Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Problem/Motivation
Many people have trouble choosing the correct values for $conf['reverse_proxy']
and $conf['reverse_proxy_addresses']
. Also in some setups (e.g. when using Nginix with the realip module), the verification fails completely and needs to be disabled via $conf['authcache_varnish_validate_reverse_proxy_address'] = FALSE;
.
Proposed resolution
Let's introduce a second request-verification mechanism which makes deployment on such setups easier.
- In VCL, set a custom request header (e.g.
X-Authcache-Varnish-Passphrase: correct battery horse staple
- Verify presence of this header from within
authcache_varnish_request_validate()
.
Remaining tasks
User interface changes
API changes
Comment | File | Size | Author |
---|---|---|---|
#3 | 2354205-varnish-passphrase-3.diff | 5.24 KB | znerol |
#3 | interdiff.txt | 538 bytes | znerol |
#2 | 2354205-varnish-passphrase-2.diff | 5.23 KB | znerol |
#2 | interdiff.txt | 5.23 KB | znerol |
#1 | 2354205-varnish-passphrase.diff | 1.96 KB | znerol |
Comments
Comment #1
znerol CreditAttribution: znerol commentedComment #2
znerol CreditAttribution: znerol commentedAdd tests.
Comment #3
znerol CreditAttribution: znerol commentedUse
bereq
instead ofreq
invcl_miss
.Comment #5
znerol CreditAttribution: znerol commented