On Wednesday 05 March 2003 23.18, Craig Kelley wrote:
> 2) If I turn on basic HTTP authentication in Apache with something
> like this, however:
>
> AuthType Basic
> AuthName ByPassword
> AuthUserFile /var/www/secure/users
> <Limit GET PUT POST DELETE>
> Require valid-user
> </Limit>
>
> Then squid will always re-fetch the file regardless; a cache miss
> every time. Is this an Apache problem?
This is normal. A shared cache cannot cache content which are
protected by authentication unless the response includes
"Cache-control: public" which tells caches that even if the request
included authentication the response does not actually require
authentication and may be cached by shared caches.
> I would rather just have
> squid do the basic authentication, but from what I understand it
> cannot reliably do this when in httpd_accel mode (?).
Sure you can. Just add the following line at the top of acl.c and
rebuild Squid:
#define AUTH_ON_ACCELERATION 1
The reason to this define is that you cannot use authentication in
transparent proxies and to Squid-2.X transparent proxies is
"accelerators for all web servers", but there is no problem using
authentication in real accelerators, it is only that it is slightly
hidden to make sure people who runs transparent proxies does not
think this can be done there, as it can't.
This capability will be a lot more visible in Squid-3 as both the
accelerator and transparent proxy modes of Squid has been reworked a
bit and there no longer is a conflict between acceleration and
transparent proxying, allowing authentication to always be available
to accelerators without risking confusion in transparent proxy
setups.
Regards
Henrik
Received on Wed Mar 05 2003 - 15:48:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:56 MST