Chris Robertson wrote:
Tom Williams wrote:
Amos Jeffries wrote:
Tom Williams wrote:
I've got Squid 3.0-STABLE12 configured as a reverse proxy on RedHat
Enterprise Linux 5.
We have pages for logged-in users we DO NOT want cached and pages
for anonymous users (not logged into the site) that we do want cached.
We found this article which describes how to this:
http://www.howtoforge.com/how-to-set-up-a-caching-reverse-proxy-with-squid-2.6-on-debian-etch-p2
Section 5 entitled "Different Content For Different Users"
describes what we want to do.
Per that article, I've added these lines to my squid config file:
acl set_logged_in_user_cookie rep_header Set-Cookie LOGGED_IN=Y
cache deny set_logged_in_user_cookie
acl clear_logged_in_user_cookie rep_header Cookie LOGGED_IN=Y
cache deny clear_logged_in_user_cookie
acl logged_in_user_cookie req_header Cookie LOGGED_IN=Y
cache deny logged_in_user_cookie
During testing, I see a bunch of messages like this in my cache.log
file:
2009/01/22 23:52:35| ACL::checklistMatches WARNING:
'set_logged_in_user_cookie' ACL is used but there is no HTTP reply
-- not matching.
2009/01/22 23:52:35| ACL::checklistMatches WARNING:
'clear_logged_in_user_cookie' ACL is used but there is no HTTP
reply -- not matching.
What do these warning messages mean? Does this mean Squid didn't
see a HTTP header with "Set-Cookie LOGGED_IN=Y"?
Peace...
Tom
Squid checks to see whether something is allowed to be cached at the
time it is requested. Not when the reply is already coming back.
Seems daft yes, but thats the way its currently done.
Which means until someone gets time or money to clean that up, you
can only use request or connection information in the cache ACLs.
Amos
Ok. If I'm understanding your correctly, the above acls won't work
because they are looking for a HTTP header that won't exist?
Close. You are using rep_header, when you need to use req_header.
Also any match for "cache deny" will remove the data from the cache.
You might be better off seeing if you can add something to the URL of
logged in users (a GET query term, or an added directory that gets
mapped out on the back end) so you can use refresh_patterns. Even
better, of course is using Cache-Control headers so other web caches
know what data to cache, and what not to...
Thanks for the info! I believe the "LOGGED_IN=Y" is what we're trying
to key off of but your mentioning adding something to the URL raises
another issue we're having and that I'll save for another thread. :)
I'll look into refresh_patterns as well.
What do "rep_header" and "req_header" actually do? The squid.conf file
just says they do regular expression matching and that's about it.
We're also working out Cache-Control headers. :)
Thanks!
Peace...
Tom
