On 11/07/2005 10:10 PM, Roy T. Fielding wrote: > On Nov 7, 2005, at 1:01 PM, Paul Querna wrote: > >>> If there is a compelling reason to support not adding Cache-Control: >>> private to authenticated requests, then it's definitely an option, but I >>> think we should default to the safe option for now. >> >> >> The compelling reason is that this implies that even for the DEFAULT >> configuration of apache, we should be sending cache-control private, for >> EVERY page served. > > > Why?
Not for every page, but if I get it right once you lock out one bad boy via deny ipaddress than it should be sent. AFAIK this not done automatically currently once you add a deny directive somewhere. Does this need to be changed? Regards RĂ¼diger
