Robert Collins wrote:
> > Squid cannot cache content requiring authentication. This is
> > a very strict requirement in the HTTP specification to avoid
> > private content to be inadvertly caches and accessed by
> > unauthorized users.
>
> Just a note: IF and ONLY IF the origin server decides to allow it, such
> content can be cached (and only served out to the same user). Currently
> squid simply never caches, which could be changed to follow rfc2616, as
> we now have Vary support, which is a requirement for doing this.
Actually Vary has nothing to do with it unless the object really
depending on the user.
We already implement the needed cache-control directives for caching
public content even if the request was authenticated, including the mode
where the request is always verified with the origin server to check the
users authorization before a reply is sent to the user.
Regards
Henrik
Received on Tue Mar 26 2002 - 04:16:33 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:07:05 MST