vcl 4.0;
import cookieplus;
sub vcl_recv
{
// Mark all Cookies for removal
cookieplus.keep("");
// Only allow these Cookies if the URL allows for it
if (req.url ~ "^/admin") {
cookieplus.keep("JSESSIONID");
cookieplus.keep_regex("^BNES_SSESS");
cookieplus.keep_regex("^SSESS[a-zA-Z0-9]+$");
cookieplus.keep_regex("^SESS[a-zA-Z0-9]+$");
}
// Any Cookie that is not kept will be removed
cookieplus.write();
}
Vmod-cookieplus
This VCL snippet strips all the cookies that should not be kept.
We want to keep certain cookies if the req.url matches a specific condition, otherwise we will just remove all the other cookie headers.
vcl 4.0;
import kvstore;
import http;
sub vcl_init {
kvstore.init(0, 25000);
}
sub vcl_recv {
# This block will only be taken once per url
if (kvstore.counter(0, req.url, 1, 1s) == 1) {
http.init(0);
http.req_copy_headers(0);
http.req_set_header(0, "X-prefetch", "true");
http.req_set_method(0, "HEAD");
http.req_set_url(0, http.prefetch_next_url();
http.req_send_and_finish(0);
}
}
Pre-fetch with vmod-http
Here we use a combination of vmod_kvstore (key value storage) and vmod_http (external requests).
Using these together we can prefetch content in a live streaming scenario and pace the background fetches triggered by vmod_http.
We use a “counter” function to make sure a single URL per second can trigger a prefetch request. This is to avoid overwhelming our backends. Without that counter we would push 10,000 prefetch requests to the backend.
vcl 4.0;
import json;
import std;
sub vcl_recv {
std.cache_req_body(100KB);
json.parse_req_body();
if (json.is_valid() && json.is_object() &&
json.get("authorization", "") != "") {
req.http.X-authorization = json.get("authorization", "");
} else {
return(synth(401));
}
}
Vmod-JSON
For each incoming request we buffer the request body and try to parse it, assuming it is in JSON format.
If it is in JSON format, we extrapolate the value associated to the key “authorization”.
This is a good way to run a check on your request bodies and extend your authorization control.
vcl 4.0;
import rewrite;
sub vcl_init {
new rs = rewrite.ruleset("/path/to/file.rules");
}
sub vcl_recv {
set req.url = rs.replace(req.url);
}
And the rules.file contains:
"pattern1" "subtitute1"
"(?i)PaTtERn2" "subtitute2"
"pattern([0-9]*)" "subtitute\1"
Vmod-rewrite
Vmod-rewrite does Apache-style rewrite rules. It aims to reduce the amount of VCL to be written when many rewrites or manipulations need to be applied to URLs or headers.
A path to a file containing the rules must be specified and these will be applied at run time to every incoming request.