Hi Hugo, -I did as you suggested as added the 'pass' for requests asking for authentication. And sure enough, it started asking for the authentication--however it doesnt stop asking for the authentication--it never seems to authenticate. I know the auth works, because I can access it without going through varnish and it works fine. Any idea what could be the problem here?
FWIW, The auth is not a typical basic auth, but a basic auth against an ldap using the apache and the mod_ldapns_auth On Wed, May 30, 2012 at 3:50 PM, Scott Stewart < [email protected]> wrote: > Hi > > I have a newly minted varnish (and a newly minted varnish user myself) > install that has two backends, as spec'ed in this vcl (below). > > The "wms1" has no auth on it. > > The "default" backend is a Apache server with basic auth, but no one is > getting asked to authenticate. My understanding was the out of the box > config for varnish would not cache those authentication required pages, but > no one is being asked for a username/password > > What am I doing wrong here? The app works perfectly otherwise. > > > > # This is a basic VCL configuration file for varnish. See the vcl(7) > # man page for details on VCL syntax and semantics. > # > # Default backend definition. Set this to point to your content > # server. > # > backend default { > .host = "127.0.0.1"; > .port = "8081"; > } > > backend wms1 { > .host = "example.com"; > .port = "80"; > } > > sub vcl_recv { > > if (req.http.host ~ "^(mapsdev\.)example\.com" && req.url~ "^/wms") { > set req.http.host = "maps.example.com"; > set req.url = regsub(req.url, "^/wms", "/wms"); > set req.backend = wms1; > if (req.request == "GET" && req.http.cookie) > { > unset req.http.cookie; > } > } > if (req.http.host ~ "^(mapsdev\.)?example\.com" && req.url~ "^/app/") { > set req.url = regsub(req.url, "^/app/", "/flol/admin_2/public/"); > remove req.http.X-Forwarded-For; > set req.http.X-Forwarded-For = client.ip; > } > > sub vcl_fetch { > set beresp.ttl = 72h; // default ttl 72 hours > if (req.http.Authorization) > { > return(hit_for_pass); > } > } > > # > # Below is a commented-out copy of the default VCL logic. If you > # redefine any of these subroutines, the built-in logic will be > # appended to your code. > # sub vcl_recv { > # if (req.restarts == 0) { > # if (req.http.x-forwarded-for) { > # set req.http.X-Forwarded-For = > # req.http.X-Forwarded-For + ", " + client.ip; > # } else { > # set req.http.X-Forwarded-For = client.ip; > # } > # } > # if (req.request != "GET" && > # req.request != "HEAD" && > # req.request != "PUT" && > # req.request != "POST" && > # req.request != "TRACE" && > # req.request != "OPTIONS" && > # req.request != "DELETE") { > # /* Non-RFC2616 or CONNECT which is weird. */ > # return (pipe); > # } > # if (req.request != "GET" && req.request != "HEAD") { > # /* We only deal with GET and HEAD by default */ > # return (pass); > # } > # if (req.http.Authorization || req.http.Cookie) { > # /* Not cacheable by default */ > # return (pass); > # } > # return (lookup); > # } > # > # sub vcl_pipe { > # # Note that only the first request to the backend will have > # # X-Forwarded-For set. If you use X-Forwarded-For and want to > # # have it set for all requests, make sure to have: > # # set bereq.http.connection = "close"; > # # here. It is not set by default as it might break some broken web > # # applications, like IIS with NTLM authentication. > # return (pipe); > # } > # > # sub vcl_pass { > # return (pass); > # } > # > # sub vcl_hash { > # hash_data(req.url); > # if (req.http.host) { > # hash_data(req.http.host); > # } else { > # hash_data(server.ip); > # } > # return (hash); > # } > # > # sub vcl_hit { > # return (deliver); > # } > # > # sub vcl_miss { > # return (fetch); > # } > # > # sub vcl_fetch { > # if (beresp.ttl <= 0s || > # beresp.http.Set-Cookie || > # beresp.http.Vary == "*") { > # /* > # * Mark as "Hit-For-Pass" for the next 2 minutes > # */ > # set beresp.ttl = 120 s; > # return (hit_for_pass); > # } > # return (deliver); > # } > # > # sub vcl_deliver { > # return (deliver); > # } > # > # sub vcl_error { > # set obj.http.Content-Type = "text/html; charset=utf-8"; > # set obj.http.Retry-After = "5"; > # synthetic {" > # <?xml version="1.0" encoding="utf-8"?> > # <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" > # "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> > # <html> > # <head> > # <title>"} + obj.status + " " + obj.response + {"</title> > # </head> > # <body> > # <h1>Error "} + obj.status + " " + obj.response + {"</h1> > # <p>"} + obj.response + {"</p> > # <h3>Guru Meditation:</h3> > # <p>XID: "} + req.xid + {"</p> > # <hr> > # <p>Varnish cache server</p> > # </body> > # </html> > # "}; > # return (deliver); > # } > # > # sub vcl_init { > # return (ok); > # } > # > # sub vcl_fini { > # return (ok); > # } > > -- Scott Stewart Principal NBT Solutions LLC phone: (757)941-5110 email: [email protected] website:www.nbtsolutions.com
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
