[squid-users] icap result caching in squid

Darren Breeze darren at ksn-systems.com
Thu Dec 5 18:17:57 UTC 2019 

Hi Amos

I have done some digging into your suggestion, and it looks like a better way to go for what I need to do.

> Also, are you aware that current Squid versions can generate redirects
> (custom headers included) based on output from an external_acl_type helper?
>  A helper to lookup your permissions system plus a few extra squid.conf
> settings would be a lot simpler in terms of traffic processing and
> bandwidth consumption than sending everything through an external ICAP
> service.

Are you able to point me in the direction of some sample config fragments that show how this can be done please.

I am guessing that I would need to return some custom keyword / value pairs from the external_acl and set other acls based on the values.

What I am aiming at is to selectively bump or redirect (or both) based on the client status and the site being requested.

Thanks again.

Darren B.



On Wed, Dec 4, 2019, at 6:26 PM, Amos Jeffries wrote:
> On 4/12/19 6:05 am, Darren Breeze wrote:
> > Hi Amos
> > 
> > The Icap service is doing redirects based on client permissions (that may change). What I am doing is just setting the Expires value in the RESP_MOD response when I return a 307 redirect so I can control how long the caches (both Squid and the browser) hang on to it.
> > 
> 
> In that case you should be using Cache-Control:max-age=NN instead where
> the NN being your desired TTL in seconds. This is a *lot* simpler and
> faster to deliver than calculating the timestamps needed for valid
> Expires header.
> 
> Also, are you aware that current Squid versions can generate redirects
> (custom headers included) based on output from an external_acl_type helper?
>  A helper to lookup your permissions system plus a few extra squid.conf
> settings would be a lot simpler in terms of traffic processing and
> bandwidth consumption than sending everything through an external ICAP
> service.
> 
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited.

More information about the squid-users mailing list