Default behaviour with regards to Cache-Control
Ole Laursen
olau at iola.dk
Thu Feb 12 10:57:02 CET 2009
Poul-Henning Kamp <phk at ...> writes:
> In message <loom.20090211T115351-267 at ...>, Ole Laursen writes:
>
> >Why doesn't Varnish respect Cache-Control: private and Cache-Control: no-cache
> >out of the box?
>
> Because we see those as headers you want non-friendly caches to act on,
> whereas we consider Varnish a friendly cache, under your control.
OK, I didn't expect that reply. :-)
Is it because some backends send out no-cache and private even when they don't
mean it? Otherwise I don't get it. If they do mean it, returning the same object
is not safe, e.g. in my case it meant that if someone from Germany had visited
the URL, all Danes would be redirected to the euro-as-currency page until
Varnish let the object go.
I looked up private here
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html
and it says
Indicates that all or part of the response message is intended
for a single user and MUST NOT be cached by a shared cache. This
allows an origin server to state that the specified parts of the
response are intended for only one user and are not a valid
response for requests by other users
I'm not saying that Varnish should follow this just because it's in the
standard, but I think it should follow it (as default) unless we know that most
backends use private the wrong way.
Ole
More information about the varnish-misc
mailing list