Return-Path: 
 <users-return-76707-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@www.apache.org
Received: (qmail 12589 invoked from network); 29 Oct 2007 11:47:51 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2)
  by minotaur.apache.org with SMTP; 29 Oct 2007 11:47:51 -0000
Received: (qmail 13215 invoked by uid 500); 29 Oct 2007 11:47:29 -0000
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 13193 invoked by uid 500); 29 Oct 2007 11:47:28 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
List-Post: <mailto:users@httpd.apache.org>
List-Id: <users.httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 13182 invoked by uid 99); 29 Oct 2007 11:47:28 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Oct 2007 04:47:28 -0700
X-ASF-Spam-Status: No, hits=2.0 required=10.0
	tests=HTML_MESSAGE,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of pikodemo@gmail.com designates
 209.85.198.189 as permitted sender)
Received: from [209.85.198.189] (HELO rv-out-0910.google.com) (209.85.198.189)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 29 Oct 2007 11:47:31 +0000
Received: by rv-out-0910.google.com with SMTP id l15so1299331rvb
        for <users@httpd.apache.org>; Mon, 29 Oct 2007 04:47:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type;
        bh=KifeLf1CCxnGp2aISweFLd5g59MHT9tkZ7JxqjeI8jE=;
        b=rPwC+Z4Co5rblXXQrIDWrqTKqCzmJezHMGeqt38gji2/G+y/5dwyo/1fZMhEiQ2xh53hIGtQfjFMJXSykXPvmwjFcQHm2uoX4BG3+5y3zc6eospuj9SwWU8OSZ0PiVPpVtht25IILM0PIEJrQfg/aANwkamBfSmyYvou0UpQqu4=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=Mrt4hcQ8R/hi+1zaA6MvzktHcBGfbGsMkN0Vl9d97/Pk3+XDds4/050lwh/VWA6C7byCxm1AYO9UTCRPY66rUxtxmQGLAKXec99CYSjk/GBV1E8tdfCj2Q9odObdy2+JberRbpUrPj4yCi3dUS690Ich9KW9rmbQ3qW1f+pdehs=
Received: by 10.114.126.1 with SMTP id y1mr3505843wac.1193658429692;
        Mon, 29 Oct 2007 04:47:09 -0700 (PDT)
Received: by 10.114.154.5 with HTTP; Mon, 29 Oct 2007 04:47:09 -0700 (PDT)
Message-ID: <36f1b6710710290447v4bf2162eydefcf509f84a39bc@mail.gmail.com>
Date: Mon, 29 Oct 2007 11:47:09 +0000
From: "Laurent Tu" <pikodemo@gmail.com>
To: users@httpd.apache.org
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_14649_17830449.1193658429686"
X-Virus-Checked: Checked by ClamAV on apache.org
Subject: [users@httpd] Proxy authentication bypassed when serving cached
 content?

------=_Part_14649_17830449.1193658429686
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,


When using user authentication along with cache, I saw that user
authentication was not asked again when the content was served from the
cache.
I am using authentication inside a proxy directive:
<Proxy *>
  AuthType Basic
  ...
</Proxy>

When the content is not cached yet, Proxy-Authenticate  is sent by the proxy
server. When the content is already cached, it provides the result even
without the client providing Proxy-Authorization header.
For example, this happens with a website like http://www.perdu.com


After going through mod_cache doc, mod_proxy doc or rfc 2616, I've found
nothing about it. Can anyone please tell me if I'm understanding something
the wrong way?



Thanks
Laurent

------=_Part_14649_17830449.1193658429686
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hi,<br><br><br>When using user authentication along with cache, I saw that user authentication was not asked again when the content was served from the cache.<br>I am using authentication inside a proxy directive:<br>&lt;Proxy *&gt;
<br>&nbsp; AuthType Basic<br>&nbsp; ...<br>&lt;/Proxy&gt;<br><br>When the content is not cached yet, Proxy-Authenticate&nbsp; is sent by the proxy server. When the content is already cached, it provides the result even without the client providing Proxy-Authorization header.
<br>For example, this happens with a website like <a href="http://www.perdu.com">http://www.perdu.com</a><br><br><br>After going through mod_cache doc, mod_proxy doc or rfc 2616, I&#39;ve found nothing about it. Can anyone please tell me if I&#39;m understanding something the wrong way?
<br><br><br><br>Thanks<br>Laurent<br>

------=_Part_14649_17830449.1193658429686--