On Wednesday 05 March 2003 23.18, Craig Kelley wrote: > 2) If I turn on basic HTTP authentication in Apache with something > like this, however: > > AuthType Basic > AuthName ByPassword > AuthUserFile /var/www/secure/users > <Limit GET PUT POST DELETE> > Require valid-user > </Limit> > > Then squid will always re-fetch the file regardless; a cache miss > every time. Is this an Apache problem?
This is normal. A shared cache cannot cache content which are protected by authentication unless the response includes "Cache-control: public" which tells caches that even if the request included authentication the response does not actually require authentication and may be cached by shared caches. > I would rather just have > squid do the basic authentication, but from what I understand it > cannot reliably do this when in httpd_accel mode (?). Sure you can. Just add the following line at the top of acl.c and rebuild Squid: #define AUTH_ON_ACCELERATION 1 The reason to this define is that you cannot use authentication in transparent proxies and to Squid-2.X transparent proxies is "accelerators for all web servers", but there is no problem using authentication in real accelerators, it is only that it is slightly hidden to make sure people who runs transparent proxies does not think this can be done there, as it can't. This capability will be a lot more visible in Squid-3 as both the accelerator and transparent proxy modes of Squid has been reworked a bit and there no longer is a conflict between acceleration and transparent proxying, allowing authentication to always be available to accelerators without risking confusion in transparent proxy setups. Regards Henrik
