HTTP Authorization Patch

cripy ccripy at
Wed Feb 21 17:39:10 CET 2007

Hello, we recently ran into an issue with varnish when http authorizations
were concerned so I created this patch [ it can probably be done a whole lot
better ].  The attached patch has a function cnt_auth which calls an
external function that you must insert yourself.  It passes the  external
function the username and password base64 encoded, the users ip, and the
path of the filename.  It is up to your external function to decide whether
the credentials presented are correct or not and return a 1 or -1.  (true or
false).  If false it sets the sp->handling to VCL_RET_PASS which will pass
it off to the server.  The patch also modifies cnt_fetch function to check
for  a 401 status code to prevent us from caching an actual 401 Unauthorized
status and serving that to a legitimate client.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: varnish-auth-0.1.patch
Type: text/x-patch
Size: 1480 bytes
Desc: not available
URL: <>

More information about the varnish-misc mailing list