HTTP Authorization Patch

cripy ccripy at gmail.com
Fri Feb 23 00:54:45 CET 2007


On 2/22/07, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:
>
> In message <dacbdcd10702210839n1d8b3be5gdb73de697a492c0c at mail.gmail.com>,
> cripy
> writes:
>
> >Hello, we recently ran into an issue with varnish when http
> authorizations
> >were concerned so I created this patch [ it can probably be done a whole
> lot
> >better ].  The attached patch has a function cnt_auth which calls an
> >external function that you must insert yourself.
>
> One of the most damanging accusations ever launched against any
> programming language was in one of the historical attacks on PASCAL.
>
> I can't remember who exactly wrote it, but the operative sentence was:
>
>         "Worst of all, there is no escape."
>
> VCL has a planned escape mechanism, but I have not said anything
> about it yet, wanting to see if anybody actually needed it.
>
> The concept is that hat arbitrary C-code can be inserted into VCL
> programs, possibly something like:
>
>         sub vcl_recv {
>                 C{
>                 {
>                 char *p = VRT_GetHdr(sp, 1, "\005Host:");
>
>                 ...
>                 }
>                 }C
>         }
>
> That should allow you to do what your patch does, entirely
> from within VCL.
>
> --
> Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
> phk at FreeBSD.ORG         | TCP/IP since RFC 956
> FreeBSD committer       | BSD since 4.3-tahoe
> Never attribute to malice what can adequately be explained by
> incompetence.
>


Hey Poul,
  Thanks for the prompt response and help.  However, I can't seem to get
this to work properly I am receiving the following error upon varnishd
startup:

Expected action, 'if' or '}'
In VCL code Line 7 Pos 16
                C{
----------------#-

Any help is appreciated as I believe that VCL is the best approach for
implementing this until something similar is implemented in varnish.  Thanks
again.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20070222/29b9679e/attachment-0001.html>


More information about the varnish-misc mailing list