On 11/07/2005 11:30 PM, Roy T. Fielding wrote: > On Nov 7, 2005, at 2:09 PM, Ruediger Pluem wrote: > >>> The problem is that without Cache-Control: private, any downstream cache >>> would have the exact same problem. There's no way for it to know that >>> the response differs based on IPs unless the Origin says so. -- justin >> >> >> This is true. But in the case of a forward proxy that is used to give >> office users access to the internet in general based on there IP this >> is no problem. > > > Then either the forward proxy has an external agreement with the > source (and can override the cache-control) or it has no clue > about the source and cannot safely cache the content. In any > case, the messages that we send must be correctly marked as > private because that is our configuration.
Just checking if I understood things correctly: If I have a forward proxy to which I limit access via IP based access control I should add Cache-Control: private to any response I get back from the backend (either a Remote Proxy or the origin server). This response would not be cached by mod_cache unless I overwrite it with CacheStorePrivate on. If I set CacheStorePrivate to on the reponse gets cached by mod_cache, but the next request for this (fresh) resource will not check the access control and deliver it to any client, regardless of the IP. Correct? Regards RĂ¼diger
