Basic Auth

Scott Stewart scott.stewart at nbtsolutions.com
Wed May 30 21:50:47 CEST 2012 

Hi

I have a newly minted varnish (and a newly minted varnish user myself)
install that has two backends,  as spec'ed in this vcl (below).

The "wms1" has no auth on it.

The "default" backend is a Apache server with basic auth, but no one is
getting asked to authenticate. My understanding was the out of the box
config for varnish would not cache those authentication required pages, but
no one is being asked for a username/password

What am I doing wrong here? The app works perfectly otherwise.



# This is a basic VCL configuration file for varnish.  See the vcl(7)
# man page for details on VCL syntax and semantics.
#
# Default backend definition.  Set this to point to your content
# server.
#
backend default {
    .host = "127.0.0.1";
    .port = "8081";
}

backend wms1 {
    .host = "example.com";
    .port = "80";
}

sub vcl_recv {

 if (req.http.host ~ "^(mapsdev\.)example\.com" && req.url~ "^/wms") {
set req.http.host = "maps.example.com";
set req.url = regsub(req.url, "^/wms", "/wms");
set req.backend = wms1;
if (req.request == "GET" && req.http.cookie)
{
                unset req.http.cookie;
}
}
 if (req.http.host ~ "^(mapsdev\.)?example\.com" && req.url~ "^/app/") {
set req.url = regsub(req.url, "^/app/", "/flol/admin_2/public/");
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
}

sub vcl_fetch {
set beresp.ttl = 72h; // default ttl 72 hours
if (req.http.Authorization)
{
return(hit_for_pass);
}
}

#
# Below is a commented-out copy of the default VCL logic.  If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
# sub vcl_recv {
#     if (req.restarts == 0) {
# if (req.http.x-forwarded-for) {
#     set req.http.X-Forwarded-For =
# req.http.X-Forwarded-For + ", " + client.ip;
# } else {
#     set req.http.X-Forwarded-For = client.ip;
# }
#     }
#     if (req.request != "GET" &&
#       req.request != "HEAD" &&
#       req.request != "PUT" &&
#       req.request != "POST" &&
#       req.request != "TRACE" &&
#       req.request != "OPTIONS" &&
#       req.request != "DELETE") {
#         /* Non-RFC2616 or CONNECT which is weird. */
#         return (pipe);
#     }
#     if (req.request != "GET" && req.request != "HEAD") {
#         /* We only deal with GET and HEAD by default */
#         return (pass);
#     }
#     if (req.http.Authorization || req.http.Cookie) {
#         /* Not cacheable by default */
#         return (pass);
#     }
#     return (lookup);
# }
#
# sub vcl_pipe {
#     # Note that only the first request to the backend will have
#     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
#     # have it set for all requests, make sure to have:
#     # set bereq.http.connection = "close";
#     # here.  It is not set by default as it might break some broken web
#     # applications, like IIS with NTLM authentication.
#     return (pipe);
# }
#
# sub vcl_pass {
#     return (pass);
# }
#
# sub vcl_hash {
#     hash_data(req.url);
#     if (req.http.host) {
#         hash_data(req.http.host);
#     } else {
#         hash_data(server.ip);
#     }
#     return (hash);
# }
#
# sub vcl_hit {
#     return (deliver);
# }
#
# sub vcl_miss {
#     return (fetch);
# }
#
# sub vcl_fetch {
#     if (beresp.ttl <= 0s ||
#         beresp.http.Set-Cookie ||
#         beresp.http.Vary == "*") {
# /*
#  * Mark as "Hit-For-Pass" for the next 2 minutes
#  */
# set beresp.ttl = 120 s;
# return (hit_for_pass);
#     }
#     return (deliver);
# }
#
# sub vcl_deliver {
#     return (deliver);
# }
#
# sub vcl_error {
#     set obj.http.Content-Type = "text/html; charset=utf-8";
#     set obj.http.Retry-After = "5";
#     synthetic {"
# <?xml version="1.0" encoding="utf-8"?>
# <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
#  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
# <html>
#   <head>
#     <title>"} + obj.status + " " + obj.response + {"</title>
#   </head>
#   <body>
#     <h1>Error "} + obj.status + " " + obj.response + {"</h1>
#     <p>"} + obj.response + {"</p>
#     <h3>Guru Meditation:</h3>
#     <p>XID: "} + req.xid + {"</p>
#     <hr>
#     <p>Varnish cache server</p>
#   </body>
# </html>
# "};
#     return (deliver);
# }
#
# sub vcl_init {
# return (ok);
# }
#
# sub vcl_fini {
# return (ok);
# }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120530/2d8cf1fd/attachment.html>

More information about the varnish-misc mailing list