HTTP Authorization

cripy ccripy at gmail.com
Tue Feb 13 18:24:02 CET 2007


Hello, I am curious to know whether anybody has had any success with caching
files with HTTP authorization and still authorizing correctly.  I have tried
to implement the following VLC:

----------------------
sub vcl_recv {
 if (req.url ~ "\.jpg$|\.mpg$|\.wmv$") {
  lookup;
 }
 if (req.http.Cookie) {
  pipe;
 }
 lookup;
}
----------------------

This will correctly pipe all cookie and authorization attempts, and allow
correct caching of mpg's/wmv's/jpg's-- however, once it has been cached
anybody can wget the full url to the mpg/wmv/jpg and varnish will hand it
over from the cache without checking authorization since my vlc is kind of
'skipping' that part.  I'm trying to figure out a why to somehow make it
pass all authorizations to a server first to check if it's kosher THEN send
the file from cache ... not sure if this is currently possible.  Anybody
have any advice?  Any comments are greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20070213/df70ba0a/attachment-0001.html>


More information about the varnish-misc mailing list