On Wed, Dec 20, 2006 at 02:36:59PM +0100, Adam Groszer wrote:
> Hello,
> 
> Just happened the following:
> 
>    zope3
>   server
>      |
>      |
> squid proxy
>     / \
>    /   \
>   /     \
> userA userB
> 
> Both my users are sitting behind a squid proxy/firewall.
> That is a usual out-of-the-box SuSe linux firewall/proxy config.
> Each request goes through the squid proxy.
> userA does NOT have permission to http://zope3/ap_test/folder1.
> userB has permission to everything, including http://zope3/ap_test/folder1,
> he might even be a zope.manager.
> 
> 1. userA accesses http://zope3/ap_test/folder1
> 2. userA gets the usual "Unauthorized, You are not authorized" message
> 3. userB accesses http://zope3/ap_test/folder1
> 4. BANG!, userB gets also the "Unauthorized, You are not authorized" message
> 
> Investigating further, the request at 3. does not get to the zope3
> server. It got served by squid.
> 
> Adding the "no-store, no-cache, must-revalidate" etc. headers to the
> Unauthorized page solves the problem.
> 
> Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?

Er, more like a squid feature, see negative_ttl. Not sure what the best
way is to get around this though, "no-cache" is probably reasonable.

-- 
Brian Sutherland

Metropolis - "it's the first movie with a robot. And she's a woman.
              And she's EVIL!!"
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to