Whitelist query params with VCL

Follow
ryantownsend

I’ve read about Boltsort helping improve caching by sorting the query params, is there something akin to this that will filter params to a given whitelist? (ideally with means of regex matching)

This way we can prevent someone simply adding v=<a_number_here> to the end of the query params to force a cache miss…

0

Comments

3 comments

Sort by Date Votes
  • Cassandra Dixon

    Hi Ryan,

    There isn't a specific query whitelisting function. This is a request on our feature list. However, you can whitelist URL parameters using VCL in the following manner:

    • Have a list of query parameters that should be accepted

    • Parse them into headers

    ``` Example:

    set req.http.X-Param_xxx = regsub(req.url, ".&|?.", "\1"); ```

    • Then strip query parameters from URL path

    ``` Example:

    set req.http.X-URL = req.url.path ```

    • Rebuild the URL with the accepted query parameters

    ``` Example:

    set req.url = req.http.X-URL req.http.X-Param_xxx ...; ```

    Let me know if this helps.

    Best

    0
    Permalink
  • chrisboylan

    For future reference (we saw this page from searching) - Check out here: https://docs.fastly.com/guides/vcl/query-string-manipulation-vcl-features

    There is functionality that does this more cleanly now.

    0
    Permalink
  • lukebussey

    I use the following in vcl_recv to remove any UTM or gclid parameters:

    import querystring;

/* remove client-side tracking parameters from querystring */
if (req.url ~ "\?") {
    set req.url = querystring.clean(req.url);
    set req.url = querystring.regfilter(req.url, "utm_[a-z]+|gclid");
    set req.url = querystring.sort(req.url);
}
    0
    Permalink

Please sign in to leave a comment.

New post