Search squid archive

Re: Question: Force the caching of 302 responses without Expires header and with Strict-Transport-Security max-age header?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1/3/20 11:14, Andrei Pozolotin wrote:

3. here are response details via curl:

a)
curl --head https://archive.archlinux.org/repos/2020/01/01/community/os/x86_64/python-wheel-0.33.6-3-any.pkg.tar.xz 

HTTP/2 302
server: nginx/1.16.1
date: Fri, 03 Jan 2020 17:56:14 GMT
content-type: text/html
content-length: 145
location: https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz 
strict-transport-security: max-age=31536000; includeSubdomains; preload

b)
curl --head https://archive.org/download/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz 

HTTP/1.1 302 Found
Server: nginx/1.14.0 (Ubuntu)
Date: Fri, 03 Jan 2020 17:56:42 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Accept-Ranges: bytes
Location: https://ia803100.us.archive.org/6/items/archlinux_pkg_python-wheel/python-wheel-0.33.6-3-any.pkg.tar.xz 
Strict-Transport-Security: max-age=15724800
4. it seems that Strict-Transport-Security: max-age header is ignored here by squid
Correct. Squid does not know anything about the Strict-Transport-Security header. The header is treated like an extension header (i.e. it is usually forwarded without interpreting its value). 



5. any attempt to use any of the refresh_pattern options also has no effect:

http://www.squid-cache.org/Doc/config/refresh_pattern/
Yes, the decision to avoid caching of 302 responses without Expires is hard-coded. It is made before refresh_pattern is consulted AFAICT. 



Question: how can one force the caching of 302 responses
without the Expires header and with Strict-Transport-Security max-age header?
You can modify Squid to handle Strict-Transport-Security specially or you can write an ICAP or eCAP service that would add a "more standard" Cache-Control:max-age header to the response (with even more work, it would be possible to drop the added response header before it leaves Squid). 


HTH,

Alex.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux