• 0

Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

by · Published · Updated

Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

Tell Varnish to not cache Nginx or Apache HTTPAuth Requests

The Problem of having Varnish in front of Nginx or Apache is that Basic HTTP Authentication requests will be cached once you logged in. So every successful login session applys to all other clients also who visit your website. That is what we don’t want and might be in some situations a security risk.

 

So to passthrough HTTP Authorization requests without caching them, we need to add one more acl rule.

Simply extend your sub vcl_recv section with following code snippet:

    # dont cache httpauth
    if (req.http.Authorization || req.http.Authenticate) {
        return(pass);
    }

and restart your varnish instance then all should be fine!

Rating: 5.0/5. From 2 votes.
Please wait...

Tags:

Jules

Jules

Jules is the owner and author of ISPIRE.ME. He's a Linux System Engineer, Tech fanatic and an Open Source fan.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.