Simon Woods wrote:
> * According to the FAQ: Section 12.23 Responses for requests with an
> Authorization header are cach(e)able ONLY if the response includes
> Cache-Control: Public - which in our case it does not.
> Should squid not simply ignore the documents in the cache if the browser
> sends the Authorization: header? Why therefore do we get the wrong
> documents?
Caching is done on a URL basis.
If there is a public version cached on the URL, then Squid will give
this out to the user regardless if there is any authorization header,
cookie or any other private content sent in the new request.
The correct approach for caching is to split your URL space in at least
two parts, one private (authenticated), and one public.
> * Our server sends a lot of 302 Moved Temporarily responses - what
> exactly are these?
Redirects.
> * We are not using SSL at the moment (anything which slows down the
> server even more does not even get considered), will do however
> sometime. Are the HTTP headers also encrypted (I presume yes)? Also the
> Cookies? If so we can forget looking at the content!
Everything is encrypted when using SSL, so you can forget any content
inspection, acceleration or proxy caching.
-- Henrik Nordstrom Squid hackerReceived on Wed Feb 02 2000 - 13:07:37 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:50:54 MST