I am running some tests to see how squid handles a 403 status.   The
problem is that squid seems to be caching the 403 (despite 'Cache-Control:
no-cache, no-store, must-revalidate'), so that even if subsequent responses
from the origin server (for the same request) contain a 304 I still get the
403!
I have a PHP script and am using Poster to submit GET requests to it (to
simulate an XHR and eliminate the browser as a source of confusion).  I'm
using max-age=0. in order to force the request to be submitted to the
origin server each time.
The first time I submit the request:
http://localhost:80/GetandPost3.php?thename=Fred&theage=11
the PHP script looks like this:
<?php
$eTag = 'mmm3';
$cc = 'max-age=0';
header('Cache-Control: '.$cc);
header('Etag: '.$eTag);
?>
<html>
The name is <?php  echo $_GET["thename"]; ?>.
The age is <?php  echo $_GET["theage"]; ?>.
</html>
The response is as expected (with a 200 status).
Now I change the PHP script to the following and submit the same request
again:
<?php
$eTag = 'mmm3';
header('HTTP/1.1 403 Not Authorized');
header('Cache-Control: no-cache, no-store, must-revalidate');
header('Etag: '.$eTag);
?>
<html>
The request is NOT AUTHORIZED
</html>
:Again, the response is as expected:  403 Not Authorized.
Now I change the PHP script to return a 304 and submit the same request
again:
<?php
$eTag = 'mmm3';
$cc = 'max-age=0';
header('HTTP/1.1 304 Not Modified');
header('Cache-Control: '.$cc);
header('Etag: '.$eTag);
?>
This time I expect to see the same response as for request #1, but instead
I am still getting a 403!
Why is squid caching the 403 entry despite header('Cache-Control: no-cache,
no-store, must-revalidate'); ???   (I tried removing the Etag header in the
2nd test but still get the same results).
Thanks.
- Dave
Received on Thu Dec 02 2010 - 19:09:07 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 03 2010 - 12:00:01 MST