Ahh, now it gets intersting. There are mechanisms to assure the currency of normal HTTP authorization fields (Cache-Control: public, must-revalidate), but not in proxy chains. Unless you force closest proxy to revalidate every request with it's parent, there's nothing in the protocol to stop a fresh object from being served without Proxy-Authorization. I must stress that this is ONLY for fresh objects; revalidation will force a Proxy-Authenticate response header to be issued, and passed to the client. This stuff is fairly implementation-specific, and I haven't done much testing of it (with squid). I have talked to a lot of the commercial vendors about it, and everyone has a slightly different answer about how they want to handle this situation. Anybody else? > -----Original Message----- > From: Williams Jon [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 12, 1999 12:22 AM > To: [EMAIL PROTECTED] > Subject: RE: Small question about the caching of password protected > pages > > > How about Proxy Authentication? For example, if I have three proxies > chained together and the middle one is doing authentication, > will the proxy > closest to the user serve up documents in its cache to an > unauthenticated > user, or will it not cache anything and pass all requests up > to the middle? > > Jon > > > -----Original Message----- > > From: Nottingham, Mark (Australia) > > [SMTP:[EMAIL PROTECTED]] > > Sent: Wednesday, February 10, 1999 7:15 PM > > To: 'Simon Austin'; [EMAIL PROTECTED] > > Subject: RE: Small question about the caching of > password protected > > pages > > > > I've done extensive testing with recent versions of Squid, > and can say > > authoritatively that they do not cache pages with HTTP > authentication. > > > > If you can reproduce the behavior in a 'clean' environment > (you see the > > activity, you can confirm that the browser hasn't > previously requested the > > objects in the same session, you can confirm that the > objects don't have > > the > > headers mentioned), you might be on to something; it would > be interesting > > to > > find out what version of Squid were being used, as well as > if there were > > any > > other proxies in the path (the Squid might be using another > proxy as a > > parent). > > > > Otherwise, I'd tend to think it was just a > misperception/false report by > > the > > user; they aren't generally reliable, doubly so with salespeople ;-) > > > > If you can give me the URL of the site and a test user/pass > pair, I'll be > > happy to test it with a few different caches... > > >
RE: Small question about the caching of password protected pages
Nottingham, Mark (Australia) Thu, 11 Feb 1999 18:57:32 -0500
- Small question about the caching of password ... Simon Austin
- Re: Small question about the caching of ... Robert Olsson
- RE: Small question about the caching of ... Nottingham, Mark (Australia)
- RE: Small question about the caching... Simon Austin
- RE: Small question about the caching of ... Nottingham, Mark (Australia)
- RE: Small question about the caching of ... Williams Jon
- Re: Proxy authentication and caching Henrik Nordstrom
- Nottingham, Mark (Australia)
