
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>

<p>Hello.</p>

<p><br /></p>

<p>1. this question was asked before, but not yet resolved:</p>

<p><a href="http://www.squid-cache.org/mail-archive/squid-users/200701/0000.html">http://www.squid-cache.org/mail-archive/squid-users/200701/0000.html</a></p>

<p><br /></p>

<p>2. use case:</p>

<p>the following url goes though double redirect, both times not providing "Expires:" header,</p>

<p>which results in repeated TCP_MISS/302 entries in the squid logs:</p>

<p><span>2020-Jan-03 17:45:14    125 192.168.1.106 TCP_MISS/302 565 GET https://archive.archlinux.org/repos/2020/01/01/community/os/x86_64/python-wheel-0.33.6-3-any.pkg.tar.xz - HIER_DIRECT/88.198.91.70 text/html                                   <br /></span></p>

<p><span>2020-Jan-03 17:45:14     82 192.168.1.106 TCP_MISS/302 461 GET https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz - HIER_DIRECT/207.241.224.2 text/html                                             <br /></span></p>

<p><span>2020-Jan-03 17:45:14    215 192.168.1.106 NONE/200 0 CONNECT ia803100.us.archive.org:443 - HIER_DIRECT/207.241.232.150 -   <br /></span></p>

<p><span>2020-Jan-03 17:45:14      1 192.168.1.106 TCP_HIT/200 38605 GET https://ia803100.us.archive.org/6/items/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz - HIER_NONE/- application/octet-stream                               <br /></span></p>

<p><br /></p>

<p><span>3. here are response details via curl:</span></p>

<p><span>a)</span></p>

<p><span>curl --head https://archive.archlinux.org/repos/2020/01/01/community/os/x86_64/python-wheel-0.33.6-3-any.pkg.tar.xz<br /> </span></p>

<p><span>HTTP/2 302  <br />server: nginx/1.16.1 <br />date: Fri, 03 Jan 2020 17:56:14 GMT <br />content-type: text/html <br />content-length: 145 <br />location: https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz <br />strict-transport-security: max-age=31536000; includeSubdomains; preload <br /><br /> b)</span></p>

<p><span>curl --head https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz<br /> <br /></span></p>

<p><span>HTTP/1.1 302 Found <br />Server: nginx/1.14.0 (Ubuntu) <br />Date: Fri, 03 Jan 2020 17:56:42 GMT <br />Content-Type: text/html; charset=UTF-8 <br />Connection: keep-alive <br />Accept-Ranges: bytes <br />Location: https://ia803100.us.archive.org/6/items/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz <br />Strict-Transport-Security: max-age=15724800<br /> <br /></span></p>

<p><span>4. it seems that Strict-Transport-Security: max-age header is ignored here by squid </span></p>

<p><br /></p>

<p><span>5. any attempt to use any of the refresh_pattern options also has no effect:</span></p>

<p><span><a href="http://www.squid-cache.org/Doc/config/refresh_pattern/">http://www.squid-cache.org/Doc/config/refresh_pattern/</a></span></p>

<p><br /></p>

<p><span>6. full squid.conf is posted here:</span></p>

<p><span><a href="https://github.com/random-python/nspawn/blob/master/src/main/nspawn/app/hatcher/service/image-proxy/etc/squid/squid.conf">https://github.com/random-python/nspawn/blob/master/src/main/nspawn/app/hatcher/service/image-proxy/etc/squid/squid.conf</a></span></p>

<p><br /></p>

<p><span>Question: how can one force the caching of 302 responses </span></p>

<p><span>without the Expires header </span><span>and with Strict-Transport-Security max-age header?</span></p>

<p><br /></p>

<p><span>Thank you.</span></p>

<p><br /></p>

</body></html>