[squid-users] Shared Caching with Authorization

Amos Jeffries squid3 at treenet.co.nz
Tue Aug 30 15:32:30 UTC 2016


On 27/08/2016 12:10 a.m., LIJO C J wrote:
> Hi, I have a resource representation in a REST service.  The response
> content  is same for allusers. But the response should be accessed
> only by authorizedInventoryAuditors.
> 
> 
> 
> 1.      How should be the response headers set to leveragecaching in
> Squid (as a forward proxy)?
> 

Squid obeys (modulo bugs) the rules set forth in:
 <https://tools.ietf.org/html/rfc7234#section-3>

Responses are cached by Squid unless prohibited, or the caching
freshness is impossible to calculate.

If you want to guarantee cacheability of your responses send
Last-Modified plus either Expires or Cache-Control:max-age=N.

If those are not possible to send, then dont bother - just let Squid
sort out what is possible to cache with the data you can provide about
the response object.



> 2.      How Squid will validate that the requested useris an
> authorized InventoryAuditor, while serving the response from cache?
> 

Authorization and Authentication are orthoganal concepts to Caching.

Squid uses HTTP authentication as specified in
<https://tools.ietf.org/html/rfc7235> *if* you configure Squid to
perform authentication *and* make use of it for authorization checks (ACL).

To provide a cached response the client must be authorized to send HTTP
requests to the proxy. The squid.conf http_access directive does HTTP
request authorization checks.


PS. I'm not sure what that code you finished up your questions with was
supposed to mean. HTTP is a protool, Squid is a proxy - neither is a
coding language.

Amos



More information about the squid-users mailing list