On Sat, Nov 10, 2012 at 3:25 PM, Thomas Åkesson <tho...@akesson.cc> wrote:
> I suppose this means that it would be a significant optimization to > perform HEAD rather than GET when discovering ACLs for every subdirectory > in a directory listing? > Probably - doing the HEAD request will run the full authn and authz checks, but it won't produce the bodies - you'll also save not having to send the responses on the wire - but you won't know what the directory listing is unless you do a GET in the first place. So, it might help at the leaf nodes in the tree. (But how would you know it's a leaf! Fun.) > Branko's concern is still interesting... because this behaviour (omitting > CL for HEAD requests) does seem to violate the HTTP RFC, but for good > reason. Given that mod_autoindex as well as mod_php (at least on the config > I tested) also omits CL for HEAD I suppose it is a well accepted > optimization in practice. > IIRC, there is an out in the RFC if the content is dynamic - this also may be something cleaned up in the httpbis RFC clarifications as forcing the server to generate the content only to throw it away (when it can't be pre-computed) is kinda pointless. -- justin
