httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Querna <>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Mon, 07 Nov 2005 21:01:04 GMT
Graham Leggett wrote:
> Ruediger Pluem wrote:
>> I agree that there are many situation where it does not make sense to
>> cache things under access
>> control, but there are ones where it makes sense.
>> e.g. If you create a forward proxy with httpd that should use caching
>> and that only
>> a limited number of clients on your LAN should be able to use.
> Forward proxies using access control use the Proxy-Authenticate header,
> which is entirely different access control to the WWW-Authenticate
> header used in normal access control. The Cache-Control: private header
> would not apply in this case.
>> So I agree with Paul that it should be configurable.
> Thinking about this for a bit, I don't think it should be configurable.
> Adding "Cache-Control: private" to access controlled resources is part
> of RFC2616, and this spec shouldn't be overriden lightly.
> If there is a compelling reason to support not adding Cache-Control:
> private to authenticated requests, then it's definitely an option, but I
> think we should default to the safe option for now.

The compelling reason is that this implies that even for the DEFAULT
configuration of apache, we should be sending cache-control private, for
EVERY page served.

That is bad. bad bad bad bad bad bad bad bad bad bad bad.  Did I mention
that is bad?

We need a better solution.

This also implies that if we you use mod_rewrite based on any
non-Varied-Header information, you should be setting Cache-Control:
Private too.


View raw message