On 03/12/10 07:44, David Q Levitt wrote:
>
> I am running some tests to see how squid handles a 403 status. The
> problem is that squid seems to be caching the 403 (despite 'Cache-Control:
> no-cache, no-store, must-revalidate'), so that even if subsequent responses
> from the origin server (for the same request) contain a 304 I still get the
> 403!
By "squid" what version do you mean? All the current releases have
different levels of HTTP compliance as we rolled HTTP/1.1 in.
The older releases shipped with negative_ttl wrongly set to a non-zero
value. The newer ones have it at zero and will obey the headers.
To compound that problem there are still a lot of old installs and
tutorials floating around which tell people to set it as non-zero.
>
> I have a PHP script and am using Poster to submit GET requests to it (to
> simulate an XHR and eliminate the browser as a source of confusion). I'm
> using max-age=0. in order to force the request to be submitted to the
> origin server each time.
>
> The first time I submit the request:
> http://localhost:80/GetandPost3.php?thename=Fred&theage=11
> the PHP script looks like this:
> <?php
> $eTag = 'mmm3';
> $cc = 'max-age=0';
> header('Cache-Control: '.$cc);
> header('Etag: '.$eTag);
> ?>
> <html>
> The name is<?php echo $_GET["thename"]; ?>.
> The age is<?php echo $_GET["theage"]; ?>.
> </html>
>
> The response is as expected (with a 200 status).
>
> Now I change the PHP script to the following and submit the same request
> again:
> <?php
> $eTag = 'mmm3';
>
> header('HTTP/1.1 403 Not Authorized');
> header('Cache-Control: no-cache, no-store, must-revalidate');
> header('Etag: '.$eTag);
> ?>
> <html>
> The request is NOT AUTHORIZED
> </html>
>
> :Again, the response is as expected: 403 Not Authorized.
>
> Now I change the PHP script to return a 304 and submit the same request
> again:
> <?php
> $eTag = 'mmm3';
> $cc = 'max-age=0';
>
> header('HTTP/1.1 304 Not Modified');
> header('Cache-Control: '.$cc);
> header('Etag: '.$eTag);
> ?>
>
> This time I expect to see the same response as for request #1, but instead
> I am still getting a 403!
>
> Why is squid caching the 403 entry despite header('Cache-Control: no-cache,
> no-store, must-revalidate'); ??? (I tried removing the Etag header in the
> 2nd test but still get the same results).
>
Check the actual HTTP headers that are coming out of the web server
running the script.
A Date: header is required. Always.
You should also be sending a Last-Modified header where possible. Set to
the filemtime() of the newest script or included file in HTTP date
format. (if content is pulled from elsewhere, for example a database,
this gets much more tricky).
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3Received on Fri Dec 03 2010 - 01:42:31 MST
This archive was generated by hypermail 2.2.0 : Fri Dec 03 2010 - 12:00:01 MST