[squid-users] Question: Force the caching of 302 responses without Expires header and with Strict-Transport-Security max-age header?

Amos Jeffries squid3 at treenet.co.nz
Sat Jan 4 11:14:55 UTC 2020

On 4/01/20 11:49 pm, Andrei Pozolotin wrote:
> Alex:
> On 2020-01-03 14:19, Alex Rousskov wrote:
>>> Question: how can one force the caching of 302 responses
>>> without the Expires header and with Strict-Transport-Security max-age
>>> header?
>> You can modify Squid to handle Strict-Transport-Security specially or
>> you can write an ICAP or eCAP service that would add a "more standard"
>> Cache-Control:max-age header to the response (with even more work, it
>> would be possible to drop the added response header before it leaves
>> Squid).
> 1. thank you for your suggestions
> 2. just to confirm I got this right:
> there is no way to use any current squid configuration options
> or any existing squid plugins to cache 302 responses without Expires
> header,
> instead must write some brand new code, correct?

Expires header is an HTTP/1.0 protocol feature. Its absence has no meaning.

The 302 response is explicitly defined in HTTP as a *temporary* object
which can change at any time. The *presence* of Cache-Control:max-age or
Expires set a minimum time the response is guaranteed not to change.

Since your use-case is a software archive mirrors you should investigate
whether the objects stored there are truly identical. If they are, the
Store-ID feature can be used to de-duplicate the URLs the 302 are
pointing at so *they* are cached efficiently.


More information about the squid-users mailing list