The problem was due to the IIS header default directive (Thanks Amos) The max-age had a default value of 259200 seconds. The must-revalidate directive enforce a cache refresh / recheck according to some other directives (e.g. max-age). I set max-age to be 1 second. Now the SQUID checks whether the cache content needs to be updated by asking the IIS. In order to get any response back from the IIS the request has to pass the IIS authentication. After authenticating SQUID serve the request from the cache since my data never change so the cache is always up to date. -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Thursday, January 24, 2008 22:56 PM To: Tomer Brand Cc: Amos Jeffries; squid-users@xxxxxxxxxxxxxxx Subject: RE: Cache authenticated data > Amos thank you for the help. > > I set the following: > authenticate_ttl 0 seconds > authenticate_ip_ttl 3 seconds > > Delete SQUID cache folder and run squid -z > > The first request needs to be authenticate. > The second request was from a different computer with a different IP 15 > minutes after the first request and no authentication was required. > > Any thoughts? Really weird. What are the exact headers the serevr is giving squid? Amos > > -----Original Message----- > From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] > Sent: Thursday, January 24, 2008 10:47 AM > To: Tomer Brand > Cc: squid-users@xxxxxxxxxxxxxxx > Subject: Re: Cache authenticated data > > Tomer Brand wrote: >> Hi, >> >> I am trying to use SQUID to cache IIS data. >> The IIS is configured to use basic authentication. I set the response > header with: >> Cache Control -> public, must-revalidate >> And then changed it to: >> Cache Control -> public, no-cache >> >> My SQUID cache_peer is: >> cache_peer images.test.com parent 8050 0 originserver default > login=PASS >> >> I run into two issues: >> 1. Only the first request is asked to authenticate, the second one > simply get the data. >> 2. I don't see any new data in the cache directory. >> >> What am I missing? > > no-cache == no don't save AKA new data in cache dir. > must-revalidate == always check for new, even if old gets sent. > > Check your authenticate_ttl and authenticate_ip_ttl values are short > enough for your testing. > > > Amos > -- > Please use Squid 2.6STABLE17+ or 3.0STABLE1+ > There are serious security advisories out on all earlier releases. >