The negative_ttl directive is continuously causing problems. What it
does is DoS all clients of a proxy when one of them has a URL problem.
In modern websites which can present per-client error responses targeted
at an individual client this can be a major problem.
I propose dropping the directive entirely and following HTTP RFC
guidelines about cacheability of 4xx-5xx responses.
The one case I can think of it actually being useful is to prevent DDoS
against a reverse-proxy. However, due to DDoS usually varying the URL
anyway this is an extremely weak protection.
Can anyone present any actually useful reason to keep it despite the
problems it presents?
Amos
- [RFC] remove negative_ttl directive ? Amos Jeffries
-
