httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ruediger Pluem <>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Tue, 08 Nov 2005 06:48:07 GMT

On 11/08/2005 01:55 AM, Roy T. Fielding wrote:
> On Nov 7, 2005, at 3:10 PM, Ruediger Pluem wrote:


> I can't remember which directive applies where, but if the
> access control is set to deny all and allow some, where some
> is a locally restricted subset of all, then cache-control
> private is required on non-error responses unless the request
> included Authorization (in which case cache-control private
> is optional because it is already implied with Auth).
> If the directive is set to allow all and deny some, then
> it is reasonable to assume that the access control is for
> service reasons, not authentication, and thus anyone who
> receives the message should be allowed to cache it for others.
> It would be wise to make both configurable.

Many thanks for clarification.
So do you think that there is a todo for mod_authz_host to add such things
or should this be left to the administrator who can of course use
mod_headers in the first case to add Cache-Control: private?



View raw message