VCL: Can we craft and send a HTTP request to an Auth server?
Hi,
Quite new to Fastly and VCL. Can we craft a HTTP request to my auth server from vcl_recv?
Payload of this will be json format auth request and based on response from auth server proceed to allow or deny access to the web content.
-Wils
-
Can we craft a HTTP request to my auth server from vcl_recv?
You can change the host to connect to, the path and query string, and add headers before a restart. So in effect you can create a whole new request. Check here and here for more information on this.
Payload of this will be json format auth request and based on response from auth server proceed to allow or deny access to the web content.
However, as far as I know, you can't add a body, so that won't be possible.
OR can i use any of the vmod's like curl for doing this? Is there support to achieve this.
No, you can't use vmods either. We've encorporated many into our core Varnish, but not
curl
. The restart capability is the closest thing. -
Hi @gocoy,
I've recently been working on a tool that helps our customers to try out VCL. You can see an example of what I call 'preflighting', which is sending one request and then using the response to determine whether to send another, in this fiddle:
https://fiddle.fastlydemo.net/fiddle/f1bbff1e
You specifically mention changing the host, and you will indeed have to do that, though currently the fiddle does this invisibly rather than allowing you to do it yourself. So when you set the backend with
set req.backend = F_originname;
, in practice you will also need to doset req.http.host = "host header of new backend";
.Let me know how you get on, and I'm sorry the tool currently has very little documentation. It's very much an early alpha.
-
You can't specify an origin dynamically, but you can have a number of origins. So if you know what all the possibilities are, set all of those up as differently-named origins, and then switch to the one that you want based on the content of your preflight response.
We do have API functions for creating backends versionlessly (ie. without activating a new version of your entire configuration): https://docs.fastly.com/api/dynamicservers.
-
-
Hi,
I stumbled upon this thread while looking for a way to send custom requests to an external service from VCL. Has anything changed in this matter over those two years?
We are a SaaS solution that analyzes customers traffic, and provides API protection. To do so, we are occupying an agent on the customer side, which mirrors traffic to our backend.
In case our customer is using Fastly, we would like the ability to mirror API traffic (HTTP request/response) to our backend.
Are there any plans to support the curl module from Varnish? Or any other way to achieve what we need?
Thanks
Jacek
-
Hi Jacek,
You could mirror the request traffic to your backend, but unfortunately, we don't have any support for mirroring the response traffic to your backend.
As discussed in this thread, we could set the initial backend to your backend server in vcl_recv (and you retrieve the data), and have Varnish to restart the request over to the actual backend (origin) in the case of cache MISS/PASS. However, if you restart the request again after fetching the origin response in vcl_deliver to mirror the origin response to your backend, the response state from the origin wouldn't persist to the client.
We don't have a roadmap for cURL module support in VCL at this moment, but you can always set up the logging to deliver the request/response data to your logging endpoint.
Best,
Hiro -
Thanks Hiro. Can you please elaborate on using the logging for sending request/response data to an external service? Do the logs include the request/response bodies? I was looking at https://docs.fastly.com/guides/streaming-logs/custom-log-formats, but couldn't find any reference to body data.
-
Hi Jacek, I assumed your backend server wouldn't need to receive the response body itself. The log aggregator won't deliver the response body itself, but it could stream the request/response date like body size (https://docs.fastly.com/vcl/size/), and geolocation (https://docs.fastly.com/vcl/geolocation/). We have another documentation for the useful variables to log here: https://docs.fastly.com/guides/streaming-logs/useful-variables-to-log
Also, I wanted to mention that the req.body (request body from Client to Fastly) is available for logging, but it's subject to the resource limit (https://docs.fastly.com/guides/debugging/resource-limits#request-and-header-limits).
Please sign in to leave a comment.
Comments
15 comments