Re: [squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

[Amos Jeffries]

On 9/12/20 11:14 am, L A Walsh wrote:

On 2020/12/06 12:14, Alex Rousskov wrote:

On 12/6/20 10:12 AM, L A Walsh wrote:

Since the early 4.x series and now, the cache control headers:


FTR: Since Squid-3.2




ignore-no-cache
ignore-must-revalidate
ignore-auth

...
 Thanks for the followup.  One of the main things I try to use
my proxy for is to cache semi-static content like fonts and scripts to 
minimize or eliminate requests for the same resources but from different

sites so owners of those resources may not be as easily able to track a
user as they move across the web.



In HTTP/1.1 and later the server is explicitly passed headers from the 
clients request to check whether the cached entry can be used. So 
forcing caching will not help with your requirement. Caching is purely a 
bandwidth saving and (usually) performance improving measure.


For tracking prevention you need to filter out the details (eg headers) 
which servers use for that tracking and fingerprinting.



Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

[L A Walsh]

On 2020/12/06 12:14, Alex Rousskov wrote:

On 12/6/20 10:12 AM, L A Walsh wrote:

Since the early 4.x series and now, the cache control headers:



ignore-no-cache
ignore-must-revalidate
ignore-auth

...
Thanks for the followup.  One of the main things I try to use
my proxy for is to cache semi-static content like fonts and scripts to 
minimize or eliminate requests for the same resources but from different

sites so owners of those resources may not be as easily able to track a
user as they move across the web.





___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

[Amos Jeffries]

On 7/12/20 9:14 am, Alex Rousskov wrote:

On 12/6/20 10:12 AM, L A Walsh wrote:

...

* ignore-no-cache

Squid v3.2 release notes imply that Squid does what most admins want
now, without any explicit option: "Its commonly desired behaviour is
obsoleted by correct HTTP/1.1 Cache-Control:no-cache handling." Commit
7ed5335 message details that claim:
https://github.com/squid-cache/squid/commit/7ed5335



More details on that change can also be found at 



Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

[Alex Rousskov]

On 12/6/20 10:12 AM, L A Walsh wrote:
> Since the early 4.x series and now, the cache control headers:

> ignore-no-cache
> ignore-must-revalidate
> ignore-auth

> have been "obsoleted".  Indicating something has replaced them and
> there's a new & better way to ignore those headers for
> static files (most often web-fonts, though some javascript files
> also fall into that category).


AFAICT, the options were _not_ removed because there are new/better
options to ignore the corresponding directives. I see how this can be
confusing in a classical "obsoletion" context. I will try to clarify:

* ignore-no-cache

Squid v3.2 release notes imply that Squid does what most admins want
now, without any explicit option: "Its commonly desired behaviour is
obsoleted by correct HTTP/1.1 Cache-Control:no-cache handling." Commit
7ed5335 message details that claim:
https://github.com/squid-cache/squid/commit/7ed5335


* ignore-must-revalidate

Squid v4 release notes claim that "Other more HTTP compliant directives
(cache, store_miss) can be used to prevent objects from caching". That
official statement mismatches the ignore-must-revalidate intent AFAICT:
The ignore-must-revalidate intent was to prevent revalidations rather
than prevent caching.

The corresponding commit message paints a rather different picture by
claiming that ignore-must-revalidate was broken -- it was actually
preventing caching rather preventing revalidation (and caused other
problems):
https://github.com/squid-cache/squid/commit/064679e

If you combine the two together, you may get something like "the option
was removed because it did not do what it promised to do, and what it
actually did can be accomplished with cache and store_miss".


* ignore-auth

Squid v4 release notes imply that Squid does what most admins want now,
without any explicit option: "Its commonly desired behaviour is
performed by default with correct HTTP/1.1 revalidation". More details
at https://github.com/squid-cache/squid/commit/d94cbaa


Please do not shoot the messenger -- I am just relaying and interpreting
the official information. If you have a specific use case that cannot be
addressed using the existing directives, please ask about that specific
use case, detailing what Squid receives and what you want Squid to do.


HTH,

Alex.
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users