hmac authentication using vcl
I am trying to authenticate URL using hamc. I can do the following to verify.My question is how do I parse the URL to extract only part of the URL excluding the hmac parameter. I tried using local variables in vcl but it threw an error. Any suggestions on how to extract the hmac value and URL query parameters as shown below.
http://localhost/zzz/?q1=xxx&q2=yyy&hmac=hash
if (digest.hmac_md5(“key”, “q1=xxx&q2=yyy”) != “value”)
{
return (synth(401, digest.hmac_md5(“key”, “http://localhost/zzz/?q1=xxx&q2=yyy”)));
}
Thanks
-
Hi jsp,
I'd suggest testing with
querystring.regfilter(<string>, <string>)
. Documentation: https://docs.fastly.com/guides/vcl/query-string-manipulation-vcl-featuresFor example, If you add the following code in your
vcl_recv
,set req.url = querystring.regfilter(req.url, "^hmac");
It will extract the hmac query from the URL, so your origin will receive the request as/?q1=xxx&q2=yyy
instead. If you don't want to manipulate the original URL, you can work around with req.http.* header or local variables to store the hmac value.Best, Hiro
-
Hello,
You can use
req.url.qs
instead. set var.urlhash = subfield(req.url.qs, "hmac", "&");Works. https://fiddle.fastlydemo.net/fiddle/ee893bc7
I hope this will be helpful.
Junichi
Please sign in to leave a comment.
Comments
3 comments