Hi Amos - I'm running squid 2.7 STABLE8. WRT negative_ttl, I see this comment in squid.conf: # negative_ttl=n # TTL for cached negative lookups (default same # as ttl) but don't see any uncommented entries specifying negative_ttl. Are you saying that the problem I'm seeing could be caused by an "internal" negative_ttl setting? If so, is there a workaround? Or should I install a different version of squid? Thanks for your help. - Dave |------------> | From: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Amos Jeffries <squid3@xxxxxxxxxxxxx> | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | To: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |squid-users@xxxxxxxxxxxxxxx | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Date: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |12/02/2010 08:42 PM | >--------------------------------------------------------------------------------------------------------------------------------------------------| |------------> | Subject: | |------------> >--------------------------------------------------------------------------------------------------------------------------------------------------| |Re: why is 403 cached? | >--------------------------------------------------------------------------------------------------------------------------------------------------| On 03/12/10 07:44, David Q Levitt wrote: > > I am running some tests to see how squid handles a 403 status. The > problem is that squid seems to be caching the 403 (despite 'Cache-Control: > no-cache, no-store, must-revalidate'), so that even if subsequent responses > from the origin server (for the same request) contain a 304 I still get the > 403! By "squid" what version do you mean? All the current releases have different levels of HTTP compliance as we rolled HTTP/1.1 in. The older releases shipped with negative_ttl wrongly set to a non-zero value. The newer ones have it at zero and will obey the headers. To compound that problem there are still a lot of old installs and tutorials floating around which tell people to set it as non-zero. > > I have a PHP script and am using Poster to submit GET requests to it (to > simulate an XHR and eliminate the browser as a source of confusion). I'm > using max-age=0. in order to force the request to be submitted to the > origin server each time. > > The first time I submit the request: > http://localhost:80/GetandPost3.php?thename=Fred&theage=11 > the PHP script looks like this: > <?php > $eTag = 'mmm3'; > $cc = 'max-age=0'; > header('Cache-Control: '.$cc); > header('Etag: '.$eTag); > ?> > <html> > The name is<?php echo $_GET["thename"]; ?>. > The age is<?php echo $_GET["theage"]; ?>. > </html> > > The response is as expected (with a 200 status). > > Now I change the PHP script to the following and submit the same request > again: > <?php > $eTag = 'mmm3'; > > header('HTTP/1.1 403 Not Authorized'); > header('Cache-Control: no-cache, no-store, must-revalidate'); > header('Etag: '.$eTag); > ?> > <html> > The request is NOT AUTHORIZED > </html> > > :Again, the response is as expected: 403 Not Authorized. > > Now I change the PHP script to return a 304 and submit the same request > again: > <?php > $eTag = 'mmm3'; > $cc = 'max-age=0'; > > header('HTTP/1.1 304 Not Modified'); > header('Cache-Control: '.$cc); > header('Etag: '.$eTag); > ?> > > This time I expect to see the same response as for request #1, but instead > I am still getting a 403! > > Why is squid caching the 403 entry despite header('Cache-Control: no-cache, > no-store, must-revalidate'); ??? (I tried removing the Etag header in the > 2nd test but still get the same results). > Check the actual HTTP headers that are coming out of the web server running the script. A Date: header is required. Always. You should also be sending a Last-Modified header where possible. Set to the filemtime() of the newest script or included file in HTTP date format. (if content is pulled from elsewhere, for example a database, this gets much more tricky). Amos -- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.9 Beta testers wanted for 3.2.0.3
