Keyran Bayliss wrote:
>
> Greetings,
>
> I think I've got the miss_access defined wrong but I'd like someone else
> to explain it to me please.('miss_access allow all' is what I have now)
>
> We've got three proxies (working nicly and configured as siblings). We
> noticed that sometimes proxyX will do a GET (TCP_MISS:DIRECT is the
> resulting code in proxyX logs) on behalf of proxyY; that is, proxyY got
> asked by a client but proxyX did the actual retrieve.
Yes, this is called a false-hit. ICP contains the URL only. The request
headers may contraindicate the use of the copy that a sibling has.
> Really what we want is if proxyY sees a request, to query it's siblings,
> (which it does currently with ICP), if they don't have it, for it to
> get the file itself, not ever get a sibling to do it.
>
> When a sibling does the request, the authentication information is not
> passed (from the original request) and this is a problem for us.
>
> Any thoughts?
On authentication: Passing the authentication info to siblings is a
security risk, as your siblings are not necessarily under your control.
(I know they _are_ in this case, however in more general situations they
may not be). Therfore the HTTP spec prohibits this information being
passed beyond the hop that it is used.
D
Received on Wed Sep 15 1999 - 17:52:29 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:25 MST