Roy T.Fielding wrote: > On Nov 4, 2005, at 10:56 AM, William A. Rowe, Jr. wrote: > >> It leaves us wondering; how can allow from/deny from n.n.n.n be mapped to >> RFC 2616 semantics, or at least, without running the many server hooks on >> later requests? The only way I can see, is that we should have any more >> explicit allow from/deny from leave a marker in the request record >> from that >> authorization phase, and mark it nocache if the request doesn't otherwise >> set the authentication required headers. > > Cache-control: private > > is what should be added for any resource under access control.
But.. But.. But.. I want to have my cake and eat it too. This does imply we should be adding this header anytime _)any_ mod_authz_* module is invoked. That would suck. I still like making it admin configurable. Allowing the admin to configure mod_cache to run as a quick-handler, or a normal-handler. It puts the burden of breaking standards onto the Admin. -Paul
