httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <>
Subject Re: cache trouble (Re: [vote] 2.1.9 as beta)
Date Tue, 08 Nov 2005 00:55:08 GMT
On Nov 7, 2005, at 3:10 PM, Ruediger Pluem wrote:
> Not for every page, but if I get it right once you lock out one bad 
> boy via

> deny ipaddress
> than it should be sent. AFAIK this not done automatically currently 
> once you add a deny
> directive somewhere. Does this need to be changed?

I can't remember which directive applies where, but if the
access control is set to deny all and allow some, where some
is a locally restricted subset of all, then cache-control
private is required on non-error responses unless the request
included Authorization (in which case cache-control private
is optional because it is already implied with Auth).

If the directive is set to allow all and deny some, then
it is reasonable to assume that the access control is for
service reasons, not authentication, and thus anyone who
receives the message should be allowed to cache it for others.

It would be wise to make both configurable.


View raw message