httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <rpl...@apache.org>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Mon, 07 Nov 2005 21:16:34 GMT


On 11/07/2005 09:48 PM, Graham Leggett wrote:
> Ruediger Pluem wrote:
> 
>> I agree that there are many situation where it does not make sense to
>> cache things under access
>> control, but there are ones where it makes sense.
>>
>> e.g. If you create a forward proxy with httpd that should use caching
>> and that only
>> a limited number of clients on your LAN should be able to use.
> 
> 
> Forward proxies using access control use the Proxy-Authenticate header,
> which is entirely different access control to the WWW-Authenticate
> header used in normal access control. The Cache-Control: private header
> would not apply in this case.

This is often done via IP addresses and not via username/password.
And this is what I think is the real pain and complain: I does not work
with IP based access controls. Setting Cache-Control: private is just not
what you want here, because this would prevent caching in this case.
BTW: RFC2616 says in 14.9.1:

private
      Indicates that all or part of the response message is intended for
      a single user and MUST NOT be cached by a shared cache. This
      allows an origin server to state that the specified parts of the
      response are intended for only one user and are not a valid
      response for requests by other users. A private (non-shared) cache
      MAY cache the response.

It talks about *single* users. The problems we are facing here are *groups* of
users. So the cache is a shared cache for this group of users in this case.

Regards

RĂ¼diger

[..cut..]


Mime
View raw message