ric at digitalmarbles.com
Fri May 2 11:41:11 CEST 2008
On May 1, 2008, at 10:50 PM, Wichert Akkerman wrote:
> Ricardo Newbery wrote:
>> On May 1, 2008, at 2:21 PM, Wichert Akkerman wrote:
>>> Previously Ricardo Newbery wrote:
>>>> Just poking around the tracker and I noticed some activity on the
>>>> example plone vcl. http://varnish.projects.linpro.no/changeset/
>>>> Just thought I would chime in that the example has issues.
>>>> First of all, it's unnecessary to filter cookie-authenticated
>>>> as authenticated responses are already set with a past date Expires
>>>> (although you need to set a default_ttl of zero seconds, http://varnish.projects.linpro.no/ticket/236)
>>> Actually that is not true. It holds for document, but a quick test
>>> it does not for images.
>> Pardon, can you elaborate? What does not hold true?
>> I realize that setting a default_ttl of zero seconds introduces
>> another problem in that items without explicit cache control would
>> not be cached. That's why fixing the varnish Expires handling
>> would be better.
> Authenticated requests do not always get a past Expires-date in
> their response. This appears to only be true for documents (like
> ATDocument) but not for images (like ATImage).
Ah right... but I believe this is by design. Images are usually not
intended to be excluded from proxy caches. In Plone, by default even
if the images are restricted by their workflow state to authenticated
requests, the response does not have any cache-control to exclude it
from shared caches downstream (in my opinion, this is a bug). And if
you can't exclude it from downstream shared caches, it's rather
pointless to exclude it from the reverse proxy cache.
The problem with the example zope-plone.vcl is that it excludes ALL
cookie-authenticated responses -- even those inline images, css, and
caches -- making authenticated browsing unnecessarily taxing on the
More information about the varnish-misc