On 5/01/20 7:24 am, Andrei Pozolotin wrote: > Amos, hello: > > On 2020-01-04 05:14, Amos Jeffries wrote: >> Expires header is an HTTP/1.0 protocol feature. Its absence has no >> meaning. >> The 302 response is explicitly defined in HTTP as a *temporary* object >> which can change at any time. The *presence* of Cache-Control:max-age or >> Expires set a minimum time the response is guaranteed not to change. > > 1. perhaps an argument could be made that these are semantically identical: > * Cache-Control: max-age=<expire-time> > * Strict-Transport-Security: max-age=<expire-time> > They are not. One relates to hop-by-hop message storage. The other relates to end-to-end connection setup. > 2. and therefore "Strict-Transport-Security" should be handled > by squid "Cache-Control" related features such as refresh_pattern > http://www.squid-cache.org/Doc/config/refresh_pattern/ > As Alex said Squid does nothing with Strict-Transport-Security headers. They are for the client UA software, irrelevant to middleware like Squid. >> Since your use-case is a software archive mirrors you should investigate >> whether the objects stored there are truly identical. If they are, the >> Store-ID feature can be used to de-duplicate the URLs the 302 are >> pointing at so *they* are cached efficiently. >> <https://wiki.squid-cache.org/Features/StoreID> > > 3. thank you for the StoreID idea > > 4. I have already implemented it: > https://github.com/random-python/nspawn/tree/master/src/main/nspawn/app/hatcher/service/image-proxy/etc/squid > > > 5. it does improve performance, however two preceding TCP_MISS/302 hits > for every archive url hit, do provide major contribution to the overall > response delay (Warning: I have not tested this idea yet, if it does not work it can break the downloads completely. Treat with extreme care). You may be able to improve that a little by adding the original 302 URL to the Store-ID map. However you MUST then add a store_miss rule to prevent those URLs being stored in the cache. The idea being that one one of the real download objects is stored Squid use it as a substitute for the 302. But the 302 payload can never be used as a substitute for the real object. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
