[squid-users] Re: Question in adding banner for ads by squid ?!!
That is possible, although not with squid. I have a working solution for this one, in production in a free hotspot at an airport, for example. In case of interest, contact me. But this SW is NOT Open Source. -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Question-in-adding-banner-for-ads-by-squid-tp4664976p4664983.html Sent from the Squid - Users mailing list archive at Nabble.com.
[squid-users] ignore-auth when signature is passed as a query
Hi, I use ignore-auth for caching urls with signature and that works great. For some endpoints, signature is added as a query (which is otherwise an Authorization header). Is there a way to perhaps ignore-query? Currently, I see that replies are cached even when they have queries, however query is a part of the url and thereby a part of the key used for the object stored in cache. Due to this I don't get a cache hit for a subsequent GET request which has a different temporal signature. I understand why the default behavior is to do what it does and the implications of unauthorized access without signature verification. However, for my use case bypassing signature verification with squid cache is useful and appropriate. Please let me know if there is a workaround with which all query parameters can be ignore for caching purpose. Thanks, Rajiv
Re: [squid-users] ignore-auth when signature is passed as a query
On 23/02/2014 4:19 p.m., Rajiv Desai wrote: Hi, I use ignore-auth for caching urls with signature and that works great. For some endpoints, signature is added as a query (which is otherwise an Authorization header). Is there a way to perhaps ignore-query? Currently, I see that replies are cached even when they have queries, however query is a part of the url and thereby a part of the key used for the object stored in cache. Due to this I don't get a cache hit for a subsequent GET request which has a different temporal signature. Yes. These are different resources. At least that is what the URL says. One different set of content for each auth'd users account ... I understand why the default behavior is to do what it does and the implications of unauthorized access without signature verification. However, for my use case bypassing signature verification with squid cache is useful and appropriate. Please let me know if there is a workaround with which all query parameters can be ignore for caching purpose. In the latest Squid (3.4+) you can use a store-ID helper to de-duplicate the URLs by having it tell Squid to use a URL without those parameters as the cache key. However be VERY sure that this server is not changing any of the actual object content per-user. Oterwise you could have users cache-busting each others content and causing you even worse bandwidth waste than you have already. Amos
Re: [squid-users] What are the options for deny_info in this scenario?
On 22/02/2014 11:23 a.m., Eliezer Croitoru wrote: Hey, Using squid 3.3.11 added ncsa basic auth and and a corresponding deny_info to the acl which I assumed will redirect any login fail into the localhost deny page. On firefox I am getting auth fine with it but not deny_info page. In a case it should be like that then fine. The deny_info directive is towards the auth acl of the ncsa program\basic_auth. If needed more info I'm here. Eliezer Auth requires a 407 status. Redirect is a 30x status. With deny_info you can send a 407 status with custom template page to display OR, redirect to another URL (localhost?) using 30x. But not both in the same response message. NP: the new URL may do or require authentication itself, but that is not related to the deny_info action. Amos
