On Sun, 12 Dec 2004, R. Scott Perry wrote:
I have a website that is currently being attacked by malware that is hiding behind over 10,000 web proxies, many of which are using Squid.
Yuck.
However, the malware that is generating these hits is sending a "Cache-Control: no-cache, max-age=..." HTTP header. This header is causing Squid not to use the cached objects, but instead connect to the website again.
Yes, as mandated by the HTTP specifications shared caches MUST NOT use cached content without first revalidating with the origin server is the request contains any of the above..
My question is whether or not there is anything that I can do from the web server to force Squid to return the cached objects, regardless of what the client does?
Nope. HTTP does not allow this.
I'm guessing that neither a "Content-Location" HTTP header or a "301 Moved Permanently" HTTP response from the web server will override a "no-cache" from the client.
Correct. Redirect responses is just HTTP responses and cached like any other. Same rules on when cached content may be used applies, only the type of content cached differs.
Regards Henrik
