Caching requests with Authorization Header

Jennings III, Raymond raymond.jennings at nytimes.com
Mon Apr 6 23:19:18 CEST 2015


What about doing something like renaming that header so that the default
vcl subroutine won't see it?  Or maybe just always return from your
sub-routine so that the default vcl never runs.

I use a couple of techniques like what you are describing - where I add GET
params on the URL based on a particular header value as well as the inverse
(take GET parameters off of the URL so that they are not hashed) and stick
those values into a "X-" type header.

Maybe you can describe your technique in V3 so that we can see how we might
do the same in V4.  I'm not an expert on V4 but I have reworked some of the
techniques that I have been using in V3 to V4 successfully.


Raymond Jennings III
*nytimes.com <http://nytimes.com/>*
*Office: 212.556.7786 <212-556-7786>*

*iPhone: 914.330.5074 <914-330-5074>E-mail: Raymond.Jennings at nytimes.com
<Raymond.Jennings at nytimes.com>FaceTime: Raymond.Jennings at nytimes.com
<Raymond.Jennings at nytimes.com>*

On Mon, Apr 6, 2015 at 5:08 PM, Hugo Cisneiros (Eitch) <
hugo.cisneiros at gmail.com> wrote:

> Hi,
>
> From documentation:
>
> https://www.varnish-cache.org/docs/trunk/users-guide/increasing-your-hitrate.html#authorization
>
> "Authorization
>    If Varnish sees an 'Authorization' header it will pass the request.
> If this is not what you want you can unset the header."
>
> I have a scenario that works on varnish3 but won't work on varnish4.
>
> As the subject says, I want to cache requests that were made with the
> Authorization header. Before you start thinking "what a crazy and
> insecure thing to do", let me explain:
>
> I have an internal varnish cache that receives requests from
> applications and serve content from an external CDN that is
> authenticated (thus the Authorization header). Only internal servers
> use it and I do this to save bandwidth. Every possible client knows
> and uses the same Authorization header, so caching the requests are
> not an issue.
>
> I'm also trying to use the Authorization header in the hash_data too,
> since it's always the same and if someone requests without knowing the
> proper pass, varnish won't serve the right cache entry.
>
> When I use the Authorization header, varnish4 does not cache at all...
> And when I remove the Authorization header, it caches but I get 401
> Forbidden from the CDN.
>
> Is there a way to solve this?
>
> --
> []'s
> Hugo
> www.devin.com.br
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20150406/a75d70f5/attachment.html>


More information about the varnish-misc mailing list