Toby Dickenson wrote:
> Thats correct. Alternatively if you want caches to store the object but
> still get every client to provide authorization:
>
> Cache-Control: public,s-maxage=0,proxy-revalidate
>
> (or maybe must-revalidate instead of proxy-revalidate; see RFC2616)
I'm unable to coax Squid into behaving the way I require (and expect).
I understand that I can't share authorized cached objects between
different
authorization credentials, but that's okay in this application.
What I'm trying to do is set my (origin server) response headers
appropriately so that an authorized request is validated and subsequent
requests for the same object with the same credential are satisfied out
of
Squid's cache, but non-authorized requests are re-validated and
rejected.
Here's a scenario:
1. Client 1 requests object, it's not in Squid cache, Squid requests
from
origin, response is 401, client supplies credentials, Squid returns the
object and caches it.
2. Client 2 requests (same) object, Squid revalidates object, origin
response is 401, client fails to supply credentials, Squid returns the
401
to client.
3. Client 1 requests (same) object (with credentials), it's in Squid
cache
and is fresh, Squid returns the cached object.
Reading all the various documentation, FAQs, and specs, I *think* this
is
possible, bu I confess I'm not completely sure.
Here's the combinations of response headers I've tried, and the
resulting
effect:
Headers:
Cache-control: public,s-max-age=0,proxy-revalidate
(no Expires)
Result:
Unauthorized requests properly rejected, but every request requires
an
origin server request (e.g. TCP_MISS)
Headers:
Cache-control: public,s-max-age=0,proxy-revalidate
Expires (30 minutes in future)
or
Cache-control: public,s-max-age=0,must-revalidate
Expires (30 minutes in future)
or
Cache-control: public,s-max-age=0,proxy-revalidate,max-age=(30
minutes
in future)
(no Expires)
Result:
After the object is in cache, both authorized AND UNauthorized
requests
are satisfied from cache.
Am I trying to do something that can't be done? Am I being clear enough
about what I'm trying to do?
Much thanks,
dwh
Received on Tue Apr 10 2001 - 09:28:42 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:59:15 MST