[squid-users] adding cache_control = nocache to http request using squid transparent proxy

[Amos Jeffries]

On 27/07/22 07:52, muhanad wrote:
> Hello
> 
> I am trying to edit the header of http headers to set the cache_control 
> option to " no-cache" to prevent users from being able to cache the 
> contents

This will not do what you think it does.

The "no-cache" control actually *enables* caching by recipients. It just 
requires a quick revalidation check before the cached content is used.


> even if they are using any type of caching engines. the squid 
> proxy will work in a transparent mode. The traffic is originated from 
> one of our CDNs,

This does not make sense. Just publish the Squid machine IP in DNS 
instead of the CDN server IP. No need for interception.


> also the connection is direct between the clients and 
> the CDN servers, thus the proxy will work in transparent mode with IP 
> spoofing so the in the header the IP address is stays the IP address of 
> the client and  not the proxy server.

This may not do what you think it does. When traffic is arriving *from* 
Internet the source-IP indicates which route to deliver the response 
packets. You do not want the origin server(s) bypassing Squid on the TCP 
SYNACK packets - that will break all traffic.


> PS: We are an ISP company based in Iraq, Baghdad and we are trying to 
> prevent the clients from caching all HTTP data.
> 

Why? This is typically a very bad idea.

All it does is:
  * lower the amount of bandwidth available to your clients
    - given them a bad service/experience.
  * increase the traffic delays across your network
    - even worse service/experience.
  * encourage other ISP to erase the cache limitations on traffic from 
your servers even on traffic where it is correct
    - even worse service/experience.


Even if you are charging clients for bandwidth used. You want to be able 
to service *more* clients as quickly as possible, not scare them away 
with a bad service.


HTH
Amos