HTTP Authorization

cripy ccripy at
Tue Feb 13 18:24:02 CET 2007

Hello, I am curious to know whether anybody has had any success with caching
files with HTTP authorization and still authorizing correctly.  I have tried
to implement the following VLC:

sub vcl_recv {
 if (req.url ~ "\.jpg$|\.mpg$|\.wmv$") {
 if (req.http.Cookie) {

This will correctly pipe all cookie and authorization attempts, and allow
correct caching of mpg's/wmv's/jpg's-- however, once it has been cached
anybody can wget the full url to the mpg/wmv/jpg and varnish will hand it
over from the cache without checking authorization since my vlc is kind of
'skipping' that part.  I'm trying to figure out a why to somehow make it
pass all authorizations to a server first to check if it's kosher THEN send
the file from cache ... not sure if this is currently possible.  Anybody
have any advice?  Any comments are greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the varnish-misc mailing list