Package: varnish
Version: 1.0.3-2
Severity: wishlist
Perhaps it would be a good idea to add code to the default vcl.conf
that makes Varnish not cache pages accessed with auth?
The attached patch makes Varnish pass on Authorization and
WWW-Authenticate-headers.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: powerpc (ppc)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.19-asjo-powerpc
Locale: LANG=C, LC_CTYPE=da_DK (charmap=ISO-8859-1)
Versions of packages varnish depends on:
ii gcc 4:4.1.1-15 The GNU C compiler
ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries
ii libncurses5 5.5-5 Shared libraries for terminal hand
varnish recommends no packages.
-- no debconf information
--- vcl.conf.orig 2007-03-31 17:45:01.316950705 +0200
+++ vcl.conf 2007-03-31 17:47:23.524049189 +0200
@@ -8,6 +8,10 @@
}
sub vcl_recv {
+ if (req.http.authorization) {
+ pass;
+ }
+
if (req.request == "POST") {
pipe;
}
@@ -19,6 +23,10 @@
}
sub vcl_fetch {
+ if (resp.http.www-authenticate) {
+ pass;
+ }
+
# force minimum ttl of 180 seconds
if (obj.ttl < 180s) {
set obj.ttl = 180s;
