Dynamic Items within a Web Page?

JonathanLee

Hello Fellow Netgate community members,

What are your thoughts on this acl I have been researching. Some configuration files have it included for Squid and others do not

acl QUERY urlpath_regex cgi-bin \? asp aspx jsp

## Prevent caching jsp, cgi-bin etc
cache deny QUERY

What are your thoughts? This is in relation to ssl intercept with certificates installed and bump active.

Keep in mind I am still a student and learning.

Ref:
https://github.com/CptOfEvilMinions/BlogProjects/blob/main/squid-tls-termination/conf/squid/squid.conf

https://wiki.alpinelinux.org/wiki/Setting_up_Explicit_Squid_Proxy

JonathanLee

To Quote Squid Email Support

"'On 1/01/25 21:21, Robin Wood wrote:
I'm going to massively over simplify things here, but you can think of it like this.
Files with html extensions are static web pages, you write them, put them on the server, and they are served as they are, no changes.
Asp and the others are dynamic files, they are processed by an app on the server before they are sent to the client. This app may do nothing, so the page comes as it was, but usually it will add content. This content could be to create a CMS page by pulling the page content from a database, it could be your shopping orders pulled from your account, or it could be your current bank statement.
Caching should never be done on anything that is specific to a single user, so it's fine to cache public CMS content with an asp extension, but not your bank statement.
There is more to it than that, but hopefully that gives you a general idea.'

That is mostly correct for simple HTTP/1.0-like behaviour.

With HTTP/1.1 and later things are a little different. The biggest change is that URL no longer matters. The Content-Typereplaces "fiel extension" entirely, and Cache-Control headers take over the job of defining how and when something can be cached.

For Squid, the refresh_pattern directive is what provides compatibility with HTTP 1.0 behaviour. It provides values for any Cache-Control settings the server omitted (eg for servers acting like HTTP/1.0 still).

The default "refresh_pattern -i (/cgi-bin/|?) 0 0% 0" configuration line tells Squid the values which will perform HTTP/1.0 caching behaviour for any of the dynamic content coming out of broken or old cgi-bin services or anythign with query-string ('?...') URL.

Jonathan: if you have not changed the refresh_pattern's you do not have to care specifically about dynamic-vs-static content caching. Whether it is plain-text HTTP(S) or SSL-Bump'ed HTTPS, it should all cache properly for its server-claimed needs.

Your "cache deny" policy in squid.conf is telling Squid never to cache any URL containing the ACL-matching strings. Even if they could be cached safely.

HTH
Amos"

Basically you do not really need to add this weird rule per the email support..
if you have not changed the refresh_pattern's you do not have to care specifically about dynamic-vs-static content caching. Whether it is plain-text HTTP(S) or SSL-Bump'ed HTTPS, it should all cache properly for its server-claimed needs.

I do not know if anyone else wonders about this and stumbled on that rule on several different websites, it is not built into the Squid Package but it seems like something others have been adding.