Caching requests with Authorization Header

Hugo Cisneiros (Eitch) hugo.cisneiros at gmail.com
Mon Apr 6 23:08:58 CEST 2015


Hi,

>From documentation:
https://www.varnish-cache.org/docs/trunk/users-guide/increasing-your-hitrate.html#authorization

"Authorization
   If Varnish sees an 'Authorization' header it will pass the request.
If this is not what you want you can unset the header."

I have a scenario that works on varnish3 but won't work on varnish4.

As the subject says, I want to cache requests that were made with the
Authorization header. Before you start thinking "what a crazy and
insecure thing to do", let me explain:

I have an internal varnish cache that receives requests from
applications and serve content from an external CDN that is
authenticated (thus the Authorization header). Only internal servers
use it and I do this to save bandwidth. Every possible client knows
and uses the same Authorization header, so caching the requests are
not an issue.

I'm also trying to use the Authorization header in the hash_data too,
since it's always the same and if someone requests without knowing the
proper pass, varnish won't serve the right cache entry.

When I use the Authorization header, varnish4 does not cache at all...
And when I remove the Authorization header, it caches but I get 401
Forbidden from the CDN.

Is there a way to solve this?

-- 
[]'s
Hugo
www.devin.com.br



More information about the varnish-misc mailing list