[squid-users] authenticated users get anonymous pages

This is a discussion on [squid-users] authenticated users get anonymous pages within the Squid Users forums, part of the Web Server and Related Forums category; My Squid reverse proxy returns the pages stored in cache by an anonymous request even if the current request contains ...


Go Back   Usenet Forums > Web Server and Related Forums > Squid Users

Reload this Page [squid-users] authenticated users get anonymous pages

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 02-19-2004
Jérôme SAUTRET
 
Posts: n/a
Default [squid-users] authenticated users get anonymous pages

My Squid reverse proxy returns the pages stored in cache by an anonymous
request even if the current request contains an Authorization http
header field.

Here's an example :

First, I get the page with an authenticated user (authentification on the web server, not Squid) :

% ab -A admin:secret http://my.server.org/sections

==> store.log <==
1077211219.602 RELEASE -1 FFFFFFFF ACB7146AAD80CF6756BDC297AA507537 200 1077211219 -1 -1 text/html 10345/10345 GET http://my.server.org/sections

==> access.log <==
1077211219.602 288 10.68.140.37 TCP_MISS/200 10671 GET http://my.server.org/sections - TIMEOUT_FIRST_UP_PARENT/localhost text/html


All is OK : the page is not stored in cache because I am authenticated
(and the server behind Squid doesn't return any Expires http header
field in this case).


Then I get the same page without any authentication :

% ab http://my.server.org/sections

==> store.log <==
1077211535.436 SWAPOUT 00 00000000 0DF0B2112C2A1E102AE22805E353EF2C 200 1077211535 -1 1077215135 text/html 6819/6819 GET http://my.server.org/sections

==> access.log <==
1077211535.501 225 10.68.140.37 TCP_MISS/200 7213 GET http://my.server.org/sections - FIRST_PARENT_MISS/localhost text/html

This is still OK, the page in stored in cache.

Then I redo the first request :

% ab -v 4 -A admin:secret http://my.server.org/sections

==> access.log <==
1077211621.273 16 10.68.140.37 TCP_MEM_HIT/200 7170 GET http://my.server.org/sections - NONE/- text/html


The page is taken from the cache (from the preceding request), which
is wrong in this case, because the pages for authenticated users are
different from those for anonymous ones.

How can I fix this problem, apart from using different protocols
(http/https) or virtual hosts (one for anonymous and one for authenticated) ?

Is there a way to detect the Authorization header field in an acl rule ?

--
Jérôme SAUTRET (Jerome@SAUTRET.org) http://SAUTRET.org
Key 0x95D463F3 fingerprint 3B69 3B60 4D32 B8DF 2BF3 8035 5036 D41A 95D4 63F3
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:30 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0