On Wed, Dec 20, 2006 at 02:36:59PM +0100, Adam Groszer wrote:
> Just happened the following:
> squid proxy
> / \
> / \
> / \
> userA userB
> Both my users are sitting behind a squid proxy/firewall.
> That is a usual out-of-the-box SuSe linux firewall/proxy config.
> Each request goes through the squid proxy.
> userA does NOT have permission to http://zope3/ap_test/folder1.
> userB has permission to everything, including http://zope3/ap_test/folder1,
> he might even be a zope.manager.
> 1. userA accesses http://zope3/ap_test/folder1
> 2. userA gets the usual "Unauthorized, You are not authorized" message
> 3. userB accesses http://zope3/ap_test/folder1
> 4. BANG!, userB gets also the "Unauthorized, You are not authorized" message
> Investigating further, the request at 3. does not get to the zope3
> server. It got served by squid.
> Adding the "no-store, no-cache, must-revalidate" etc. headers to the
> Unauthorized page solves the problem.
> Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?
Er, more like a squid feature, see negative_ttl. Not sure what the best
way is to get around this though, "no-cache" is probably reasonable.
Metropolis - "it's the first movie with a robot. And she's a woman.
And she's EVIL!!"
Zope3-dev mailing list