Re: varnish + sharepoint 2010

Wed, 01 Feb 2012 17:36:55 -0800 

So you need to check if a user is authorized for an object (which may or may 
not already be cached by Varnish) by means of an external application. 
(Sharepoint)

Something along the lines perhaps?

###################################
sub vcl_recv {
  if (req.url ~ "^/authorized_content") {
    if (req.restarts == 0) {
      set req.backend = authorization_backend;
      return(pass);
    } else {
      set req.backend = real_backend;
      set req.url = regsub(req.url, "_authorize_me", "");
    }
  }
}

sub vcl_fetch {
  if (req.url ~ "^/authorized_content" && req.restarts == 0) {
    if (beresp.status == 200) {
      restart;
    } else {
      error 403 "Not authorized";
    }
  }
}
###################################

Part of the problem is, Varnish doesn't know what's authorized and it will have 
to check every request to ensure a request is in fact authorized for the given 
content.
Other than the above brief example, you could possibly create a vmod that 
caches responses from the `authorization_backend` and uses that for future 
requests. (if one doesn't exist already)

~Paul

On Wed, Feb 01, 2012 at 08:12:56PM -0500, Sean McHugh wrote:
> Sharepoint 2010, typical installation.  Protected with Kerberos/SPNEGO ...
> looking to
> squeeze the most i can out of varnish to reduce effect of latency on our
> private WAN.
>
> A number of the key urls are for public consumption (images for corporate
> news/js/css/axd), but the entire Sharepoint site is protected - how can i
> bypass the default behavior and cache the result of authenticated requests
> for future GETs ?

> _______________________________________________
> varnish-misc mailing list
> [email protected]
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

________________________________

This message may contain confidential or privileged information. If you are not 
the intended recipient, please advise us immediately and delete this message. 
See http://www.datapipe.com/legal/email_disclaimer/ for further information on 
confidentiality and the risks of non-secure electronic communication. If you 
cannot access these links, please notify us by reply message and we will send 
the contents to you.

_______________________________________________
varnish-misc mailing list
[email protected]
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Reply via email to