On Mar 27, 2008, at 10:35 PM, Stig Sandbeck Mathisen wrote: > On Thu, 27 Mar 2008 15:47:00 -0700, Ricardo Newbery <[EMAIL PROTECTED] > > said: > >> What issues an Authenticate header? Was this supposed to be >> Authorization? > > Maybe, not sure. > > However, in order to check for HTTP authenticated connections, the > headers look something like: > > GET / HTTP/1.1 > Host: http://login.example.com > Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ= > > ...so you'll probably need to change that to match for "Authorization" > instead, to not cache these documents.
Right... and if you wanted to follow RFC 2616 a bit closer, you could move the test for Authorization to vcl_fetch instead of vcl_recv since the spec allows a non-authenticated cached response to be served to an authenticated request. Ric _______________________________________________ varnish-misc mailing list [email protected] http://projects.linpro.no/mailman/listinfo/varnish-misc
