trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sudheer Vinukonda <>
Subject Re: Programmatically evicting cached resources that match an Authorization header
Date Wed, 23 Nov 2016 12:15:28 GMT
ATS supports HTTP PURGE method to remove the contents from the cache based on the request URL.

Another more efficient approach is to simply alter the cache key for the associated resource
to something that's different from the current.

There's no direct out of the box (via config or a built in plugin) that can purge based on
a request header, AFAIK. However, using the available TS API, it should be simple enough to
write a custom plugin that can do it. 

Below are some relevant example plugins that invalidate cache entries efficiently by altering
the associated cache keys.

- Sudheer

> On Nov 23, 2016, at 2:25 AM, Pachler, Uwe <> wrote:
> Hello,
> I'm considering to use a HTTP Cache in front of a web application I'm developing. I'd
operate the cache as a transparent proxy to cache dynamic resources that are only accessible
via authentication (with Vary: Authorization header set, so each user's version is cached
separately). What a user can and can't see depends on permissions configured for that user
in the web application, and permissions can change over time. Authentication is handled only
by the web application.
> From what I've read Apache TS would fit this scenario perfectly, but there is an open
question I could not find an answer for: If a user's permission to see a resource is revoked
in the web application, that resource is still cached until it becomes stale, so it is still
visible. So that change in permissions is not in effect as long as the resource is still considered
fresh by the cache.
> However, because the web application knows when a users permissions change, it could
simply tell the cache to invalidate (evict) all resources in the cache that match the user's
authorization header. 
> So is there a way to programmatically (e.g. HTTP service call, etc.) evict all resources
matching an Authorization header?
> Kind regards,
> Uwe

View raw message