But that would be very specific to the bad request. Why would it benefit the
next request to be denied with that same response?
On Wednesday, November 9, 2016 11:23 AM, Sudheer Vinukonda
<[email protected]> wrote:
Generally, I'd think if the Origin responded with Cache-Control headers that
permit caching, it should be cached.
For e.g., for a 400 response, the Origin may include a Cache-Control: Vary
header indicating what parts of the request that it didn't like.
- Sudheer
From: Alan Carroll <[email protected]>
To: Dev <[email protected]>
Sent: Wednesday, November 9, 2016 8:17 AM
Subject: Don't negative cache 400 responses.
We are having this problem inside Yahoo! and it seems to me to be wrong to
negative caches a 400 (HTTP_STATUS_BAD_REQUEST) because that is a user agent /
proxy problem, not an origin server problem. It can lead to easy (if temporary)
denial of service by simply sending a bogus request through ATS. I'd like to
clip that status out of is_negative_caching_appropriate.
