Thanks Henrik,
I have been wondering about what you have mentioned.
I am still considering couple things about Deep Response Inspection
while it's might cost some more CPU time.
Eliezer
On 18/03/2015 10:23, Henrik Nordström wrote:
mån 2015-03-16 klockan 04:03 +0200 skrev Eliezer Croitoru:
My main concern until now is that if squid would have the cached object
in a digest url form such as:
http://digest.squid.internal/MD5/xyz123";
Squid would in many cases try to verify against the origin server that
the cached object has the same ETAG and MODIFICATION time.
The Digest alone is only on the body, and says nothing about header
authority. You need to get trusted object headers from somewhere else,
i.e. the requested origin. Once you have the authoritative headers you
can splice in the digest verified response body.
This is in some sense similar to the header merging needed in ETag based
variant handling on a single URL, but even more so as you must not take
headers from one random URL and apply them to another requested URL
without permission unless the requested URL permits this. Violating
this opens a range of security concerns where headers may be injected
giving a different result than intended by the origin.
Regards
Henrik
--
You received this message because you are subscribed to the Google Groups "Metalink
Discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/metalink-discussion.
For more options, visit https://groups.google.com/d/optout.
