diff --git a/doc/admin-guide/plugins/authproxy.en.rst b/doc/admin-guide/plugins/authproxy.en.rst
index 02d3a393468..b17984aa7cb 100644
--- a/doc/admin-guide/plugins/authproxy.en.rst
+++ b/doc/admin-guide/plugins/authproxy.en.rst
@@ -87,6 +87,11 @@ Plugin Options
   that by setting the :ts:cv:`proxy.config.http.cache.ignore_authentication`
   option on the request.
 
+--cache-internal
+  The option will allow the Traffic Server to cache internal
+  requests. By default, internally generated requests are
+  not cached as the agent needs to take the authorization decisions.
+
 Examples
 --------
 
diff --git a/plugins/authproxy/authproxy.cc b/plugins/authproxy/authproxy.cc
index 88dadd09c6a..aa52696362e 100644
--- a/plugins/authproxy/authproxy.cc
+++ b/plugins/authproxy/authproxy.cc
@@ -58,6 +58,7 @@ struct AuthOptions {
   int hostport                   = -1;
   AuthRequestTransform transform = nullptr;
   bool force                     = false;
+  bool cache_internal_requests   = false;
 
   AuthOptions()  = default;
   ~AuthOptions() = default;
@@ -624,6 +625,14 @@ AuthRequestIsTagged(TSHttpTxn txn)
   return AuthTaggedRequestArg != -1 && TSUserArgGet(txn, AuthTaggedRequestArg) != nullptr;
 }
 
+// Return true if the internal requests can be cached.
+static bool
+CacheInternalRequests(TSHttpTxn txn)
+{
+  AuthOptions *opt = static_cast<AuthOptions *>(TSUserArgGet(txn, AuthTaggedRequestArg));
+  return opt ? opt->cache_internal_requests : false;
+}
+
 static int
 AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata)
 {
@@ -642,8 +651,8 @@ AuthProxyGlobalHook(TSCont /* cont ATS_UNUSED */, TSEvent event, void *edata)
       // it as a global plugin (not highly recommended). Also remember that
       // the HEAD auth request might trip a different remap rule, particularly
       // if you do not have pristine host-headers enabled.
-      TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 0);
-
+      if (!CacheInternalRequests(txn))
+        TSHttpTxnConfigIntSet(txn, TS_CONFIG_HTTP_CACHE_HTTP, 0);
       AuthLogDebug("re-enabling internal transaction");
       TSHttpTxnReenable(txn, TS_EVENT_HTTP_CONTINUE);
       return TS_EVENT_NONE;
@@ -674,6 +683,7 @@ AuthParseOptions(int argc, const char **argv)
     {const_cast<char *>("auth-port"), required_argument, nullptr, 'p'},
     {const_cast<char *>("auth-transform"), required_argument, nullptr, 't'},
     {const_cast<char *>("force-cacheability"), no_argument, nullptr, 'c'},
+    {const_cast<char *>("cache-internal"), no_argument, nullptr, 'i'},
     {nullptr, 0, nullptr, 0},
   };
 
@@ -695,6 +705,9 @@ AuthParseOptions(int argc, const char **argv)
     case 'c':
       options->force = true;
       break;
+    case 'i':
+      options->cache_internal_requests = true;
+      break;
     case 't':
       if (strcasecmp(optarg, "redirect") == 0) {
         options->transform = AuthWriteRedirectedRequest;