Re: [squid-users] squid ver 3 ssl cache proxy

From: Chris Robertson <crobertson@dont-contact.us>
Date: Thu, 14 Feb 2008 11:39:48 -0900

Tomer Brand wrote:
> Chris thank you for the info.
>

Even though it was inaccurate... That's what I get for not checking the
RFC before handing out suggestions... *sigh* Caveat lector.

> Public -> To enable caching of the data
> Must-revalidate -> To force SQUID recheck with the back-end server. By
> doing so the request will have to be authenticate otherwise the back-end
> server returns Unauthorized http status code
> Max-age=1 -> My back-end server is IIS, by default it return
> max-age=259200. The must-revalidate enforce the validation check of the
> data after the max-age expired.
>
> My problem is that without the max-age directive SQUID won't force the
> authentication against the back-end server after the first request of
> the data and with that directive SQUID never uses the cache and always
> download the data.
> This is true only for SSL, under simple HTTP requests it works as
> expected.
>
> Any ideas?

According to Mark Nottingham's cache docs
(http://www.mnot.net/cache_docs/#FAQ), what you want to do is:

Cache-Control: public, no-cache

In any case, what do the headers from the server look like? Does it
give a 304 (Not Modified) or does it respond with a 200 (OK)?

As for why you'd get different results over HTTPS and HTTP, I have no idea.

Chris
Received on Thu Feb 14 2008 - 13:40:01 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:05 MST