varnish + sharepoint 2010

Paul A. Procacci pprocacci at datapipe.com
Thu Feb 2 02:35:35 CET 2012 

So you need to check if a user is authorized for an object (which may or may not already be cached by Varnish) by means of an external application. (Sharepoint)

Something along the lines perhaps?

###################################
sub vcl_recv {
  if (req.url ~ "^/authorized_content") {
    if (req.restarts == 0) {
      set req.backend = authorization_backend;
      return(pass);
    } else {
      set req.backend = real_backend;
      set req.url = regsub(req.url, "_authorize_me", "");
    }
  }
}

sub vcl_fetch {
  if (req.url ~ "^/authorized_content" && req.restarts == 0) {
    if (beresp.status == 200) {
      restart;
    } else {
      error 403 "Not authorized";
    }
  }
}
###################################

Part of the problem is, Varnish doesn't know what's authorized and it will have to check every request to ensure a request is in fact authorized for the given content.
Other than the above brief example, you could possibly create a vmod that caches responses from the `authorization_backend` and uses that for future requests. (if one doesn't exist already)

~Paul

On Wed, Feb 01, 2012 at 08:12:56PM -0500, Sean McHugh wrote:
> Sharepoint 2010, typical installation.  Protected with Kerberos/SPNEGO ...
> looking to
> squeeze the most i can out of varnish to reduce effect of latency on our
> private WAN.
>
> A number of the key urls are for public consumption (images for corporate
> news/js/css/axd), but the entire Sharepoint site is protected - how can i
> bypass the default behavior and cache the result of authenticated requests
> for future GETs ?

> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

________________________________

This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you.

More information about the varnish-misc mailing list