Authenticate or Authorization?
Ricardo Newbery
ric at digitalmarbles.com
Fri Mar 28 02:20:20 CET 2008
On Mar 27, 2008, at 5:50 PM, Cherife Li wrote:
> On 03/28/08 06:47, Ricardo Newbery wrote:
>> In the default vcl, we have the following test...
>> if (req.http.Authenticate || req.http.Cookie) {
>> pass;
>> }
>> What issues an Authenticate header? Was this supposed to be
>> Authorization?
> I'm also wondering that whether this http.Authenticate means Proxy-
> Authenticate
> , Proxy-Authorization, and WWW-Authenticate headers defined in RFC
> 2616.
WWW-Authenticate and Proxy-Authenticate are response headers, not
request headers. And they are supposed to accompany a 401 or 407
response, neither of which should be cacheable in any event.
Proxy-Authorization is a request header but it would only be sent by a
browser if Varnish first requested it with a 407 response, which I'm
pretty sure Varnish does not do.
Ric
More information about the varnish-misc
mailing list