cache pages with apache auth

Tim Dunphy bluethundr at gmail.com
Mon Jun 29 02:57:26 CEST 2015 

Hey guys,

 Ok so I have a website that uses apache basic authentication that needs to
be cached.

 When apache auth is in the config, I get a 503 error and this is what I
see in the varnishlog:

    0 Backend_health - web2 Still sick 4--X-R- 0 3 5 0.014946 0.000000
HTTP/1.1 401 Unauthorized
    0 Backend_health - web1 Still sick 4--X-R- 0 3 5 0.014766 0.000000
HTTP/1.1 404 Not Found

As soon as I remove apache auth from the site, it starts working from
behind varnish.

So I tried using this tutorial to cache the site with authentication in
place:

http://blog.tenya.me/blog/2011/12/14/varnish-http-authentication/

Here's my vcl file:

probe healthcheck {

  .url = "/healthcheck.php";

  .timeout = 5s;

  .interval = 2s;

  .window = 5;

  .threshold = 3;

}


backend web1 {

  .host = “10”10.10.25”;

  .port = "80";

  .probe = healthcheck;

  .connect_timeout = 30s;

  .first_byte_timeout = 30s;

  .between_bytes_timeout = 30s;

  .max_connections = 70;

}


backend web2 {

  .host = “10.10.10.26;

  .port = "80";

  .probe = healthcheck;

  .connect_timeout = 30s;

  .first_byte_timeout = 30s;

  .between_bytes_timeout = 30s;

  .max_connections = 70;

}



director www client {

  { .backend = web1 ; .weight = 2;  }

  { .backend = web2 ; .weight = 2;  }

 }



sub vcl_recv {



    set req.backend = www;


    unset req.http.cookie;


    if (! req.http.Authorization ~ "Basic someBase64hash”)

    {

        error 401 "Restricted";

     }


    if (req.backend.healthy) {

       set req.grace = 30s;

      } else {

        set req.grace = 4h;

    }


    return (lookup);

}


sub vcl_fetch {



   if ( req.url ~ "^/index.php$" || req.url ~
"^/cometchat/cometchat_receive.php$") {

      set beresp.ttl = 3600s;

   }


    set beresp.grace = 4h;


    return (deliver);

}


sub vcl_error {


  if (obj.status == 401) {

  set obj.http.Content-Type = "text/html; charset=utf-8";

  set obj.http.WWW-Authenticate = "Basic realm=Secured";

  synthetic {"


 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"

 "http://www.w3.org/TR/1999/REC-html401-19991224/loose.dtd">


 <HTML>

 <HEAD>

 <TITLE>Error</TITLE>

 <META HTTP-EQUIV='Content-Type' CONTENT='text/html;'>

 </HEAD>

 <BODY><H1>401 Unauthorized (varnish)</H1></BODY>

 </HTML>

 "};

  return (deliver);

  }



}


sub vcl_deliver {

     if (obj.hits> 0) {

      set resp.http.X-Cache = "HIT";

     } else {

        set resp.http.X-Cache = "MISS";

     }

 }

I'd appreciate any tips on how to get this to work you may have!


Thanks,

Tim




-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20150628/25e23c7d/attachment.html>

More information about the varnish-misc mailing list