Hi Graham,
I don't think mod_proxy does currently conform to RFC2616 in respect of Cache-Control: no-cache="<directive>" It preventing the caching of specific headers, I can't find any code implementing this in the mod_proxy distribution and the following example fails... I have a small test.jsp which just sets Expires, Last-Modified and Cache-Control: no-cache="Set-Cookie" headers and configured Apache to act as a Reverse Proxy Server for the page. With an empty cache the initial request gives ... ~> GET -edP "http://FCODEVWS2/communities/test.jsp" Cache-Control: no-cache="Set-Cookie" Connection: close Date: Tue, 19 Feb 2002 12:37:33 GMT Server: Apache/1.3.23 (Win32) Content-Length: 8 Content-Type: text/html Expires: Tue, 19 Feb 2002 13:06:34 GMT Last-Modified: Tue, 19 Feb 2002 12:06:34 GMT Client-Date: Tue, 19 Feb 2002 12:37:35 GMT Client-Response-Num: 1 Set-Cookie: WebLogicSession=PHJG0oDVfgz68YWMM8DpXAUxFVZ5gugPKyuKQbIf716lkw6bRRBM |-1484200219301769473/-1628821962/6/7001/7001/7002/7002/7001/-1; path=/ X-Cache: MISS from fcomain After which a cached version of the content and headers is created in the cache, but it still contains the Set-Cookie directive which it should not, I don't think ... ----- 000000003C72473E 000000003C723FCA 000000003C724DDA 0000000000000001 000000003C72470D 000000003C724710 0000000000000008 X-URL: http://fcontdevserver1/communities/test.jsp Connection: close Host: FCODEVWS2 User-Agent: lwp-request/1.40 HTTP/1.1 200 OK Server: Netscape-Enterprise/4.1 Date: Tue, 19 Feb 2002 12:38:22 GMT Content-length: 8 Content-type: text/html Expires: Tue, 19 Feb 2002 13:06:34 GMT Last-modified: Tue, 19 Feb 2002 12:06:34 GMT Cache-control: no-cache="Set-Cookie" Set-cookie: WebLogicSession=PHJG0oDVfgz68YWMM8DpXAUxFVZ5gugPKyuKQbIf716lkw6bRRBM|-148420 0219301769473/-1628821962/6/7001/7001/7002/7002/7001/-1; path=/ Test ----- A subsequent request to the proxy gives a hit to the cache which is correct but it should NOT serve back the Set-Cookie header. ~> GET -edP "http://FCODEVWS2/communities/test.jsp" Cache-Control: no-cache="Set-Cookie" Connection: close Date: Tue, 19 Feb 2002 12:38:42 GMT Age: 69 Server: Apache/1.3.23 (Win32) Content-Length: 8 Content-Type: text/html Expires: Tue, 19 Feb 2002 13:06:34 GMT Last-Modified: Tue, 19 Feb 2002 12:06:34 GMT Client-Date: Tue, 19 Feb 2002 12:38:40 GMT Client-Response-Num: 1 Set-Cookie: WebLogicSession=PHJG0oDVfgz68YWMM8DpXAUxFVZ5gugPKyuKQbIf716lkw6bRRBM |-1484200219301769473/-1628821962/6/7001/7001/7002/7002/7001/-1; path=/ X-Cache: HIT from fcomain The relevant part of the HTTP spec I think is no-cache If the no-cache directive does not specify a field-name, then a cache MUST NOT use the response to satisfy a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent caching even by caches that have been configured to return stale responses to client requests. If the no-cache directive does specify one or more field-names, then a cache MAY use the response to satisfy a subsequent request, subject to any other restrictions on caching. However, the specified field-name(s) MUST NOT be sent in the response to a subsequent request without successful revalidation with the origin server. This allows an origin server to prevent the re-use of certain header fields in a response, while still allowing caching of the rest of the response. I am missing something? Cheers, Brian -----Original Message----- From: Graham Leggett [mailto:[EMAIL PROTECTED]] Sent: 19 February 2002 11:59 To: [EMAIL PROTECTED] Subject: Re: mod_proxy Cache-Control: no-cache=<directive> support Apache 1.3 "Fowler, Brian" wrote: > Due to a requirement on a project we are currently working on > involving using Apache as a caching reverse proxy server to WebLogic. > > We are considering implementing the > > Cache-Control: no-cache=<directive> > > for the Apache 1.3 mod_proxy module so allow us to prevent the caching > of certain headers served by WebLogic. (In particular the session > cookie.) > > Has/is anyone working in this area? Is there any specific reason why > this has deliberately not been implemented already? (E.g. performance > hit?) Any views on this directive? I'm not 100% sure what your question is. The apache proxy follows RFC2616 when it comes to understanding and honouring the Cache-Control directive. The responsibility of setting this header correctly is that of your Weblogic application. If the application is braindead, you should be able to use the capability of mod_headers to add the cache-control header within apache itself. (As I am aware this should work, as long as mod_headers comes before mod_proxy in your config. In v2.0, this should work automatically - but test it first). Regards, Graham -- ----------------------------------------- [EMAIL PROTECTED] "There's a moon over Bourbon Street tonight..." This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.