[squid-users] Lots of "Vary object loop!"

Yuri Voinov yvoinov at gmail.com
Wed Aug 26 20:50:23 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 
Btw,

when Squid will directly support gzip, inflate compression itself?

27.08.15 2:15, Amos Jeffries пишет:
> On 27/08/2015 7:53 a.m., Sebastián Goicochea wrote:
>> After I sent you my previous email, I continued investigating the
>> subject .. I made a change in the source code as follows:
>>
>> File: /src/http.cc
>>
>> HttpStateData::haveParsedReplyHeaders()
>> {
>>     .
>>     .
>> ##### THIS IS NEW STUFF ###########
>>     if (rep->header.has(HDR_VARY)) {
>>     rep->header.delById(HDR_VARY);
>>     debugs(11,3, "Vary detected. Hack Cleaning it up");
>>     }
>> ##### END OF NEW STUFF ###########
>>
>> #if X_ACCELERATOR_VARY
>>     if (rep->header.has(HDR_X_ACCELERATOR_VARY)) {
>>     rep->header.delById(HDR_X_ACCELERATOR_VARY);
>>     debugs(11,3, "HDR_X_ACCELERATOR_VARY Vary detected. Hack Cleaning it
>> up");
>>     }
>> #endif
>>     .
>>     .
>>
>>
>> Deleting Vary from the header at this point gives me hits in every
>> object I test (that previously didn't hit) .. web browser never receives
>> the Vary in the response header.
>> Now I read your answer and you say that this is a critical validity
>> check and that worries me. Taking away the vary altogether at this point
>> could lead to the problems that you described? If that is the case .. I
>> have to investigate other alternatives.
>>
>
> I'll have to look into that function when I'm back at the code later to
> confirm this. But IIRC that function is acting directly on a freshly
> received reply message. You are not removing the validity check, you are
> removing Squids ability to see that it is a Vary object at all. So it is
> never even cached as one.
>
> The side effect of that is that clients asking for non-gzip can get the
> cached gzip copy, etc. but at least its the same URL. So the security
> risks are gone. But the user experience is not always good either way.
>
> Amos
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJV3iaOAAoJENNXIZxhPexG5/gIALjD6Xg9DMlW+Bten9ZvElsh
3/XHNy5OUAn6WvFULldkZSEnF5jvgUk0vGaGluVjnfriCsoCTnpaxwZmAclG3ZTd
ug/QRYvQCNB2fDXRFxUPJl+kzE53WSA6gpistDK2xmQJxEF1er7cMZVzGeMbR73/
32/wlo7WgZQ/pRmM1EhYqwCiXf8MRhufCx4AILNXkiN5O/CgUqsSHwl+jnOXWzqH
IakxTbtLyxgdN/nLhph0rscTQAMcYIX8aRTbmYjoXJoOYdDL49I4CoMegM7sX8Qi
lhctMLFjl7y2Qo7ofowJzo4NQPCIjx7268J80k6mZcRCROTor/VERFwp72UxZ6o=
=Vv6C
-----END PGP SIGNATURE-----

More information about the squid-users mailing list