httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Laurent Tu" <pikod...@gmail.com>
Subject Proxy authentication bypassed when serving cached content
Date Fri, 26 Oct 2007 15:49:00 GMT
Hi,


>From my understanding of mod_cache, proxy authentication (header
Proxy-Authenticate) is not asked when serving cached content in a forward
proxy configuration: mod_cache operates on the quick_handler hook whereas
authentication operates later in the request process. I have tried it on a
real case as well:
<Proxy *>
   AuthType Basic
   ...
   Require valid-user
</Proxy>

Content not available in cache goes through the authentication, but not the
cached one. As a result, a user does not need to be authenticated to access
a cached result.

So, here we are:
- Am I wrong?
- Is it a normal behavior?
- If not: is it addressed by someone?
- If not: what about I do it: is checking user information in the quick
handler hook before mod_cache (in case it fails, we send 407,
Proxy-Authenticate, return OK) a good solution?


Thanks
Laurent

Mime
View raw message