I am not sure if I am asking the right question. I have varnish sitting infront of a site that have access to numerous cookies. The most important are creds cookie. What I am doing is stripping all the cookies that I do not need and then check if any cookie left. If so, this means we bypass varnish, else return the cache object.
# Remove all cookies that Drupal doesn't need to know about. We explicitly
# list the ones that Drupal does need, the SESS , NO_CACHE and credential cookie namely auth
#. If, after running this code we find that either of these two cookies remains, we
# will pass as the page cannot be cached.
if (req.http.Cookie) {
# 1. Append a semi-colon to the front of the cookie string.
# 2. Remove all spaces that appear after semi-colons.
# 3. Match the cookies we want to keep, adding the space we removed
# previously back. (\1) is first matching group in the regsuball.
# 4. Remove all other cookies, identifying them by the fact that they have
# no space after the preceding semi-colon.
# 5. Remove all spaces and semi-colons from the beginning and end of the
# cookie string.
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE+|auth)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
# If there are no remaining cookies, remove the cookie header. If there
# aren't any cookie headers, Varnish's default behavior will be to cache
# the page.
unset req.http.Cookie;
}
else {
# If there is any cookies left (a session or NO_CACHE cookie), do not
# cache the page. Pass it on to Apache directly.
return (pass);
}
}
}
This works fine. I get a cache miss when auth cookie is in there and a hit otherwise. However, even when it is a miss it seems that varnish pass the request without the rest of the cookies that came in the request. Is there a way to direct varnish to pass the original cooke?
Maybe something like
else {
# If there is any cookies left (a session or NO_CACHE cookie), do not
# cache the page. Pass it on to Apache directly.
# And set the cookie to its original form ??
return (pass);
}
You can copy original cookie before parsing it and restore it on else statement, somting like:
# ....
# Store original cookie in other headder
set req.http.X-Cookie = req.http.Cookie;
if (req.http.Cookie) {
# ...
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE+|auth)=", "; \1=");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
# ....
# Delete cookie copy
unset req.http.X-Cookie;
unset req.http.Cookie;
}
else {
# ...
# Restore original cookie and delete the copy
set req.http.Cookie = req.http.X-Cookie;
unset req.http.X-Cookie;
return (pass);
}
}
}