hmac authentication using vcl

Follow

jsp

• May 02, 2018 12:50

I am trying to authenticate URL using hamc. I can do the following to verify.My question is how do I parse the URL to extract only part of the URL excluding the hmac parameter. I tried using local variables in vcl but it threw an error. Any suggestions on how to extract the hmac value and URL query parameters as shown below.

http://localhost/zzz/?q1=xxx&q2=yyy&hmac=hash

if (digest.hmac_md5(“key”, “q1=xxx&q2=yyy”) != “value”)
{
return (synth(401, digest.hmac_md5(“key”, “http://localhost/zzz/?q1=xxx&q2=yyy”)));
}
Thanks

0

• 

  Hiro

  • May 05, 2018 00:21

  Hi jsp,

  I'd suggest testing with querystring.regfilter(<string>, <string>). Documentation: https://docs.fastly.com/guides/vcl/query-string-manipulation-vcl-features

  For example, If you add the following code in your vcl_recv, set req.url = querystring.regfilter(req.url, "^hmac"); It will extract the hmac query from the URL, so your origin will receive the request as /?q1=xxx&q2=yyy instead. If you don't want to manipulate the original URL, you can work around with req.http.* header or local variables to store the hmac value.

  Best, Hiro

  0

  Comment actions Permalink
• 

  jsp

  • May 09, 2018 21:28

  Hiro, Thanks for replying. I tried the following ...any thoughts on this

  set var.message = subfield(req.url, "x", "?") "&" subfield(req.url, "y", "&");
  set var.urlhash = subfield(req.url, "hmac", "&");
  

  jsp

  0

  Comment actions Permalink
• 

  Junichi

  • May 10, 2018 02:48

  Hello,

  You can use req.url.qs instead. set var.urlhash = subfield(req.url.qs, "hmac", "&");

  Works. https://fiddle.fastlydemo.net/fiddle/ee893bc7

  I hope this will be helpful.

  Junichi

  0

  Comment actions Permalink

Please sign in to leave a comment.