httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Leggett <>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Mon, 07 Nov 2005 20:48:43 GMT
Ruediger Pluem wrote:

> I agree that there are many situation where it does not make sense to cache things under
> control, but there are ones where it makes sense.
> e.g. If you create a forward proxy with httpd that should use caching and that only
> a limited number of clients on your LAN should be able to use.

Forward proxies using access control use the Proxy-Authenticate header, 
which is entirely different access control to the WWW-Authenticate 
header used in normal access control. The Cache-Control: private header 
would not apply in this case.

> So I agree with Paul that it should be configurable.

Thinking about this for a bit, I don't think it should be configurable. 
Adding "Cache-Control: private" to access controlled resources is part 
of RFC2616, and this spec shouldn't be overriden lightly.

If there is a compelling reason to support not adding Cache-Control: 
private to authenticated requests, then it's definitely an option, but I 
think we should default to the safe option for now.


View raw message