Caching URL with ?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Caching URL with ?

Hector Chan
I have a question about caching URLs with an auth token embedded in the URL parameter.  For example:

https://www.example.com/path/page?token=xxx135ynjy93tqi

The page can be uniquely identified without the URL parameters.  It appears squid is using the full URL, including the URL parameters, as the cache key.  Thus, causing the HIT rate to plummet.  Is there any way I can tell squid to disregard the URL parameters when storing to or serving from cache?  I know the store_id_program can do that, but is there any other way?

Thanks,
Hector

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: Caching URL with ?

Yuri Voinov

Not enough information.

Is token persistent from GET to GET? Or it changed from day to day (by hash from date, for example?) If ir persistent, it can be stored by store-ID. If not -no.

The other way here is not to blame. It is necessary to understand, whether the token is really unique for unique content or not. This is the subject of reverse engineering, I think.


02.10.2017 23:44, Hector Chan пишет:
I have a question about caching URLs with an auth token embedded in the URL parameter.  For example:

https://www.example.com/path/page?token=xxx135ynjy93tqi

The page can be uniquely identified without the URL parameters.  It appears squid is using the full URL, including the URL parameters, as the cache key.  Thus, causing the HIT rate to plummet.  Is there any way I can tell squid to disregard the URL parameters when storing to or serving from cache?  I know the store_id_program can do that, but is there any other way?

Thanks,
Hector


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

-- 
**************************
* C++: Bug to the future *
**************************

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users

0x3E3743A7.asc (2K) Download Attachment
signature.asc (673 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Caching URL with ?

Amos Jeffries
Administrator
In reply to this post by Hector Chan
On 03/10/17 06:44, Hector Chan wrote:

> I have a question about caching URLs with an auth token embedded in the
> URL parameter.  For example:
>
> https://www.example.com/path/page?token=xxx135ynjy93tqi
>
> The page can be uniquely identified without the URL parameters.  It
> appears squid is using the full URL, including the URL parameters, as
> the cache key.  Thus, causing the HIT rate to plummet.  Is there any way
> I can tell squid to disregard the URL parameters when storing to or
> serving from cache?  I know the store_id_program can do that, but is
> there any other way?

No there is not. Any change to any part of the URL means it is a
different cache object. Store-ID is the way to de-duplicate identical
objects caused by this type of broken URL.

PS. the token above is neither private nor secure. If you have any
influence or contact with the devs of the software doing that please
encourage them to use real authentication. It looks like OAuth2 Bearer
is what that system needs to use.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users