On 22 July 2011 11:28, Sumit Raja <[email protected]> wrote: > Hello, > > I am evaluating Varnish to put in front of an authenticated web application. > Essentially I am trying to get Varnish to make a HEAD request to the back > end for authentication before it serves from cache or passes the GET > downstream. The web app uses basic auth. > > My first attempt seems to work, that is the HEAD request is made and content > is cached correctly, until the HEAD to the back end results in a 401. From > this point on Varnish always serves the 401 for that request, even after > making the HEAD and getting a 2xx from the back end. > > I'm pretty sure I am missing something basic as this is my first attempt but > some help would be appreciated with my config. The VCL is: > > sub vcl_recv { > if (req.request != "GET" && > . > . //from default.vcl > . > . > .// virtual host selection > . > > if (req.restarts == 0) { > . > . // X-forwarded for from default.vcl > . > if (req.http.Authorization && req.backend == api) { > return(pass); > } > } > return (lookup); > } > > sub vcl_pass { > if (req.http.Authorization && req.backend == api && req.restarts == 0) { > set bereq.request = "HEAD"; > } > return (pass); > } > > sub vcl_fetch { > > if (req.http.Authorization && req.backend == api && req.restarts == 0) { > if (beresp.status >= 200 && beresp.status < 400) { > return(restart); > } elsif (beresp.status != 401) { > return(error); > } else { > error 401 "Not Authorised"; > } > } else { > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > return (hit_for_pass); > } > return (deliver); > } > } >
See this diagram of the flow in VCL: https://www.varnish-cache.org/trac/wiki/VCLExampleDefault You probably want something like this instead of your vcl_pass: sub vcl_hit { if (req.http.Authorization && req.backend == api && req.restarts == 0) { set bereq.request = "HEAD"; return (pass); } } Laurence _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
