-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 20/12/2014 3:52 a.m., Veiko Kukk wrote: > Hi, > > I have been trying to understand, how does Squid determine > different clients, but it is not clear from the documentation. I > guess this does not depend entirely on IP address, right? Otherwise > all clients behind NAT would be considered as single client. It depends ... ... for Squids' network measurement mechanisms and client_db* do depend on IP address alone. ... security contexts like TLS/SSL or connection pinning depend on the TCP socket numbers in use. Other concepts of "client" such as authenticated user or end-user or remote software agent are not relevant to Squid beyond the ACLs you configure. > > Reason behind this is that I'd like to configure a forward proxy > for (mostly) binary files caching. All requests have Authorization > headers (API key) and come from single IP address (localhost, > python application, not generic web browser). *Caching* is not related to the client though. Whether an object can be cached depends solely on the request/reply message headers. see below... > > client <https> squid ssl_bump to see inside https <https> remote > cloud storage > > http://wiki.squid-cache.org/SquidFaq/InnerWorkings#What_are_private_and_public_keys.3F > > "Private objects are associated with only a single client whereas > a public object may be sent to multiple clients at the same time." > > I wonder if it would be possible to use Squid for effectively > cache larger objects locally with this type of configuration? > Some points: 0) the document above is referring to the internal hash keys Squid uses for indexing objects. Its describing the technical mechanism by which Squid remembders which object is which type. Not much relevance to your query as such. 1) Squid-3.2 and later are HTTP/1.1 compliant and able to cache authenticated replies (and many other types of client-specific objects) in accordance with the HTTP/1.1 rules for them. 2) client proxy-authorization credentials have no effect on cacheability. Only credentials in www-authorization header affect that, and only if the reply message does not make the object cacheable by providing certain cache-control settings. 4) "HTTP" and "HTTPS" are both the same HTTP protocol. The only difference is that one is inside a TLS channel. A lot of people seem to think its more secure somehow, but its not really. SSL-Bumped HTTPS requests are just as cacheable (or not) as they would be if intercepted on port 80. 5) Size of objects is related only to the size limits you configure into Squid. Default config is up to 4MB is cached to disks, up to 512KB to memory. Amos -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJUlEgwAAoJELJo5wb/XPRjCawH/1joPQ6E4bBAJglfiyT39JNO GFZZ21Oo2ew74gyz0K99fXlOXIpz1l9IupHgayHm+R7ezfMLWen3CGfWOK6QukC/ 7NpjdkqCDUxwhhJ70XeWdgrw1rMRXwBlMZUGkwrQ4mGTuBA7DsFjneEg6H9PmY7r zJLTb8NVbQAwzVRKmq9etJHpBbMN1QmZUYHLHV7uFIUirwpD58gfgvWBdPGFKTDF I5+RwmzDP0Lmri7dPGWJwYTUPVCdyJ848Fjhvj/gVLuaBwEjZI+CxuSANrRa8Rr5 tAQKDMY7Zp5MTO/sYOTEg8I4yavP2UCtXBh3SpT+AzBium5PlQdVIlc45yVlo5k= =Ik7x -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
