Whitelist query params with VCL

Comments

3 comments

  • Cassandra Dixon

    Hi Ryan,

    There isn't a specific query whitelisting function. This is a request on our feature list. However, you can whitelist URL parameters using VCL in the following manner:

    • Have a list of query parameters that should be accepted

    • Parse them into headers

    ``` Example:

    set req.http.X-Param_xxx = regsub(req.url, ".&|?.", "\1"); ```

    • Then strip query parameters from URL path

    ``` Example:

    set req.http.X-URL = req.url.path ```

    • Rebuild the URL with the accepted query parameters

    ``` Example:

    set req.url = req.http.X-URL req.http.X-Param_xxx ...; ```

    Let me know if this helps.

    Best

  • chrisboylan

    For future reference (we saw this page from searching) - Check out here: https://docs.fastly.com/guides/vcl/query-string-manipulation-vcl-features

    There is functionality that does this more cleanly now.

  • lukebussey

    I use the following in vcl_recv to remove any UTM or gclid parameters:

    import querystring;
    
    /* remove client-side tracking parameters from querystring */
    if (req.url ~ "\?") {
        set req.url = querystring.clean(req.url);
        set req.url = querystring.regfilter(req.url, "utm_[a-z]+|gclid");
        set req.url = querystring.sort(req.url);
    }
    

Please sign in to leave a comment.