want to allow or deny an URL based on a timestamp

Darryl Dixon - Winterhouse Consulting darryl.dixon at winterhouseconsulting.com
Wed Aug 13 00:02:07 CEST 2008

I'm not sure how the original post specifically relates to binary file
downloads (not familiar with the lighttpd module referenced). However, I
was going to comment that the requested behaviour is really better
implemented at the backend. My quick sketch of how this might work is
something like:

1) Backend generates time-sensitive URL and flags it with some
application-specific header "X-MyApp-Cachetimeout: 500" for eg, a 500
second lifetime.
2) At the same time, it applies all the usual Cache-Control: private etc
for any intermediate caches that may live in the request chain.
3) Varnish watches the returned content and when it sees
X-MyApp-Cachetimeout it knows to cache the object and set the obj.ttl to
the referenced value.
...Time passes...
4) Object expires and Varnish goes to fetch it from the backend, which of
course returns 404 or whatever as the URL has expired.

In this way, the internals of the application are hidden from Varnish as
much as possible and localised inside the application itself.

Hope this helps.

Darryl Dixon
Winterhouse Consulting Ltd

> Nearly every modern webserver has optimized file transfers using
> sendfile(2).  You're not going to get any better performance by shifting
> the
> burden of this task to your caching proxies.
> --Michael
> On Tue, Aug 12, 2008 at 12:53 AM, Sascha Ottolski <ottolski at web.de> wrote:
>> Hi all,
>> I'm certain that it's possible, but am not sure how to do it: I want to
>> let my application create "encrypted" URLs, that are valid only for a
>> specific amount of time. I guess with the help of embedded C and
>> manually constructed hash keys this should be doable. Now I'm wondering
>> if may be someone already has done something like this, or as other
>> ideas to achieve this?
>> My idea is basically inspired by a lighttpd module:
>> http://trac.lighttpd.net/trac/wiki/Docs:ModSecDownload
>> The workflow would be something like
>> - "decrpyt" incoming URL
>> - rewrite URL, extract timestamp
>> - if not in range, send 404 (or what seems appropriate)
>> - if timestamp is ok, set hash key
>> - deliver object from cache or pull from backend
>> Thanks for any pointer,
>> Sascha
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at projects.linpro.no
>> http://projects.linpro.no/mailman/listinfo/varnish-misc
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at projects.linpro.no
> http://projects.linpro.no/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list