As a caching layer that sits between origin servers and website visitors, Varnish Enterprise decreases page load times significantly and ensures high-performance HTTP and API content delivery. It scales easily to match any demand and helps websites stay online and responsive, even when delivering personalized and complex, dynamic content.
Sitting between viewers, CDNs and backend infrastructure, Varnish Enterprise can deliver seamless live, OTT and VoD streaming at scale. It provides highly optimized video delivery while protecting critical infrastructure, handling demand while delivering the high-performance, responsive video streaming experiences that viewers demand.
A fully customizable edge caching and origin protection technology stack, Varnish Enterprise helps content providers build in-house private CDNs, hybrid CDNs, consumer CDNs, and advanced edge platforms. Varnish Enterprise can reach uncharted levels of performance while mitigating cost escalation to provide true ROI.
Compatibility is key. Varnish is architecture-agnostic, caching virtually any kind of content and supporting the world’s most-used web technologies. Read up on a few of the most common CMSes, e-commerce platforms, CDNs and others that Varnish supports:
Staying ahead of security threats is a tough job, but one we’re committed to. We’re always working to stay ahead of the next major security issue and keep you protected.
Securely encrypt all cached data using dual-key AES 256 encryption, giving each cached object its own unique key. Using this solution you can ensure any leaked or hacked data is rendered inaccessible.
Inspect HTTP traffic and detect malicious requests at the edge before they reach your web application.
SSL/TLS (HTTPS) encryption is, by now, a requirement for security, privacy and even SEO. The General Data Protection Regulation (GDPR) also highly recommends encryption of data wherever possible. With Varnish, you can protect your client-side and backend.
Varnish Configuration Language (VCL) is Varnish's built-in language for controlling HTTP request handling, routing, caching, and more. Varnish modules (VMODs) are also a modular way to customize your Varnish setup. So what do VCL and VMODs look like in action?
vcl 4.0;
import cookieplus;
sub vcl_recv
{
// Mark all Cookies for removal
cookieplus.keep("");
// Only allow these Cookies if the URL allows for it
if (req.url ~ "^/admin") {
cookieplus.keep("JSESSIONID");
cookieplus.keep_regex("^BNES_SSESS");
cookieplus.keep_regex("^SSESS[a-zA-Z0-9]+$");
cookieplus.keep_regex("^SESS[a-zA-Z0-9]+$");
}
// Any Cookie that is not kept will be removed
cookieplus.write();
}
This VCL snippet strips all the cookies that should not be kept.
We want to keep certain cookies if the req.url matches a specific condition, otherwise we will just remove all the other cookie headers.
vcl 4.0;
import kvstore;
import http;
sub vcl_init {
kvstore.init(0, 25000);
}
sub vcl_recv {
# This block will only be taken once per url
if (kvstore.counter(0, req.url, 1, 1s) == 1) {
http.init(0);
http.req_copy_headers(0);
http.req_set_header(0, "X-prefetch", "true");
http.req_set_method(0, "HEAD");
http.req_set_url(0, http.prefetch_next_url();
http.req_send_and_finish(0);
}
}
Here we use a combination of vmod_kvstore (key value storage) and vmod_http (external requests).
Using these together we can prefetch content in a live streaming scenario and pace the background fetches triggered by vmod_http.
We use a “counter” function to make sure a single URL per second can trigger a prefetch request. This is to avoid overwhelming our backends. Without that counter we would push 10,000 prefetch requests to the backend.
vcl 4.0;
import json;
import std;
sub vcl_recv {
std.cache_req_body(100KB);
json.parse_req_body();
if (json.is_valid() && json.is_object() &&
json.get("authorization", "") != "") {
req.http.X-authorization = json.get("authorization", "");
} else {
return(synth(401));
}
}
For each incoming request we buffer the request body and try to parse it, assuming it is in JSON format.
If it is in JSON format, we extrapolate the value associated to the key “authorization”.
This is a good way to run a check on your request bodies and extend your authorization control.
vcl 4.0;
import rewrite;
sub vcl_init {
new rs = rewrite.ruleset("/path/to/file.rules");
}
sub vcl_recv {
set req.url = rs.replace(req.url);
}
And the rules.file contains:
"pattern1" "subtitute1"
"(?i)PaTtERn2" "subtitute2"
"pattern([0-9]*)" "subtitute\1"
Vmod-rewrite does Apache-style rewrite rules. It aims to reduce the amount of VCL to be written when many rewrites or manipulations need to be applied to URLs or headers.
A path to a file containing the rules must be specified and these will be applied at run time to every incoming request.
