Chris thank you for the info. In your previous mail you mention two things: 1. http_access allow all -> This is a temp configuration. Once I will have all I need up and running I will start to limit the access. 2. maximum_object_size & Cache-peer size -> I have notice this when I downloaded a 1GB file and change the cache peer size. Indeed it's a bit funny. As for the HTTP headers. I added to my back-end server the following: Cache-control: public, must-revalidate, max-age=1 Public -> To enable caching of the data Must-revalidate -> To force SQUID recheck with the back-end server. By doing so the request will have to be authenticate otherwise the back-end server returns Unauthorized http status code Max-age=1 -> My back-end server is IIS, by default it return max-age=259200. The must-revalidate enforce the validation check of the data after the max-age expired. My problem is that without the max-age directive SQUID won't force the authentication against the back-end server after the first request of the data and with that directive SQUID never uses the cache and always download the data. This is true only for SSL, under simple HTTP requests it works as expected. Any ideas? -----Original Message----- From: Chris Robertson [mailto:crobertson@xxxxxxx] Sent: Thursday, February 14, 2008 03:43 AM To: squid-users@xxxxxxxxxxxxxxx Subject: Re: squid ver 3 ssl cache proxy Tomer Brand wrote: > I have notice that the SSL cache doesn't work only if the back end > server requires authentication to serve the data. > Can anyone please tell me if what I am trying to is supported by squid? > > Thank you. > Well, usually a request that requires authentication has an HTTP response header of "Cache-Control: private". See if you can get your back end server to change that to a "Cache-Control: must revalidate" which will still require authentication to download the object, but will allow downloading it from the cache upon successful authentication. Chris
