HTTP Authorization Patch

Poul-Henning Kamp phk at
Thu Feb 22 09:14:04 CET 2007

In message <dacbdcd10702210839n1d8b3be5gdb73de697a492c0c at>, cripy

>Hello, we recently ran into an issue with varnish when http authorizations
>were concerned so I created this patch [ it can probably be done a whole lot
>better ].  The attached patch has a function cnt_auth which calls an
>external function that you must insert yourself.

One of the most damanging accusations ever launched against any
programming language was in one of the historical attacks on PASCAL.

I can't remember who exactly wrote it, but the operative sentence was:

	"Worst of all, there is no escape."

VCL has a planned escape mechanism, but I have not said anything
about it yet, wanting to see if anybody actually needed it.

The concept is that hat arbitrary C-code can be inserted into VCL
programs, possibly something like:

	sub vcl_recv {
		char *p = VRT_GetHdr(sp, 1, "\005Host:");


That should allow you to do what your patch does, entirely
from within VCL.

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list