Default behaviour with regards to Cache-Control

Ole Laursen olau at iola.dk
Thu Feb 12 12:20:39 CET 2009


Poul-Henning Kamp <phk at ...> writes:

> We don't consider varnish a "shared cache" in the RFC2616 sense of
> the concept, because the varnish instance is fully under the control
> of the servers administrator, and should therefore be considered
> part of the server.

As I read that part of the RFC, shared simply means shared between more than one
user, the key part here is that it's used to signal that it's "intended for only
one user and not a valid response for requests by other users".

> The fine point here is that you *know* why your headers are the way
> the are, and can implement the policy you desire in your VCL,
> whereas a "hostile" shared cache can only look at the headers
> and do as told, not knowing the underlying reason.

Yes, all well, but that's an argument for being able to configure it (which is
cool), not really an argument for or against what the default behaviour is.

When it comes to cookies, Varnish is as default verging on the side of safety in
by-passing the cache.

Why wouldn't you do the same to private? Principle of least surprise?


Ole





More information about the varnish-misc mailing list