httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <>
Subject Re: cvs commit: httpd-2.0/modules/experimental cache_storage.c
Date Tue, 05 Feb 2002 16:57:27 GMT
Graham Leggett wrote:
> This is a cryptographically signed message in MIME format.
> --------------msE98EC4A31A500D9720859F64
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> wrote:
>>  add another option.. CacheIgnoreCacheControl. this ignores a 'incoming request's
>>  attempts to get a fresh copy. Mainly I see this as being usefull in r-proxy's
> Ignoring the cache control headers effectively breaks the HTTP protocol
> - is there a specific application for this option?

This directive is >only< on the incoming request, If I'm caching results 
of a expensive call to a backend server, why should some piddly client 
tell me to re-get the info, forcing a subsecond response to become a 10 
second one ? run a couple of these requests and bang.. your server dies 
as all the threads are busy servicing these 10 seconds requests.

The directive has no effect on what happens with the response back from 
the handler (be it proxy or whatever) if IT sets the cache-control it 
still honors it.

> We need to be careful with some of the ability to override these headers
> - it must be made clear in the docs or the config options that these are
> non standard functions that should not normally be used unless the admin
> knows what they are doing.
> For example, ignoring Cache-Control might cause the server to ignore
> Cache-Control: no-store, which could be viewed as a security issue (even
> though a minor one).

I'll make the directive a bit more clear maybe 
and put a message who this breaks RFC compliance

> Regards,
> Graham

View raw message