Am 04.02.2016 um 20:15 schrieb Muhammad Faisal:
*Hi James,*
I'm sorry I couldn't get. I have set
"proxy.config.http.cache.required_header" to 0 so that everything get
cached regardless of the header condition since the origin server
response is not under our control. This is what i understood from the
parameter description and set it accordingly.
* |0|= no headers required to make document cacheable
* |1|= either the|Last-Modified|header, or an explicit lifetime
header,|Expires|or|Cache-Control:max-age|, is required
* |2|= explicit lifetime is required,|Expires|or|Cache-Control:max-age|
that's probably a dangerous game when it comes to session-cookies (typically headers) and you ignore "Cache-Control: private" which should be set by any sane application when it's aware that there is a user login active
the most possible harm which can happen on a proxy is cache private and sensible data while deliver it to the wrong user / client
you need to get the origin server somehow under your control and if that means "talk to the admin on the other side" so be it
On 2/5/2016 12:01 AM, James Peach wrote:On Feb 4, 2016, at 10:36 AM, Muhammad Faisal<[email protected]> wrote: Hi James, In the configuraitons the proxy.config.http.cache.required_headers is set to 0. No header configuration required, it means cache everything regardless of the headers. Am I right? Should i change it to 1?Emitting a Cache-Control header is the best approach. Failing that setting required_headers is an option. I have found the xdebug plugin helpful for debugging this sort of problem.On 2/4/2016 9:19 PM, James Peach wrote:On Jan 30, 2016, at 6:19 AM, Muhammad Faisal<[email protected]> wrote: Required Heads: GET /project/filezilla/FileZilla_Client/3.11.0.2/FileZilla_3.11.0.2_win64-setup.exe HTTP/1.1 Host: netix.dl.sourceforge.net Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Encoding: gzip, deflate, sdch Accept-Language: en-US,en;q=0.8 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 6477032 Content-Type: application/octet-stream Date: Sat, 30 Jan 2016 14:15:45 GMT ETag: "62d4e8-5178afaba6ac0" Last-Modified: Tue, 02 Jun 2015 15:56:03 GMT Server: Apache/2.4.6 (CentOS)You have a Last-Modified but no Cache-Control, so set proxy.config.http.cache.required_headers=1. https://docs.trafficserver.apache.org/en/latest/admin-guide/files/records.config.en.html#proxy-config-http-cache-required-headersI dont see any cache control header in the URL On 1/30/2016 6:40 AM, Reindl Harald wrote:Am 29.01.2016 um 20:46 schrieb Muhammad Faisal:sorry for being dumb but how to check the header from origin? On 1/30/2016 12:41 AM, Miles Libbey wrote:No -- from the origin. My real question is, are you sure that url is set to be cacheable?curl --head <url>
signature.asc
Description: OpenPGP digital signature
