You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Laurent Tu <pi...@gmail.com> on 2007/10/26 17:49:00 UTC

Proxy authentication bypassed when serving cached content

Hi,


>From my understanding of mod_cache, proxy authentication (header
Proxy-Authenticate) is not asked when serving cached content in a forward
proxy configuration: mod_cache operates on the quick_handler hook whereas
authentication operates later in the request process. I have tried it on a
real case as well:
<Proxy *>
   AuthType Basic
   ...
   Require valid-user
</Proxy>

Content not available in cache goes through the authentication, but not the
cached one. As a result, a user does not need to be authenticated to access
a cached result.

So, here we are:
- Am I wrong?
- Is it a normal behavior?
- If not: is it addressed by someone?
- If not: what about I do it: is checking user information in the quick
handler hook before mod_cache (in case it fails, we send 407,
Proxy-Authenticate, return OK) a good solution?


Thanks
Laurent