HTTP Authorization Patch
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Feb 22 09:14:04 CET 2007
In message <dacbdcd10702210839n1d8b3be5gdb73de697a492c0c at mail.gmail.com>, cripy
writes:
>Hello, we recently ran into an issue with varnish when http authorizations
>were concerned so I created this patch [ it can probably be done a whole lot
>better ]. The attached patch has a function cnt_auth which calls an
>external function that you must insert yourself.
One of the most damanging accusations ever launched against any
programming language was in one of the historical attacks on PASCAL.
I can't remember who exactly wrote it, but the operative sentence was:
"Worst of all, there is no escape."
VCL has a planned escape mechanism, but I have not said anything
about it yet, wanting to see if anybody actually needed it.
The concept is that hat arbitrary C-code can be inserted into VCL
programs, possibly something like:
sub vcl_recv {
C{
{
char *p = VRT_GetHdr(sp, 1, "\005Host:");
...
}
}C
}
That should allow you to do what your patch does, entirely
from within VCL.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list