Ruediger Pluem wrote:
If I have a forward proxy to which I limit access via IP based access control I should add Cache-Control: private to any response I get back from the backend (either a Remote Proxy or the origin server).
A very important distinction: forward and reverse proxy authentication works completely differently from each other.
In a forward proxy configuration, you authenticate access to the proxy using Proxy-Authenticate. Once authenticated you can view cached content.
In a reverse proxy (or any normal content) configuration, you authenticate access to content using WWW-Authenticate, and here the Cache-Control: private must be used to make sure that content generated for you is not inadvertently delivered to someone else.
Cache-Control: private is not necessary in the forward proxy config. It is necessary in the reverse proxy / normal config case.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
