On Wed, 2003-03-05 at 15:50, Henrik Nordstrom wrote:
> On Wednesday 05 March 2003 23.18, Craig Kelley wrote:
>
> > 2) If I turn on basic HTTP authentication in Apache with something
> > like this, however:
> >
> > AuthType Basic
> > AuthName ByPassword
> > AuthUserFile /var/www/secure/users
> > <Limit GET PUT POST DELETE>
> > Require valid-user
> > </Limit>
> >
> > Then squid will always re-fetch the file regardless; a cache miss
> > every time. Is this an Apache problem?
>
> This is normal. A shared cache cannot cache content which are
> protected by authentication unless the response includes
> "Cache-control: public" which tells caches that even if the request
> included authentication the response does not actually require
> authentication and may be cached by shared caches.
Just for the archives; I solved the problem by using this on the source
HTTPD server:
<Directory dir/to/cache/goes/here>
Options FollowSymLinks
AllowOverride None
Header set Cache-control public
AuthType Basic
AuthName ByPassword
AuthUserFile /path/to/htpasswd/file/goes/here
<Limit GET PUT POST DELETE>
Require valid-user
</Limit>
</Directory>
Many thanks Henrik for the HTTP header hint.
-Craig (who now can throw CODA away)
