Home About News Products Blog

How to implement HTTP Basic Auth in Varnish


#1

User asks:

is there a way we can have an HTTP authentication for section.io? thay way, anyone who will be visiting the site will undergo a username and password verification.

You can implement authentication using Varnish.
Simply check an incoming request for Authorization HTTP header and its value in sub vcl_recv and if the header isn’t not present or it’s value isn’t correct, then return a 401 error.

e.g.
if (! req.http.Authorization ~ "Basic dXNlcm5hbWU6cGFzc3dvcmQ=")

The value of the header is a base64 encoded username:password combination, the above example literally decodes to username:password. You can use a tool such as https://www.base64encode.org/ to work out the base64 encoded value of any credentials you would like to implement.

Here is an example of an implementation using VCL 4.0 which should work for Varnish 4.0 and 5.0