As the subject says I am looking at what is necessary to implement a
"private cache" mode for Squid.
Goal:
removing ignore-private option from refresh_pattern. It is completely
unsafe in shared-cache traffic and real private caches should not need
to specify it on every refresh_pattern line.
Background:
HTTP splits the caching rules into shared cache and private cache.
The intention here is that shared cache rules are followed by middleware
proxies and private cache rules are followed by Browsers and other UA
caches.
However, in the last few years as end-users grow a number of devices
and HTTP-enabled softwares all related to just themselves they have
grown the need for a middleware proxy such as Squid to aggregate all of
*that users* traffic through one gateway cache.
My previous thoughts around this have all revolved around the idea of
adding the clients IP address to the cache key when private proxy mode
is enabled. This has a major issue though in that it does not solve
anything for users with multiple devices (and thus multiple IPs) or even
devices using IPv4/IPv6 interchangeably (and thus multiple IPs even for
localhost traffic).
The obvious alternative is a ON/OFF directive line offline_mode. But
this is somewhat dangerous and it is likely that shared-cache admin will
use it wrongly. I would _really_ like to avoid its existence if at all
possible.
Does anyone have any ideas about what directions would be good to
proceed for this project?
Amos
- [RFC] Automating "private cache" mode in Squid Amos Jeffries
-
