[Zope3-dev] z3+squid+Unauthorized = weirdness
Brian Sutherland
jinty at web.de
Wed Dec 20 09:05:10 EST 2006
On Wed, Dec 20, 2006 at 02:36:59PM +0100, Adam Groszer wrote:
> Hello,
>
> Just happened the following:
>
> zope3
> server
> |
> |
> squid proxy
> / \
> / \
> / \
> userA userB
>
> Both my users are sitting behind a squid proxy/firewall.
> That is a usual out-of-the-box SuSe linux firewall/proxy config.
> Each request goes through the squid proxy.
> userA does NOT have permission to http://zope3/ap_test/folder1.
> userB has permission to everything, including http://zope3/ap_test/folder1,
> he might even be a zope.manager.
>
> 1. userA accesses http://zope3/ap_test/folder1
> 2. userA gets the usual "Unauthorized, You are not authorized" message
> 3. userB accesses http://zope3/ap_test/folder1
> 4. BANG!, userB gets also the "Unauthorized, You are not authorized" message
>
> Investigating further, the request at 3. does not get to the zope3
> server. It got served by squid.
>
> Adding the "no-store, no-cache, must-revalidate" etc. headers to the
> Unauthorized page solves the problem.
>
> Any opinions about that? Is it my mistake, a squid bug, a Z3 bug?
Er, more like a squid feature, see negative_ttl. Not sure what the best
way is to get around this though, "no-cache" is probably reasonable.
--
Brian Sutherland
Metropolis - "it's the first movie with a robot. And she's a woman.
And she's EVIL!!"
More information about the Zope3-dev
mailing list