Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

The Problem of having Varnish in front of Nginx or Apache is that Basic HTTP Authentication requests will be cached once you logged in. So every successful login session applys to all other clients also who visit your website. That is what we don’t want and might be in some situations a security risk.

So to passthrough HTTP Authorization requests without caching them, we need to add one more acl rule.

Simply extend your sub vcl_recv section with following code snippet:

    # dont cache httpauth
    if (req.http.Authorization) {
        return(pass);
    }

and restart your varnish instance then all should be fine!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Human Verification: In order to verify that you are a human and not a spam bot, please enter the answer into the following box below based on the instructions contained in the graphic.