Default behaviour with regards to Cache-Control

Ole Laursen olau at iola.dk
Thu Feb 12 10:57:02 CET 2009


Poul-Henning Kamp <phk at ...> writes:
> In message <loom.20090211T115351-267 at ...>, Ole Laursen writes:
> 
> >Why doesn't Varnish respect Cache-Control: private and Cache-Control: no-cache
> >out of the box?
> 
> Because we see those as headers you want non-friendly caches to act on,
> whereas we consider Varnish a friendly cache, under your control.

OK, I didn't expect that reply. :-)

Is it because some backends send out no-cache and private even when they don't
mean it? Otherwise I don't get it. If they do mean it, returning the same object
is not safe, e.g. in my case it meant that if someone from Germany had visited
the URL, all Danes would be redirected to the euro-as-currency page until
Varnish let the object go.

I looked up private here

  http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

and it says

    Indicates that all or part of the response message is intended
    for a single user and MUST NOT be cached by a shared cache. This
    allows an origin server to state that the specified parts of the
    response are intended for only one user and are not a valid
    response for requests by other users

I'm not saying that Varnish should follow this just because it's in the
standard, but I think it should follow it (as default) unless we know that most
backends use private the wrong way.


Ole





More information about the varnish-misc mailing list