Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Varnish>
  3. Misc
HTTP Digest Authentication in varnish4
Niklas.Donath at lvdigital
Mar 2, 2017, 1:18 AM
Post #1 of 2 (221 views)
Permalink
Hi there,

i am currently trying to put varnish in front of a restful webservice with an existing http digest authentication.
Does anyone already had this use case and could give me a hint or an example code on how to set this up properly?
I didn’t find useful information in the varnish docs. The e-book “Getting started with Varnish Cache” only scratches that topic.
Examples I found about basic authentication do not really match because the authentication is implemented on varnish side only.
I would like to pass through the authentication to the backend because I don’t want to add user handling in varnish itself.
In my understanding, the authentication works as follows:

- 1st request: no authentication, passed to the backend, backend response with nonce in header

- 2nd request: client sends user credentials, passed to the backend, server gives proof (200) or fail (401)

- 3rd request: probably cache hit, request with auth credentials is “forked” as HEAD request, sent to the backend, server gives proof (200) or fail (401)
Am I getting this right, am I probably missing something?
Thank you in advance for any input and/or feedback!

Greetings,

Niklas
Re: HTTP Digest Authentication in varnish4 [ In reply to ]
guillaume at varnish-software
Mar 2, 2017, 1:39 AM
Post #2 of 2 (221 views)
Permalink
You should be able to accomplish this with restarts (the wayezpublish does
it:
https://github.com/ezsystems/ezpublish-community/blob/master/doc/varnish/vcl/varnish4.vcl),
or you can use vmod-curl.

--
Guillaume Quintard

On Thu, Mar 2, 2017 at 10:18 AM, Donath, Niklas <Niklas.Donath@lvdigital.de>
wrote:

> Hi there,
>
>
>
> i am currently trying to put varnish in front of a restful webservice with
> an existing http digest authentication.
>
> Does anyone already had this use case and could give me a hint or an
> example code on how to set this up properly?
>
> I didn’t find useful information in the varnish docs. The e-book “Getting
> started with Varnish Cache” only scratches that topic.
>
> Examples I found about basic authentication do not really match because
> the authentication is implemented on varnish side only.
>
> I would like to pass through the authentication to the backend because I
> don’t want to add user handling in varnish itself.
>
> In my understanding, the authentication works as follows:
>
> - 1st request: no authentication, passed to the backend, backend
> response with nonce in header
>
> - 2nd request: client sends user credentials, passed to the
> backend, server gives proof (200) or fail (401)
>
> - 3rd request: probably cache hit, request with auth credentials
> is “forked” as HEAD request, sent to the backend, server gives proof (200)
> or fail (401)
>
> Am I getting this right, am I probably missing something?
>
> Thank you in advance for any input and/or feedback!
>
>
>
> Greetings,
>
>
>
> Niklas
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal