On Mon, Nov 07, 2005 at 09:28:54PM +0000, Nick Kew wrote: > > No, you should be setting Vary: * if the content varies. That is > > also required by HTTP. > > That applies if it varies by some request header.
"Vary: *" means that how the content varies in unspecified, and section 12.1 of RFC2616 explicitly mentions the network address of the client as an example of server driven negotiation, and that the Vary header can be used for such things :) > The whole problem here is that Remote-IP is not a request header. > It is not accessible through HTTP. And it would be hard to incorporate, > because either we trust it and it's trivial to forge, or we enforce it and > exclude any client behind NAT. Content that is variable by IP address should have "Vary: *" imo, and content that is allowed/denied on a per-IP address basis, should probably have "Cache-Control: private". The first is really a problem for server administrators, but the second can be handled by httpd, would it be reasonable to set the header unless there is either no Allow/Deny rules at all, or there is one "Allow from all" rule and no Deny rules? -- Colm MacCárthaigh Public Key: [EMAIL PROTECTED]
