On 03/10/17 06:44, Hector Chan wrote:
I have a question about caching URLs with an auth token embedded in the
URL parameter. For example:
https://www.example.com/path/page?token=xxx135ynjy93tqi
The page can be uniquely identified without the URL parameters. It
appears squid is using the full URL, including the URL parameters, as
the cache key. Thus, causing the HIT rate to plummet. Is there any way
I can tell squid to disregard the URL parameters when storing to or
serving from cache? I know the store_id_program can do that, but is
there any other way?
No there is not. Any change to any part of the URL means it is a
different cache object. Store-ID is the way to de-duplicate identical
objects caused by this type of broken URL.
PS. the token above is neither private nor secure. If you have any
influence or contact with the devs of the software doing that please
encourage them to use real authentication. It looks like OAuth2 Bearer
is what that system needs to use.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
