On 27/08/2016 12:10 a.m., LIJO C J wrote: > Hi, I have a resource representation in a REST service. The response > content is same for allusers. But the response should be accessed > only by authorizedInventoryAuditors. > > > > 1. How should be the response headers set to leveragecaching in > Squid (as a forward proxy)? > Squid obeys (modulo bugs) the rules set forth in: <https://tools.ietf.org/html/rfc7234#section-3> Responses are cached by Squid unless prohibited, or the caching freshness is impossible to calculate. If you want to guarantee cacheability of your responses send Last-Modified plus either Expires or Cache-Control:max-age=N. If those are not possible to send, then dont bother - just let Squid sort out what is possible to cache with the data you can provide about the response object. > 2. How Squid will validate that the requested useris an > authorized InventoryAuditor, while serving the response from cache? > Authorization and Authentication are orthoganal concepts to Caching. Squid uses HTTP authentication as specified in <https://tools.ietf.org/html/rfc7235> *if* you configure Squid to perform authentication *and* make use of it for authorization checks (ACL). To provide a cached response the client must be authorized to send HTTP requests to the proxy. The squid.conf http_access directive does HTTP request authorization checks. PS. I'm not sure what that code you finished up your questions with was supposed to mean. HTTP is a protool, Squid is a proxy - neither is a coding language. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
