[squid-users] Shared Caching with Authorization
Amos Jeffries
squid3 at treenet.co.nz
Tue Aug 30 15:32:30 UTC 2016
On 27/08/2016 12:10 a.m., LIJO C J wrote:
> Hi, I have a resource representation in a REST service. The response
> content is same for allusers. But the response should be accessed
> only by authorizedInventoryAuditors.
>
>
>
> 1. How should be the response headers set to leveragecaching in
> Squid (as a forward proxy)?
>
Squid obeys (modulo bugs) the rules set forth in:
<https://tools.ietf.org/html/rfc7234#section-3>
Responses are cached by Squid unless prohibited, or the caching
freshness is impossible to calculate.
If you want to guarantee cacheability of your responses send
Last-Modified plus either Expires or Cache-Control:max-age=N.
If those are not possible to send, then dont bother - just let Squid
sort out what is possible to cache with the data you can provide about
the response object.
> 2. How Squid will validate that the requested useris an
> authorized InventoryAuditor, while serving the response from cache?
>
Authorization and Authentication are orthoganal concepts to Caching.
Squid uses HTTP authentication as specified in
<https://tools.ietf.org/html/rfc7235> *if* you configure Squid to
perform authentication *and* make use of it for authorization checks (ACL).
To provide a cached response the client must be authorized to send HTTP
requests to the proxy. The squid.conf http_access directive does HTTP
request authorization checks.
PS. I'm not sure what that code you finished up your questions with was
supposed to mean. HTTP is a protool, Squid is a proxy - neither is a
coding language.
Amos
More information about the squid-users
mailing list