Simple and elegant tool to communicate with Varnish over CLI

Overview

Often we need to determine clients IP location and process some actions before sending request to backend with application.

Varnish itself has no built-in functionality for this task, but can be added with VMOD.

Thanks to Open Source community - GeoIP functionality has been already realized by various people in different GeoIP VMODs.

This post will explain how to build one of the GeoIP VMODs and show few usage examples

Output redirections and pipelining in shell commands may be shorten.

Here are some examples

Most VCL examples and Varnish wiki offers two solutions for custom error pages. First one is a strict HTML code in a synthetic block and second one is a reading html file from disk with inline C. Both variants work, but makes our VCL code nasty (also second variant with inline C reads file from disk on every ‘wrong’ request).

I want to suggest third variant, that combines both previous variants without their bad side.

Situation with single Varnish instance used to handle multiple development environments for projects is usual and different projects could require different logic (for URL routing, processing, redirects, cache, etc).

One or three different configurations may be stored in default configuration file (default.vcl). But if count of configurations grows up, then file becomes unreadable and inconvenient.

I suggest to use a simple solution to split configurations to separate files and include them into main configuration file. It add some overhead for same configurations, but makes confuguration simplier to maintain.

Sometimes we need restrict access using basic HTTP authentication to site cached by Varnish.

Basic method is enable it on backend (Apache HTTPd, Nginx, lighttpd or any other web-server). But after the first correct request, it will be cached by Varnish and all other subsequent requests would be without authentication check.

Solution for this situation is to pass all requests with authentication to backend with next statement:

if (req.http.Authorization || req.http.Authenticate)
{
  return (pass);
}

Good workaround is to check HTTP authentication on Varnish level.

Well, then do it in VCL.