Home About Blog

Request header validation in secton io

Hi there,

Section IO is receiving a custom header in the request and the request should be forwarded to the origin, only if the custom header has certain salted value. I was looking through this community and came up with this code. Does this sound correct? Please advise

sub vcl_recv {
if !(req.http.x-custom-header == “customheadervalue”) {
return(synth(403, “forbidden request”));
}
}

Hey Gopal,

Great question! This snippet will block every request served by this VCL that does not have the custom header and the correct value. Is every request served by the VCL in question expected to have the custom header or should we only be checking for the correct header value if the custom header is present?

For the best support experience, please open a new support ticket as that will guarantee you the fastest response. FYI, this forum is NOT monitored 24x7.

Thanks Marcus. I would like to check only when custom header is present. How would the code change?

Hey Gopal, there are a variety of ways you could check if the customer header is present depending on your use case, but the following code should give you an idea of what it should look like.

sub vcl_recv {
	if (req.http.x-custom-header) {     							# this statement will evaluate if the header is present
		if (req.http.x-custom-header != “customheadervalue”) { 	# this statement will evaluate if the header has the correct value
			return(synth(403, “forbidden request”));
		}
	}
}