Problem/Motivation

Many people have trouble choosing the correct values for $conf['reverse_proxy'] and $conf['reverse_proxy_addresses']. Also in some setups (e.g. when using Nginix with the realip module), the verification fails completely and needs to be disabled via $conf['authcache_varnish_validate_reverse_proxy_address'] = FALSE;.

Proposed resolution

Let's introduce a second request-verification mechanism which makes deployment on such setups easier.

  • In VCL, set a custom request header (e.g. X-Authcache-Varnish-Passphrase: correct battery horse staple
  • Verify presence of this header from within authcache_varnish_request_validate().

Remaining tasks

User interface changes

API changes

CommentFileSizeAuthor
#3 2354205-varnish-passphrase-3.diff5.24 KBznerol
#3 interdiff.txt538 bytesznerol
#2 2354205-varnish-passphrase-2.diff5.23 KBznerol
#2 interdiff.txt5.23 KBznerol
#1 2354205-varnish-passphrase.diff1.96 KBznerol

Comments

znerol’s picture

znerol commented
Status: Active » Needs review
StatusFileSize
new 2354205-varnish-passphrase.diff1.96 KB
znerol’s picture

znerol commented
Issue summary: View changes
StatusFileSize
new interdiff.txt5.23 KB
new 2354205-varnish-passphrase-2.diff5.23 KB

Add tests.

znerol’s picture

znerol commented
StatusFileSize
new interdiff.txt538 bytes
new 2354205-varnish-passphrase-3.diff5.24 KB

Use bereq instead of req in vcl_miss.

  • znerol committed ac6eddc on 7.x-2.x 
    Issue #2354205 by znerol: Provide an alternative way to verify whether...
znerol’s picture

znerol commented
Status: Needs review » Fixed

  • znerol committed 244589b on 7.x-2.x 
    Issue #2354205 by znerol: Provide an alternative way to verify whether...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.