 403 Not Authorized.
>
> Now I change the PHP script to return a 304 and submit the same request
> again:
> <?php
> $eTag = 'mmm3';
> $cc = 'max-age=0';
>
> header('HTTP/1.1 304 Not Modified');
> header('Cache-Control: '.$cc);
> header('Etag: '.$eTag);
> ?>
>
> This time I expect to see the same response as for request #1, but
instead
> I am still getting a 403!
>
> Why is squid caching the 403 entry despite header('Cache-Control:
no-cache,
> no-store, must-revalidate'); ??? (I tried removing the Etag header in
the
> 2nd test but still get the same results).
>

Check the actual HTTP headers that are coming out of the web server
running the script.

A Date: header is required. Always.

You should also be sending a Last-Modified header where possible. Set to
the filemtime() of the newest script or included file in HTTP date
format. (if content is pulled from elsewhere, for example a database,
this gets much more tricky).

Amos

--
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.3

Received on Fri Dec 03 2010 - 03:47:29 MST

This archive was generated by hypermail 2.2.0 : Fri Dec 03 2010 - 12:00:01 MST