Search code examples
cachingapache-traffic-server

When Authorization header is present in the request, its' always a Cache Miss

When Authorization header present in the inbound request, it's always a Cache Miss. My requirement is, I need ATS to treat the Authorization header like any other header (It should not cause cache miss and it should get forwarded to upstream service). How can I achieve this.

This may sound non-secure, but, I have a specific usecase for this. This cache is for internal use and it's access is controlled by other means.

I tried this

As per the official documentation

By default, Traffic Server does not cache objects with the following request headers:

Authorization

Cache-Control: no-store

Cache-Control: no-cache

To configure Traffic Server to ignore this request header,

Edit proxy.config.http.cache.ignore_client_no_cache in records.config.

CONFIG proxy.config.http.cache.ignore_client_no_cache INT 1 Run the command traffic_ctl config reload to apply the configuration changes.

but, no luck

Solution

  • Actually this https://docs.trafficserver.apache.org/en/latest/admin-guide/configuration/cache-basics.en.html#configuring-traffic-server-to-ignore-www-authenticate-headers did the trick for me.

    The following instructions was applicable for Authorization header as well, besides WWW-Authenticate Header. They need to update the documentation.

    Configuring Traffic Server to Ignore WWW-Authenticate Headers

    By default, Traffic Server does not cache objects that contain WWW-Authenticate response headers. The WWW-Authenticate header contains authentication parameters the client uses when preparing the authentication challenge response to an origin server.

    When you configure Traffic Server to ignore origin server WWW-Authenticate headers, all objects with WWW-Authenticate headers are stored in the cache for future requests. However, the default behavior of not caching objects with WWW-Authenticate headers is appropriate in most cases. Only configure Traffic Server to ignore server WWW-Authenticate headers if you are knowledgeable about HTTP 1.1.

    To configure Traffic Server to ignore server WWW-Authenticate headers:

    Edit proxy.config.http.cache.ignore_authentication in records.config.

    CONFIG proxy.config.http.cache.ignore_authentication INT 1

    Run the command traffic_ctl config reload to apply the configuration changes.