Author: | Brian Wight |
---|---|
Date: | 2013-01-15 |
Version: | 0.1 |
Manual section: | 3 |
import sigauth; if(req.url ~ "^.*Expires=([\d^&]+)(.*)+$") { if(sigauth.isexpired(regsub(req.url, ".*Expires=([\d]+)", "\1")) == 1) { return (error); } }
Validates the signature of an incoming request. The idea behind this module is to validate the signature of a request without having to pass the request to a backend server. Once the signature has been verified varnish can cache requests for individual accounts.
The signature is generated by using a base64 encoding of the hmac_sha1 hashing algorithm. See the wiki to see a full description of the signature authentication.
- Prototype
- signature(STRING method, STRING uri, STRING secret_key)
- Return value
- STRING
- Description
- Returns the base64 encoded hmac_sha1 of the incoming request.
- Example
set req.http.signature = sigauth.signature(req.request, req.url, "izY8UUW9rvumTICDWERMOvtrzlc4m2T0/QkSRHVY");
- Prototype
- isexpired(STRING expiration)
- Return value
- INT
- Description
- Returns 1 if the current time is greater than or equal to the expiration time.
Example
if(req.url ~ "^.*Expires=([\d^&]+)(.*)+$") { if(sigauth.isexpired(regsub(req.url, ".*Expires=([\d]+)", "\1")) == 1) { return (error);s } }
- Prototype
- init(STRING prefix)
- Return value
- VOID
- Description
- Overwrites the default header prefix of x-auth to a preset header that should be included in the canonicalized sting.
Example
sub vcl_init { sigauth.init("x-header"); }
Installation requires the Varnish source tree (only the source matching the binary installation).
This installation also requires mhash.
On Debian/Centos distributions sudo yum install libmcrypt-devel mhash-devel
On Ubuntu distributions sudo apt-get instsall libmhash-dev
- ./autogen.sh (for git-installation)
- ./configure VARNISHSRC=/path/to/your/varnish/source/varnish-cache [VMODDIR=DIR]
- make
- make install (may require root: sudo make install)
- make check (Optional for regression tests)
VARNISHSRC is the directory of the Varnish source tree for which to compile your vmod. Both the VARNISHSRC and VARNISHSRC/include will be added to the include search paths for your module.
Optionally you can also set the vmod install directory by adding VMODDIR=DIR (defaults to the pkg-config discovered directory from your Varnish installation).
Parts of this module were copied or revised from the following vmods.
- https://github.com/varnish/libvmod-digest
- https://github.com/varnish/libvmod-header
- https://github.com/xcir/libvmod-parsereq
I'd like to thank the authors of those projects for providing good examples of how to write a vmod.
Version 0.1: Initial version, probably still a fair amount of bugs.
This document is licensed under the same license as the libvmod-sigauth project. See LICENSE for details.
- Copyright (c) 2013 Brian Wight
File layout and configuration based on libvmod-example
- Copyright (c) 2011 Varnish Software AS