On Fri, Mar 16, 2012 at 11:42 PM, Hugues Alary <[email protected]>wrote: (..)
> > - I was wondering if communicating with varnish via HTTP header is a > good solution? > > Yes. > > - How bad can it be performance wise? > > Negligible. > > - Should I be worried about security (interception/modification of the > communication between Varnish and the backend), even if no credential will > never be sent through HTTP headers? (Also, currently Varnish and the > backend are on the same machine, but chances are that they will in the > future not live on the same host). > > It's more or less impossible to turn Varnish into an open proxy so I wouldn't worry about that. > > > In the future, I plan on instructing varnish not to cache certain pages > containing user defined query strings. I want the user to be able to > specify these un-cachable urls query strings directly in the application. > The application will then send the un-cachable query strings in a header > X-Application-QueryStringNoCache: "querystring1,querystring2,...". > > Is that a bad idea? > No. If it works for you then go for it. -- Per Buer, CEO Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer *Varnish makes websites fly!* Whitepapers <http://www.varnish-software.com/whitepapers> | Video<http://www.youtube.com/watch?v=x7t2Sp174eI> | Twitter <https://twitter.com/varnishsoftware>
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
