Basic Auth

Scott Stewart scott.stewart at nbtsolutions.com
Sun Jun 3 17:00:59 CEST 2012 

Hi Hugo,

-I did as you suggested as added the 'pass' for requests asking for
authentication. And sure enough, it started asking for the
authentication--however it doesnt stop asking for the authentication--it
never seems to authenticate.  I know the auth works, because I can access
it without going through varnish and it works fine. Any idea what could be
the problem here?

FWIW, The auth is not a typical basic auth, but a basic auth against an
ldap using the apache and the mod_ldapns_auth

On Wed, May 30, 2012 at 3:50 PM, Scott Stewart <
scott.stewart at nbtsolutions.com> wrote:

> Hi
>
> I have a newly minted varnish (and a newly minted varnish user myself)
> install that has two backends,  as spec'ed in this vcl (below).
>
> The "wms1" has no auth on it.
>
> The "default" backend is a Apache server with basic auth, but no one is
> getting asked to authenticate. My understanding was the out of the box
> config for varnish would not cache those authentication required pages, but
> no one is being asked for a username/password
>
> What am I doing wrong here? The app works perfectly otherwise.
>
>
>
> # This is a basic VCL configuration file for varnish.  See the vcl(7)
> # man page for details on VCL syntax and semantics.
> #
> # Default backend definition.  Set this to point to your content
> # server.
> #
> backend default {
>     .host = "127.0.0.1";
>     .port = "8081";
> }
>
> backend wms1 {
>     .host = "example.com";
>     .port = "80";
> }
>
> sub vcl_recv {
>
>  if (req.http.host ~ "^(mapsdev\.)example\.com" && req.url~ "^/wms") {
>  set req.http.host = "maps.example.com";
> set req.url = regsub(req.url, "^/wms", "/wms");
>  set req.backend = wms1;
> if (req.request == "GET" && req.http.cookie)
>  {
>                 unset req.http.cookie;
> }
> }
>  if (req.http.host ~ "^(mapsdev\.)?example\.com" && req.url~ "^/app/") {
>  set req.url = regsub(req.url, "^/app/", "/flol/admin_2/public/");
> remove req.http.X-Forwarded-For;
>  set req.http.X-Forwarded-For = client.ip;
> }
>
> sub vcl_fetch {
> set beresp.ttl = 72h; // default ttl 72 hours
> if (req.http.Authorization)
>  {
> return(hit_for_pass);
> }
> }
>
> #
> # Below is a commented-out copy of the default VCL logic.  If you
> # redefine any of these subroutines, the built-in logic will be
> # appended to your code.
> # sub vcl_recv {
> #     if (req.restarts == 0) {
> # if (req.http.x-forwarded-for) {
> #     set req.http.X-Forwarded-For =
> # req.http.X-Forwarded-For + ", " + client.ip;
> # } else {
> #     set req.http.X-Forwarded-For = client.ip;
> # }
> #     }
> #     if (req.request != "GET" &&
> #       req.request != "HEAD" &&
> #       req.request != "PUT" &&
> #       req.request != "POST" &&
> #       req.request != "TRACE" &&
> #       req.request != "OPTIONS" &&
> #       req.request != "DELETE") {
> #         /* Non-RFC2616 or CONNECT which is weird. */
> #         return (pipe);
> #     }
> #     if (req.request != "GET" && req.request != "HEAD") {
> #         /* We only deal with GET and HEAD by default */
> #         return (pass);
> #     }
> #     if (req.http.Authorization || req.http.Cookie) {
> #         /* Not cacheable by default */
> #         return (pass);
> #     }
> #     return (lookup);
> # }
> #
> # sub vcl_pipe {
> #     # Note that only the first request to the backend will have
> #     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
> #     # have it set for all requests, make sure to have:
> #     # set bereq.http.connection = "close";
> #     # here.  It is not set by default as it might break some broken web
> #     # applications, like IIS with NTLM authentication.
> #     return (pipe);
> # }
> #
> # sub vcl_pass {
> #     return (pass);
> # }
> #
> # sub vcl_hash {
> #     hash_data(req.url);
> #     if (req.http.host) {
> #         hash_data(req.http.host);
> #     } else {
> #         hash_data(server.ip);
> #     }
> #     return (hash);
> # }
> #
> # sub vcl_hit {
> #     return (deliver);
> # }
> #
> # sub vcl_miss {
> #     return (fetch);
> # }
> #
> # sub vcl_fetch {
> #     if (beresp.ttl <= 0s ||
> #         beresp.http.Set-Cookie ||
> #         beresp.http.Vary == "*") {
> # /*
> #  * Mark as "Hit-For-Pass" for the next 2 minutes
> #  */
> # set beresp.ttl = 120 s;
> # return (hit_for_pass);
> #     }
> #     return (deliver);
> # }
> #
> # sub vcl_deliver {
> #     return (deliver);
> # }
> #
> # sub vcl_error {
> #     set obj.http.Content-Type = "text/html; charset=utf-8";
> #     set obj.http.Retry-After = "5";
> #     synthetic {"
> # <?xml version="1.0" encoding="utf-8"?>
> # <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
> #  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
> # <html>
> #   <head>
> #     <title>"} + obj.status + " " + obj.response + {"</title>
> #   </head>
> #   <body>
> #     <h1>Error "} + obj.status + " " + obj.response + {"</h1>
> #     <p>"} + obj.response + {"</p>
> #     <h3>Guru Meditation:</h3>
> #     <p>XID: "} + req.xid + {"</p>
> #     <hr>
> #     <p>Varnish cache server</p>
> #   </body>
> # </html>
> # "};
> #     return (deliver);
> # }
> #
> # sub vcl_init {
> # return (ok);
> # }
> #
> # sub vcl_fini {
> # return (ok);
> # }
>
>


-- 
Scott Stewart
Principal
NBT Solutions LLC
phone: (757)941-5110
email: scott.stewart at nbtsolutions.com
website:www.nbtsolutions.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120603/27aaf737/attachment.html>

More information about the varnish-misc mailing list