[
https://issues.apache.org/jira/browse/TS-2972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081000#comment-14081000
]
Leif Hedstrom commented on TS-2972:
-----------------------------------
So, it seems running it in TS_HTTP_CACHE_LOOKUP_COMPLETE_HOOK makes things
peachy. I was going to make this optional (which would make it possible to
behave as it does today), but got some negative feedback on that. Does anyone
have concerns about changing this plugin such that it always does the "auth
proxy" phase (external request), even on cache hits?
> authproxy: Investigate if we can run this (configurable) in a different hook
> ----------------------------------------------------------------------------
>
> Key: TS-2972
> URL: https://issues.apache.org/jira/browse/TS-2972
> Project: Traffic Server
> Issue Type: Improvement
> Components: Plugins
> Reporter: Leif Hedstrom
> Assignee: Leif Hedstrom
> Fix For: 5.1.0
>
>
> The issue is that without a (global) configuration to force us to go through
> the DNS hook on cache hits, we can not use authproxy to protect on cache hits
> (the plugin is bypassed).
> The setting is proxy.config.http.doc_in_cache_skip_dns, and it was added for
> a very valid reason: If the entry in HostDB is stale, we can not serve out of
> cache while it's doing the DNS lookup. This blocks all requests on that URL
> until DNS has finished, which in some cases can take a long time (we had a
> problem where some 3rd party DNS vendor could take up to 1s to resolve).
> My idea / hope is to make authproxy support running in a different hook, such
> that it always can get called. However, the wrinkle is that this is also a
> remap plugin, so whatever hook we pick, it has to happen after remap.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
