On 4/12/19 6:05 am, Darren Breeze wrote: > Hi Amos > > The Icap service is doing redirects based on client permissions (that may change). What I am doing is just setting the Expires value in the RESP_MOD response when I return a 307 redirect so I can control how long the caches (both Squid and the browser) hang on to it. > In that case you should be using Cache-Control:max-age=NN instead where the NN being your desired TTL in seconds. This is a *lot* simpler and faster to deliver than calculating the timestamps needed for valid Expires header. Also, are you aware that current Squid versions can generate redirects (custom headers included) based on output from an external_acl_type helper? A helper to lookup your permissions system plus a few extra squid.conf settings would be a lot simpler in terms of traffic processing and bandwidth consumption than sending everything through an external ICAP service. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users