There is a consideration, regarding using a proxy or a different server, that has not been brought up: If there is mod_perl based access control for the static files, then it's basically impossible not to go through a mod_perl server to serve them.
If you're access control is in mod_perl, you have to at least hit the mod_perl server to check whether access is allowed.
I've not used it myself, however Perlbal has a neat feature where it can "internally" redirect. So mod_perl can return a redirect to Perlbal, which will then go and retrieve the real file from your static server and send that to the client. Otherwise I'm not sure how complete a proxy solution Perlbal is but Live Journal is suppoed to be using it.
In fact, I'm not sure what the effect would be in that scenario if a proxy was used: would it serve the static file regardless of the access control?, does it depend on the expiration data on the headers sent through the proxy when the acess controled static file was sent?
Proxies should inspect the Vary: header to see under what conditions it can serve the same content. So if you're using Cookies for authentication, you should have 'Cookie' in your Vary header. It will then only re-serve the same content should it receive the same Vary header.
Compared with setting the content to be no-cache or immediately expired this has the advantage that if the client re-requests the same resource it can be served from proxy cache rather than hitting the end servers again.
Carl
