You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Bruce Lysik <bl...@yahoo.com> on 2012/04/26 23:20:11 UTC
cache files that require authentication?
Hi,
Can ATS properly cache file objects that require a user to be authenticated via http basic auth?
Thanks.
--
Bruce Z. Lysik <bl...@yahoo.com>
Re: cache files that require authentication?
Posted by Leif Hedstrom <zw...@apache.org>.
On 4/26/12 3:20 PM, Bruce Lysik wrote:
> Hi,
>
> Can ATS properly cache file objects that require a user to be authenticated via http basic auth?
>
I talked to James about this. But yeah, you can make such responses
cacheable, but then they are accessible without authentication, I'm fairly
certain. Hearing about your use case, you'd want to implement a small
plugin, that does e.g. a HEAD request with the client credentials to the
origin, and if it fails, deny the request. If it passes, let the request go
through, and allow ATS to cache the response (or serve out of cache if in
cache).
It's possible there are other things you can do, but I'm not sure what. ATS
itself does not support proxy-auth or WWW-auth right now at least (another
plugin task :).
-- Leif
CONFIG proxy.config.http.cache.ignore_authentication INT 1