forked from xrowgmbh/ezcluster
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
root
committed
May 28, 2015
1 parent
283a1a0
commit 308cea9
Showing
2 changed files
with
124 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
// ACL for invalidators IP | ||
acl invalidators { | ||
"127.0.0.1"; | ||
} | ||
|
||
// ACL for debuggers IP | ||
acl debuggers { | ||
"127.0.0.1"; | ||
} | ||
|
||
// Handle purge | ||
// You may add FOSHttpCacheBundle tagging rules | ||
// See http://foshttpcache.readthedocs.org/en/latest/varnish-configuration.html#id4 | ||
sub ez_purge { | ||
|
||
if (req.method == "BAN") { | ||
if (!client.ip ~ invalidators) { | ||
return (synth(405, "Method not allowed")); | ||
} | ||
|
||
if (req.http.X-Location-Id) { | ||
ban("obj.http.X-Location-Id ~ " + req.http.X-Location-Id); | ||
if (client.ip ~ debuggers) { | ||
set req.http.X-Debug = "Ban done for content connected to LocationId " + req.http.X-Location-Id; | ||
} | ||
return (synth(200, "Banned")); | ||
} | ||
} | ||
} | ||
|
||
// Sub-routine to get client user hash, for context-aware HTTP cache. | ||
sub ez_user_hash { | ||
|
||
// Prevent tampering attacks on the hash mechanism | ||
if (req.restarts == 0 | ||
&& (req.http.accept ~ "application/vnd.fos.user-context-hash" | ||
|| req.http.x-user-hash | ||
) | ||
) { | ||
return (synth(400)); | ||
} | ||
|
||
if (req.restarts == 0 && (req.method == "GET" || req.method == "HEAD")) { | ||
// Anonymous user => Set a hardcoded anonymous hash | ||
if (req.http.Cookie !~ "eZSESSID" && !req.http.authorization) { | ||
set req.http.X-User-Hash = "38015b703d82206ebc01d17a39c727e5"; | ||
} | ||
// Pre-authenticate request to get shared cache, even when authenticated | ||
else { | ||
set req.http.x-fos-original-url = req.url; | ||
set req.http.x-fos-original-accept = req.http.accept; | ||
set req.http.x-fos-original-cookie = req.http.cookie; | ||
// Clean up cookie for the hash request to only keep session cookie, as hash cache will vary on cookie. | ||
set req.http.cookie = ";" + req.http.cookie; | ||
set req.http.cookie = regsuball(req.http.cookie, "; +", ";"); | ||
set req.http.cookie = regsuball(req.http.cookie, ";(eZSESSID[^=]*)=", "; \1="); | ||
set req.http.cookie = regsuball(req.http.cookie, ";[^ ][^;]*", ""); | ||
set req.http.cookie = regsuball(req.http.cookie, "^[; ]+|[; ]+$", ""); | ||
|
||
set req.http.accept = "application/vnd.fos.user-context-hash"; | ||
set req.url = "/_fos_user_context_hash"; | ||
|
||
// Force the lookup, the backend must tell how to cache/vary response containing the user hash | ||
|
||
return (hash); | ||
} | ||
} | ||
|
||
// Rebuild the original request which now has the hash. | ||
if (req.restarts > 0 | ||
&& req.http.accept == "application/vnd.fos.user-context-hash" | ||
) { | ||
set req.url = req.http.x-fos-original-url; | ||
set req.http.accept = req.http.x-fos-original-accept; | ||
set req.http.cookie = req.http.x-fos-original-cookie; | ||
|
||
unset req.http.x-fos-original-url; | ||
unset req.http.x-fos-original-accept; | ||
unset req.http.x-fos-original-cookie; | ||
|
||
// Force the lookup, the backend must tell not to cache or vary on the | ||
// user hash to properly separate cached data. | ||
|
||
return (hash); | ||
} | ||
} | ||
|