<div>Hi </div><div><br></div><div>I have a newly minted varnish (and a newly minted varnish user myself) install that has two backends, as spec'ed in this vcl (below).</div><div><br></div><div>The "wms1" has no auth on it.</div>
<div><br></div><div>The "default" backend is a Apache server with basic auth, but no one is getting asked to authenticate. My understanding was the out of the box config for varnish would not cache those authentication required pages, but no one is being asked for a username/password</div>
<div><br></div><div>What am I doing wrong here? The app works perfectly otherwise.</div><div><br></div><div><br></div><div><br></div><div><div># This is a basic VCL configuration file for varnish. See the vcl(7)</div><div>
# man page for details on VCL syntax and semantics.</div><div># </div><div># Default backend definition. Set this to point to your content</div><div># server.</div><div># </div><div>backend default {</div><div> .host = "127.0.0.1";</div>
<div> .port = "8081";</div><div>}</div><div><br></div><div>backend wms1 {</div><div> .host = "<a href="http://example.com">example.com</a>"; </div><div> .port = "80";</div><div>}</div>
<div><br></div><div>sub vcl_recv {</div><div> </div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if (req.http.host ~ "^(mapsdev\.)example\.com" && req.url~ "^/wms") {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>set req.http.host = "<a href="http://maps.example.com">maps.example.com</a>";</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>set req.url = regsub(req.url, "^/wms", "/wms");</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>set req.backend = wms1;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if (req.request == "GET" && req.http.cookie) </div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>{</div><div> unset req.http.cookie;</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if (req.http.host ~ "^(mapsdev\.)?example\.com" && req.url~ "^/app/") {</div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>set req.url = regsub(req.url, "^/app/", "/flol/admin_2/public/");</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>remove req.http.X-Forwarded-For; </div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>set req.http.X-Forwarded-For = client.ip; </div><div><span class="Apple-tab-span" style="white-space:pre"> </span></div><div>}</div><div><br></div><div>
sub vcl_fetch {</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>set beresp.ttl = 72h; // default ttl 72 hours</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if (req.http.Authorization) </div>
<div><span class="Apple-tab-span" style="white-space:pre"> </span>{ </div><div><span class="Apple-tab-span" style="white-space:pre"> </span>return(hit_for_pass);</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>}</div>
<div>}</div><div><br></div><div># </div><div># Below is a commented-out copy of the default VCL logic. If you</div><div># redefine any of these subroutines, the built-in logic will be</div><div># appended to your code.</div>
<div># sub vcl_recv {</div><div># if (req.restarts == 0) {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>if (req.http.x-forwarded-for) {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span> set req.http.X-Forwarded-For =</div>
<div># <span class="Apple-tab-span" style="white-space:pre"> </span>req.http.X-Forwarded-For + ", " + client.ip;</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>} else {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span> set req.http.X-Forwarded-For = client.ip;</div>
<div># <span class="Apple-tab-span" style="white-space:pre"> </span>}</div><div># }</div><div># if (req.request != "GET" &&</div><div># req.request != "HEAD" &&</div><div>
# req.request != "PUT" &&</div><div># req.request != "POST" &&</div><div># req.request != "TRACE" &&</div><div># req.request != "OPTIONS" &&</div>
<div># req.request != "DELETE") {</div><div># /* Non-RFC2616 or CONNECT which is weird. */</div><div># return (pipe);</div><div># }</div><div># if (req.request != "GET" && req.request != "HEAD") {</div>
<div># /* We only deal with GET and HEAD by default */</div><div># return (pass);</div><div># }</div><div># if (req.http.Authorization || req.http.Cookie) {</div><div># /* Not cacheable by default */</div>
<div># return (pass);</div><div># }</div><div># return (lookup);</div><div># }</div><div># </div><div># sub vcl_pipe {</div><div># # Note that only the first request to the backend will have</div><div>
# # X-Forwarded-For set. If you use X-Forwarded-For and want to</div><div># # have it set for all requests, make sure to have:</div><div># # set bereq.http.connection = "close";</div><div># # here. It is not set by default as it might break some broken web</div>
<div># # applications, like IIS with NTLM authentication.</div><div># return (pipe);</div><div># }</div><div># </div><div># sub vcl_pass {</div><div># return (pass);</div><div># }</div><div># </div><div># sub vcl_hash {</div>
<div># hash_data(req.url);</div><div># if (req.http.host) {</div><div># hash_data(req.http.host);</div><div># } else {</div><div># hash_data(server.ip);</div><div># }</div><div># return (hash);</div>
<div># }</div><div># </div><div># sub vcl_hit {</div><div># return (deliver);</div><div># }</div><div># </div><div># sub vcl_miss {</div><div># return (fetch);</div><div># }</div><div># </div><div># sub vcl_fetch {</div>
<div># if (beresp.ttl <= 0s ||</div><div># beresp.http.Set-Cookie ||</div><div># beresp.http.Vary == "*") {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>/*</div>
<div># <span class="Apple-tab-span" style="white-space:pre"> </span> * Mark as "Hit-For-Pass" for the next 2 minutes</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span> */</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>set beresp.ttl = 120 s;</div>
<div># <span class="Apple-tab-span" style="white-space:pre"> </span>return (hit_for_pass);</div><div># }</div><div># return (deliver);</div><div># }</div><div># </div><div># sub vcl_deliver {</div><div># return (deliver);</div>
<div># }</div><div># </div><div># sub vcl_error {</div><div># set obj.http.Content-Type = "text/html; charset=utf-8";</div><div># set obj.http.Retry-After = "5";</div><div># synthetic {"</div>
<div># <?xml version="1.0" encoding="utf-8"?></div><div># <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"</div><div># "<a href="http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd</a>"></div>
<div># <html></div><div># <head></div><div># <title>"} + obj.status + " " + obj.response + {"</title></div><div># </head></div><div># <body></div><div># <h1>Error "} + obj.status + " " + obj.response + {"</h1></div>
<div># <p>"} + obj.response + {"</p></div><div># <h3>Guru Meditation:</h3></div><div># <p>XID: "} + req.xid + {"</p></div><div># <hr></div><div>
# <p>Varnish cache server</p></div><div># </body></div><div># </html></div><div># "};</div><div># return (deliver);</div><div># }</div><div># </div><div># sub vcl_init {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>return (ok);</div>
<div># }</div><div># </div><div># sub vcl_fini {</div><div># <span class="Apple-tab-span" style="white-space:pre"> </span>return (ok);</div><div># }</div></div><div><br></div>