On 1/01/25 21:21, Robin Wood wrote:
I'm going to massively over simplify things here, but you can think of
it like this.
Files with html extensions are static web pages, you write them, put
them on the server, and they are served as they are, no changes.
Asp and the others are dynamic files, they are processed by an app on
the server before they are sent to the client. This app may do nothing,
so the page comes as it was, but usually it will add content. This
content could be to create a CMS page by pulling the page content from a
database, it could be your shopping orders pulled from your account, or
it could be your current bank statement.
Caching should never be done on anything that is specific to a single
user, so it's fine to cache public CMS content with an asp extension,
but not your bank statement.
There is more to it than that, but hopefully that gives you a general idea.
That is mostly correct for simple HTTP/1.0-like behaviour.
With HTTP/1.1 and later things are a little different. The biggest
change is that URL no longer matters. The Content-Typereplaces "fiel
extension" entirely, and Cache-Control headers take over the job of
defining how and when something can be cached.
For Squid, the refresh_pattern directive is what provides compatibility
with HTTP 1.0 behaviour. It provides values for any Cache-Control
settings the server omitted (eg for servers acting like HTTP/1.0 still).
The default "refresh_pattern -i (/cgi-bin/|\?) 0 0% 0" configuration
line tells Squid the values which will perform HTTP/1.0 caching
behaviour for any of the dynamic content coming out of broken or old
cgi-bin services or anythign with query-string ('?...') URL.
Jonathan: if you have not changed the refresh_pattern's you do not have
to care specifically about dynamic-vs-static content caching. Whether it
is plain-text HTTP(S) or SSL-Bump'ed HTTPS, it **should** all cache
properly for its server-claimed needs.
Your "cache deny" policy in squid.conf is telling Squid **never** to
cache any URL containing the ACL-matching strings. Even if they could be
cached safely.
HTH
Amos
Robin
On Tue, 31 Dec 2024, 23:07 Jonathan Lee wrote:
Thanks I have to admit I am a student currently,
I guess my last question is what do cgi-bin asp aspx asp files do
inside of websites? The reason I ask this is the rule below I have
seen the same rule on different websites so it must be the main ones
that cause issues. Is it just for dynamic content?
...
acl QUERY urlpath_regex cgi-bin \? asp aspx jsp
This rule applies based on a string-match of the URL. It does not matter
whether the content is "dynamic" or not. Nor does it matter what the
server indicates about caching of the response for any matched URL.
## Prevent caching jsp, cgi-bin etc
cache deny QUERY
Ref:
Setting up Explicit Squid Proxy <https://
wiki.alpinelinux.org/wiki/Setting_up_Explicit_Squid_Proxy>
wiki.alpinelinux.org>
Looking at that tutorial I see some major issues.
1) the "basic configuration" is very different from the official
squid.conf (see
<https://wiki.squid-cache.org/Releases/Squid-5#squid-5-default-config>,
same applies for v6)
2) the SSL-Bump example configuration disables **all** security
features of TLS and makes it extremely difficult to even detect
hijacking of the proxy.
Basically this is a tutorial of how to setup an open-proxy that
allows malware to abuse your network as a base of operations.
While the official Squid wiki page on SSL-Bump peek and splice has not
been updated in a while it is still **much** better to follow than this
one. At least for that particular section of details.
see <https://wiki.squid-cache.org/Features/SslPeekAndSplice>
(I hope someone in the Alpine community can fix the above issues ASAP.)
Amos
<favicon.png>
<https://wiki.alpinelinux.org/wiki/
Setting_up_Explicit_Squid_Proxy>
<https://wiki.alpinelinux.org/wiki/
Setting_up_Explicit_Squid_Proxy>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx <mailto:squid-
users@xxxxxxxxxxxxxxxxxxxxx>
https://lists.squid-cache.org/listinfo/squid-users <https://
lists.squid-cache.org/listinfo/squid-users>
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
