Re: [squid-users] Squid and NTLM passthrough

From: Steffan Corley <[email protected]>
Date: Fri, 26 Jan 2007 12:20:35 +0000

Henrik Nordstrom wrote:
> tis 2007-01-16 klockan 16:37 +0000 skrev Steffan Corley:
>
>
>> As far as the last point goes (pages being cached and then served to a
>> user who should be blocked from seeing them), I was wondering whether it
>> would be possible to get round this (in a fairly nasty way) using the
>> refresh_pattern configuration option?
>>
>
> Maybe, but I suspect this would probably make Squid not even cache the
> pages..
>
> If the pages do get cached then it should work out reasonably, with
> Squid sending If-Modified-Since/If-None-Match queries upstream to check
> if the page may be accessed.
>
> Regards
> Henrik
>
I have experimented with this (using refresh_pattern -i .* 0 0% 0
override-expire override-lastmod) and it seems to basically do what I
want (Squid always checks whether a page has changed with the upstream
proxy before serving it from the cache).

The only problem I have is that when the upstream proxy returns a 502
status (access denied), if Squid has the page cached it seems to serve
it anyway.

I want to change the behaviour so that in this case the 502 response is
returned to the client. I also would like to have a configuration
option where if there is an error when contacting the upstream cache, an
error message is returned rather than returning the cached version of
the page.

Can you point me at where I would need to look to implement these? I
would, of course, submit any patches we develop for inclusion in future
Squid versions.

Regards,

Steffan
Received on Fri Jan 26 2007 - 05:20:42 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST