[squid-users] Question: Force the caching of 302 responses without Expires header and with Strict-Transport-Security max-age header?
Andrei Pozolotin
andrei.pozolotin at gmail.com
Fri Jan 3 18:14:29 UTC 2020
Hello.
1. this question was asked before, but not yet resolved:
http://www.squid-cache.org/mail-archive/squid-users/200701/0000.html
2. use case:
the following url goes though double redirect, both times not providing
"Expires:" header,
which results in repeated TCP_MISS/302 entries in the squid logs:
2020-Jan-03 17:45:14 125 192.168.1.106 TCP_MISS/302 565 GET
https://archive.archlinux.org/repos/2020/01/01/community/os/x86_64/python-wheel-0.33.6-3-any.pkg.tar.xz
- HIER_DIRECT/88.198.91.70 text/html
2020-Jan-03 17:45:14 82 192.168.1.106 TCP_MISS/302 461 GET
https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz
- HIER_DIRECT/207.241.224.2 text/html
2020-Jan-03 17:45:14 215 192.168.1.106 NONE/200 0 CONNECT
ia803100.us.archive.org:443 - HIER_DIRECT/207.241.232.150 -
2020-Jan-03 17:45:14 1 192.168.1.106 TCP_HIT/200 38605 GET
https://ia803100.us.archive.org/6/items/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz
- HIER_NONE/- application/octet-stream
3. here are response details via curl:
a)
curl --head
https://archive.archlinux.org/repos/2020/01/01/community/os/x86_64/python-wheel-0.33.6-3-any.pkg.tar.xz
HTTP/2 302
server: nginx/1.16.1
date: Fri, 03 Jan 2020 17:56:14 GMT
content-type: text/html
content-length: 145
location:
https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz
strict-transport-security: max-age=31536000; includeSubdomains; preload
b)
curl --head
https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz
HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 03 Jan 2020 17:56:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Accept-Ranges: bytes
Location:
https://ia803100.us.archive.org/6/items/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz
Strict-Transport-Security: max-age=15724800
4. it seems that Strict-Transport-Security: max-age header is ignored
here by squid
5. any attempt to use any of the refresh_pattern options also has no
effect:
http://www.squid-cache.org/Doc/config/refresh_pattern/
6. full squid.conf is posted here:
https://github.com/random-python/nspawn/blob/master/src/main/nspawn/app/hatcher/service/image-proxy/etc/squid/squid.conf
Question: how can one force the caching of 302 responses
without the Expires header and with Strict-Transport-Security max-age
header?
Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200103/b4e2f359/attachment-0001.html>
More information about the squid-users
mailing list