Re: HttpHdrCc & draft-melve-cachecontrol-00.txt...

From: Alex Rousskov <rousskov@dont-contact.us>
Date: Tue, 28 Apr 1998 23:03:00 -0600 (MDT)

--MimeMultipartBoundary
Content-Type: TEXT/PLAIN; charset=US-ASCII

On Tue, 28 Apr 1998, Jason Riedy wrote:

> When I mentioned access controls & Cache-Control on squid-users, I
> hadn't seen draft-melve-cachecontrol-00.txt . Is anyone working on
> this for squid? It's not perfect (relies on it being supported by
> neighbors), but it'd serve my immediate needs (limit some documents
> through our accelerator to only our domain). If no one else is
> adding it, I'd be interested in hacking a limited version...

0) As far as I understand, Ingrid and you want the document to be cachable,
but "servable" only to a restricted set of users. (If you do not want squid
to cache the object at all, there are standard ways to specify that.) This
restriction smells more like access controls to me.

I am not sure Cache-Control header field is a proper place for that Please
double check the HTTP/1.1 specs, but I think it clearly indicates that
Cache-Control is used for things _other_ than access controls (mostly
limiting storing and/or caching of an object). Note that the semantics of
"Access-restricted" directive is very different from the "community"
directive that HTTP/1.1 gives as an example!

Also, client IP may not be available if the document is being requested
through another proxy (e.g., a close-by peer).

Finally, if the set of the documents you want to attach "Access-restricted"
directives to is small, consider making them non-cachable.

1) Seems like an 'Access-restricted="Domain:"' directive will be not-so-easy
to implement because it requires a [reverse] DNS lookup on client's IP.

2) Note that with "IP" or "Domain" directive, Squid will have to start
loading a cached object from disk first (to get the headers) and only then
discover that it cannot serve the object because of the Access-restricted
field. Not a big deal, but still requires out-of-the-main-stream processing,
I guess.

3) Please consider deleting "Comma separated lists" option. It adds no new
features but complicates parsing/processing. If multiple entries are
desired, one can repeat "Access-restricted" directives.

> BTW, when is the HttpHdrCc likely to be used more widely in the code?

HttpReplies are using it for a long time already. HttpRequests will probably
start using it in b21. If you mean the number of supported directives, they
will be on-demand, I guess. (I think there is also a fresh patch pending that
enables some of the commonly used directives).

> Since the Access-restricted facility does not yet exist, that struct
> would be the right place to put it.

Again, "Cache-control", IMHO is not a perfect place for the new directive.
Maybe you can ask this question on HTTP discussion list?

$0.02,

Alex.

--MimeMultipartBoundary--
Received on Tue Jul 29 2003 - 13:15:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:11:45 MST