I want to remove the Authorization header in varnish vcl but also needs this header to be sent to back-end as well.
sub vcl_recv {
unset req.http.Authorization;
}
It looks like a bad idea, but it's definitely doable using some basic VCL. For example:
sub vcl_recv {
if (req.http.Authorization) {
set req.http.Authorization-Copy = req.http.Authorization;
unset req.http.Authorization;
} else {
unset req.http.Authorization-Copy;
}
}
sub vcl_backend_fetch {
if (bereq.http.Authorization-Copy) {
set bereq.http.Authorization = bereq.http.Authorization-Copy;
unset bereq.http.Authorization-Copy;
}
}