I have checked the FAQ, but I failed to get any clues from there.
I have a simple HTTP server which sits behind a Squid 3 reverse proxy.
Some of the dynamic content is only available for logged in users,
and we have Squid do the RFC 2617 authentication for us.
If the origin HTTP server goes down (it does happen :-/) Squid returns
a cached response rather than an error message. This is bad because
the cached response may have been generated for another user of the
system, and so may contain sinsitive information.
Now, I *thought* I had set up the HTTP headers in these responses to
tell squid to *not* cache them, but clearly I have not understood
something. Here are the headers (as seen from a browser hitting
Squid):
HTTP/1.x 200 OK
Cache-Control: public, max-age=0
Etag: "MemberHomePage+43"
Last-Modified: Mon, 01 Aug 2005 21:39:51 GMT
Server: Swazoo/0.9.76-bb (Sydney)
Date: Mon, 01 Aug 2005 21:39:51 GMT
Content-Type: text/html
Content-Length: 4576
X-Cache: MISS from squid.xxx.net
X-Cache-Lookup: HIT from squid.xxx.net:80
Via: 1.0 squid.xxx.net (squid/3.0-PRE3-CVS)
Connection: keep-alive
So, my expectation was that the max-age would mean that no cached
responses would be served - clearly wrong.
Could someone point out my mistake, and perhaps point me to the place
in the mountain of documentation I should be looking?
Many thanks,
Bruce
Received on Mon Aug 01 2005 - 17:37:49 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Sep 01 2005 - 12:00:01 MDT