replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

L A Walsh
Since the early 4.x series and now, the cache control headers:

ignore-no-cache
ignore-must-revalidate
ignore-auth

have been "obsoleted".  Indicating something has replaced them and
there's a new & better way to ignore those headers for
static files (most often web-fonts, though some javascript files
also fall into that category).

Thanks!

-linda

_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

Alex Rousskov
On 12/6/20 10:12 AM, L A Walsh wrote:
> Since the early 4.x series and now, the cache control headers:

> ignore-no-cache
> ignore-must-revalidate
> ignore-auth

> have been "obsoleted".  Indicating something has replaced them and
> there's a new & better way to ignore those headers for
> static files (most often web-fonts, though some javascript files
> also fall into that category).


AFAICT, the options were _not_ removed because there are new/better
options to ignore the corresponding directives. I see how this can be
confusing in a classical "obsoletion" context. I will try to clarify:

* ignore-no-cache

Squid v3.2 release notes imply that Squid does what most admins want
now, without any explicit option: "Its commonly desired behaviour is
obsoleted by correct HTTP/1.1 Cache-Control:no-cache handling." Commit
7ed5335 message details that claim:
https://github.com/squid-cache/squid/commit/7ed5335


* ignore-must-revalidate

Squid v4 release notes claim that "Other more HTTP compliant directives
(cache, store_miss) can be used to prevent objects from caching". That
official statement mismatches the ignore-must-revalidate intent AFAICT:
The ignore-must-revalidate intent was to prevent revalidations rather
than prevent caching.

The corresponding commit message paints a rather different picture by
claiming that ignore-must-revalidate was broken -- it was actually
preventing caching rather preventing revalidation (and caused other
problems):
https://github.com/squid-cache/squid/commit/064679e

If you combine the two together, you may get something like "the option
was removed because it did not do what it promised to do, and what it
actually did can be accomplished with cache and store_miss".


* ignore-auth

Squid v4 release notes imply that Squid does what most admins want now,
without any explicit option: "Its commonly desired behaviour is
performed by default with correct HTTP/1.1 revalidation". More details
at https://github.com/squid-cache/squid/commit/d94cbaa


Please do not shoot the messenger -- I am just relaying and interpreting
the official information. If you have a specific use case that cannot be
addressed using the existing directives, please ask about that specific
use case, detailing what Squid receives and what you want Squid to do.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

Amos Jeffries
Administrator
On 7/12/20 9:14 am, Alex Rousskov wrote:
> On 12/6/20 10:12 AM, L A Walsh wrote:
...
> * ignore-no-cache
>
> Squid v3.2 release notes imply that Squid does what most admins want
> now, without any explicit option: "Its commonly desired behaviour is
> obsoleted by correct HTTP/1.1 Cache-Control:no-cache handling." Commit
> 7ed5335 message details that claim:
> https://github.com/squid-cache/squid/commit/7ed5335
>

More details on that change can also be found at
<https://squidproxy.wordpress.com/2012/10/16/squid-3-2-pragma-cache-control-no-cache-versus-storage/>

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

L A Walsh
In reply to this post by Alex Rousskov
On 2020/12/06 12:14, Alex Rousskov wrote:
> On 12/6/20 10:12 AM, L A Walsh wrote:
>> Since the early 4.x series and now, the cache control headers:
>
>> ignore-no-cache
>> ignore-must-revalidate
>> ignore-auth
...
        Thanks for the followup.  One of the main things I try to use
my proxy for is to cache semi-static content like fonts and scripts to
minimize or eliminate requests for the same resources but from different
sites so owners of those resources may not be as easily able to track a
user as they move across the web.





_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: replacement for obsoleted cache controls (ign-no-cache; ign-must-reval. + ign-auth)

Amos Jeffries
Administrator
On 9/12/20 11:14 am, L A Walsh wrote:
> On 2020/12/06 12:14, Alex Rousskov wrote:
>> On 12/6/20 10:12 AM, L A Walsh wrote:
>>> Since the early 4.x series and now, the cache control headers:

FTR: Since Squid-3.2

>>
>>> ignore-no-cache
>>> ignore-must-revalidate
>>> ignore-auth
> ...
>      Thanks for the followup.  One of the main things I try to use
> my proxy for is to cache semi-static content like fonts and scripts to
> minimize or eliminate requests for the same resources but from different
> sites so owners of those resources may not be as easily able to track a
> user as they move across the web.
>

In HTTP/1.1 and later the server is explicitly passed headers from the
clients request to check whether the cached entry can be used. So
forcing caching will not help with your requirement. Caching is purely a
bandwidth saving and (usually) performance improving measure.

For tracking prevention you need to filter out the details (eg headers)
which servers use for that tracking and fingerprinting.


Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users