I keep meaning to look into mod_auth_tkt (http://www.openfusion.com.au/labs/mod_auth_tkt/) support for varnish. It should be fairly easy to implement with inline C and doing so would allow us to cache pages that require authorisation (by matching tokens in the signed cookie to tokens in an obj header.) So in principle I think it's a good idea.
Laurence 2010/1/26 Sam Crawford <samcrawf...@gmail.com>: > Any thoughts anyone? Good idea / bad idea? > > Thanks, > > Sam > > > 2010/1/23 Sam Crawford <samcrawf...@gmail.com>: >> Evening all, >> >> I've been an avid Varnish user both personally and at work for a >> couple of years now. At work we use it to cache content across our >> global intranet, handling a few million requests per day. At present, >> we have the following logical setup... >> >> F5 GTM (GSLB device) > F5 load balancer > Varnish > In-house Java >> Reverse Proxy > Backend applications (hundreds) >> >> Varnish and the in-house reverse proxy reside on the same servers, >> with varnish having a single backend pointing at the in-house reverse >> proxy (the F5s handle failover between instances). >> >> The in-house Java reverse proxy performs a range of functions, >> including (but certainly not limited to): >> >> * Authenticating/authorising users via our Single Sign On service >> * Header injection to help backend applications identify users >> * Catching cookies from backend applications and delivering a single >> pointer cookie back to clients >> >> I've been wondering if we could write some C extensions to Varnish to >> remove the need for the Java reverse proxy. This would help flatten >> the infrastructure and save on latency (which is pretty important for >> us). The standard Varnish VCL capabilities would meet many of our >> requirements, but for some functions we'd certainly need to write >> extensions (such as making an out-of-band HTTP request to an SSO >> server in order to validate an SSO cookie (which we'd also need to >> cache!)). >> >> Whilst I know it's technically feasible for us to do this, I was >> wondering (a) if anyone is already doing something similar and (b) if >> the community thinks I'm completely mad for evening thinking about >> doing it :-) >> >> Thanks, >> >> Sam >> > _______________________________________________ > varnish-misc mailing list > varnish-misc@projects.linpro.no > http://projects.linpro.no/mailman/listinfo/varnish-misc > _______________________________________________ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc