Whitelist query params with VCL
I’ve read about Boltsort helping improve caching by sorting the query params, is there something akin to this that will filter params to a given whitelist? (ideally with means of regex matching)
This way we can prevent someone simply adding v=<a_number_here>
to the end of the query params to force a cache miss…
-
Hi Ryan,
There isn't a specific query whitelisting function. This is a request on our feature list. However, you can whitelist URL parameters using VCL in the following manner:
Have a list of query parameters that should be accepted
Parse them into headers
``` Example:
set req.http.X-Param_xxx = regsub(req.url, ".&|?.", "\1"); ```
- Then strip query parameters from URL path
``` Example:
set req.http.X-URL = req.url.path ```
- Rebuild the URL with the accepted query parameters
``` Example:
set req.url = req.http.X-URL req.http.X-Param_xxx ...; ```
Let me know if this helps.
Best
-
For future reference (we saw this page from searching) - Check out here: https://docs.fastly.com/guides/vcl/query-string-manipulation-vcl-features
There is functionality that does this more cleanly now.
-
I use the following in
vcl_recv
to remove any UTM or gclid parameters:import querystring; /* remove client-side tracking parameters from querystring */ if (req.url ~ "\?") { set req.url = querystring.clean(req.url); set req.url = querystring.regfilter(req.url, "utm_[a-z]+|gclid"); set req.url = querystring.sort(req.url); }
Please sign in to leave a comment.
Comments
3 comments