On 11/07/2005 07:27 PM, Roy T. Fielding wrote: > On Nov 7, 2005, at 2:06 AM, Nick Kew wrote: > >> On Monday 07 November 2005 03:26, Paul Querna wrote: >> >>>> Cache-control: private >>>> >>>> is what should be added for any resource under access control. >> >> >> I'd prefer something a little less drastic, like 'faking' a header out >> of remote-ip. > > > Why? All you accomplish is to cause this problem of a downstream > cache not knowing that there is access control. If you don't want > access control, then don't use access control. I agree that there are many situation where it does not make sense to cache things under access control, but there are ones where it makes sense.
e.g. If you create a forward proxy with httpd that should use caching and that only a limited number of clients on your LAN should be able to use. So I agree with Paul that it should be configurable. Regards RĂ¼diger