Authenticate or Authorization?
Ricardo Newbery
ric at digitalmarbles.com
Fri Mar 28 06:59:53 CET 2008
On Mar 27, 2008, at 10:35 PM, Stig Sandbeck Mathisen wrote:
> On Thu, 27 Mar 2008 15:47:00 -0700, Ricardo Newbery <ric at digitalmarbles.com
> > said:
>
>> What issues an Authenticate header? Was this supposed to be
>> Authorization?
>
> Maybe, not sure.
>
> However, in order to check for HTTP authenticated connections, the
> headers look something like:
>
> GET / HTTP/1.1
> Host: http://login.example.com
> Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
>
> ...so you'll probably need to change that to match for "Authorization"
> instead, to not cache these documents.
Right... and if you wanted to follow RFC 2616 a bit closer, you could
move the test for Authorization to vcl_fetch instead of vcl_recv since
the spec allows a non-authenticated cached response to be served to an
authenticated request.
Ric
More information about the varnish-misc
mailing list