[master] 90127a475 builtin: Split vcl_recv in logical chunks

Nils Goroll nils.goroll at uplex.de
Wed Mar 3 10:15:04 UTC 2021 

commit 90127a47534f3f23eed42a8fe15aca09e38000d0
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Tue Jan 26 10:55:59 2021 +0100

    builtin: Split vcl_recv in logical chunks
    
    There is a very slight breaking change in the sense that the host header
    check is grouped with its normalization which swaps its order with the
    PRI method check.
    
    In practice that only means that if you have both an unattended PRI
    request missing a host header, you'll get a 400 instead of a 405. You
    have to get both wrong in the first place so I don't consider this a
    concern.

diff --git a/bin/varnishd/builtin.vcl b/bin/varnishd/builtin.vcl
index f975fb4d3..96aeb6474 100644
--- a/bin/varnishd/builtin.vcl
+++ b/bin/varnishd/builtin.vcl
@@ -36,19 +36,30 @@ vcl 4.0;
 # Client side
 
 sub vcl_recv {
+	call vcl_req_host;
+	call vcl_req_method;
+	call vcl_req_authorization;
+	call vcl_req_cookie;
+	return (hash);
+}
+
+sub vcl_req_host {
 	if (req.http.host) {
 		set req.http.host = req.http.host.lower();
 	}
-	if (req.method == "PRI") {
-		# This will never happen in properly formed traffic (see: RFC7540)
-		return (synth(405));
-	}
 	if (!req.http.host &&
 	    req.esi_level == 0 &&
 	    req.proto ~ "^(?i)HTTP/1.1") {
 		# In HTTP/1.1, Host is required.
 		return (synth(400));
 	}
+}
+
+sub vcl_req_method {
+	if (req.method == "PRI") {
+		# This will never happen in properly formed traffic.
+		return (synth(405));
+	}
 	if (req.method != "GET" &&
 	    req.method != "HEAD" &&
 	    req.method != "PUT" &&
@@ -60,22 +71,22 @@ sub vcl_recv {
 		# Non-RFC2616 or CONNECT which is weird.
 		return (pipe);
 	}
-
 	if (req.method != "GET" && req.method != "HEAD") {
-		# We only deal with GET and HEAD by default
+		# We only deal with GET and HEAD by default.
 		return (pass);
 	}
+}
+
+sub vcl_req_authorization {
 	if (req.http.Authorization) {
-		# Not cacheable by default
+		# Not cacheable by default.
 		return (pass);
 	}
-	call vcl_req_cookie;
-	return (hash);
 }
 
 sub vcl_req_cookie {
 	if (req.http.Cookie) {
-		# Risky to cache by default
+		# Risky to cache by default.
 		return (pass);
 	}
 }

More information about the varnish-commit mailing list