Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
k8s-ingress
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
3
Merge Requests
3
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Open sidebar
uplex-varnish
k8s-ingress
Commits
b041a942
Commit
b041a942
authored
Apr 05, 2019
by
Geoff Simmons
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Optionally set the reason string for synth in req-disposition.
parent
d7cfa065
Changes
10
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
33 additions
and
10 deletions
+33
-10
varnishcfg-crd.yaml
deploy/varnishcfg-crd.yaml
+3
-0
ref-req-disposition.md
docs/ref-req-disposition.md
+8
-1
README.md
examples/req-disposition/README.md
+14
-7
url-whitelist.yaml
examples/req-disposition/url-whitelist.yaml
+1
-0
types.go
pkg/apis/varnishingress/v1alpha1/types.go
+1
-0
ingress.go
pkg/controller/ingress.go
+1
-0
recv_disposition.tmpl
pkg/varnish/vcl/recv_disposition.tmpl
+2
-1
recv_disposition_test.go
pkg/varnish/vcl/recv_disposition_test.go
+1
-0
spec.go
pkg/varnish/vcl/spec.go
+1
-0
recv_disp_url_whitelist.golden
pkg/varnish/vcl/testdata/recv_disp_url_whitelist.golden
+1
-1
No files found.
deploy/varnishcfg-crd.yaml
View file @
b041a942
...
...
@@ -368,6 +368,9 @@ spec:
type
:
integer
minimum
:
200
maximum
:
599
reason
:
type
:
string
minLength
:
1
status
:
acceptedNames
:
kind
:
VarnishConfig
...
...
docs/ref-req-disposition.md
View file @
b041a942
...
...
@@ -87,7 +87,7 @@ then the request proceeds to cache lookup (``return(hash)``).
``disposition``
is an object with these two fields:
*
``action``
(required): one of the following strings, correspon
n
ding
*
``action``
(required): one of the following strings, corresponding
to a
[
``return()``
keyword for
``vcl_recv``
](https://varnish-cache.org/docs/6.1/users-guide/vcl-built-in-subs.html#vcl-recv);
...
...
@@ -116,6 +116,13 @@ then the request proceeds to cache lookup (``return(hash)``).
other values of
``action``
.
``status``
MUST be in the range 200 to
599, inclusive.
*
``reason``
: if present, and if the
``action``
is
``synth``
,
``reason``
is the "reason string" that appears in the HTTP response
line. The reason string is, for example, "OK" in response status
"200 OK", or "Not Found" in "404 Not Found". By default, Varnish
sets the standard reason string for a standard HTTP status code, or
"Unknown HTTP Status" for a non-standard status.
It is not possible to use
``action``
to specify branching to a VCL label.
``conditions``
is an array of objects with the following fields,
...
...
examples/req-disposition/README.md
View file @
b041a942
...
...
@@ -728,12 +728,18 @@ The blacklist is defined with:
disposition:
action: synth
status: 403
reason: Blacklisted
```
In this case, the synthetic 403 Forbidden response is generated for
requests whose URL path does begin with one of the prefixes in
``values``
. The combined effect is that requests are only permitted
for URLs in the whitelist, but not for URLs in the blacklist.
In this case, the synthetic 403 response is generated for requests
whose URL path does begin with one of the prefixes in
``values``
.
The
``reason``
setting sets the response line to "403 Blacklisted"
rather than the standard "403 Forbidden". In most cases, you can
leave out
``reason``
, and Varnish sets the standard reason string
corresponding to the response code.
The combined effect is that requests are only permitted for URLs in
the whitelist, but not for URLs in the blacklist.
Of course your configuration can characterize the requests by other
means available in
``conditions``
, for example by specifying regex
...
...
@@ -781,14 +787,15 @@ $ curl -x $IP:$PORT -v http://cafe.example.com/tea/quux
< HTTP/1.1 403 Forbidden
[...]
# Requests matching the blacklist are also forbidden:
# Requests matching the blacklist are also forbidden. Notice that the
# "Blacklisted" reason string is used for these cases.
$ curl -x $IP:$PORT -v http://cafe.example.com/coffee/sugar/black/foo
[...]
> GET http://cafe.example.com/coffee/sugar/black/foo HTTP/1.1
> Host: cafe.example.com
[...]
>
< HTTP/1.1 403
Forbidden
< HTTP/1.1 403
Blacklisted
[...]
$ curl -x $IP:$PORT -v http://cafe.example.com/tea/sugar/black/foo
...
...
@@ -797,7 +804,7 @@ $ curl -x $IP:$PORT -v http://cafe.example.com/tea/sugar/black/foo
> Host: cafe.example.com
[...]
>
< HTTP/1.1 403
Forbidden
< HTTP/1.1 403
Blacklisted
[...]
```
...
...
examples/req-disposition/url-whitelist.yaml
View file @
b041a942
...
...
@@ -75,6 +75,7 @@ spec:
disposition
:
action
:
synth
status
:
403
reason
:
Blacklisted
# Cache lookup is bypassed for requests whose method is neither of
# GET or HEAD.
...
...
pkg/apis/varnishingress/v1alpha1/types.go
View file @
b041a942
...
...
@@ -389,6 +389,7 @@ const (
type
DispositionSpec
struct
{
Action
RecvReturn
`json:"action"`
Status
*
int64
`json:"status,omitempty"`
Reason
string
`json:"reason,omitempty"`
}
// RequestDispSpec specifies the disposition of a client request when
...
...
pkg/controller/ingress.go
View file @
b041a942
...
...
@@ -813,6 +813,7 @@ func (worker *NamespaceWorker) configReqDisps(spec *vcl.Spec,
if
disp
.
Disposition
.
Action
==
vcr_v1alpha1
.
RecvSynth
{
vclDisp
.
Disposition
.
Status
=
uint16
(
*
disp
.
Disposition
.
Status
)
vclDisp
.
Disposition
.
Reason
=
disp
.
Disposition
.
Reason
}
spec
.
Dispositions
[
i
]
=
vclDisp
}
...
...
pkg/varnish/vcl/recv_disposition.tmpl
View file @
b041a942
...
...
@@ -36,7 +36,8 @@ sub vcl_recv {
) {
return (
{{- with .Disposition}}
{{- if eq .Action "synth"}}synth({{.Status}})
{{- if eq .Action "synth"}}synth({{.Status}}
{{- if .Reason}}, "{{.Reason}}"{{end -}})
{{- else}}{{.Action}}
{{- end}}
{{- end -}}
...
...
pkg/varnish/vcl/recv_disposition_test.go
View file @
b041a942
...
...
@@ -204,6 +204,7 @@ var urlWhitelistSpec = Spec{
Disposition
:
DispositionType
{
Action
:
RecvSynth
,
Status
:
403
,
Reason
:
"Not whitelisted"
,
},
}},
}
...
...
pkg/varnish/vcl/spec.go
View file @
b041a942
...
...
@@ -708,6 +708,7 @@ const (
type
DispositionType
struct
{
Action
RecvReturn
Status
uint16
Reason
string
}
// DispositionSpec specifies the disposition of a client request when
...
...
pkg/varnish/vcl/testdata/recv_disp_url_whitelist.golden
View file @
b041a942
...
...
@@ -13,7 +13,7 @@ sub vcl_init {
sub vcl_recv {
if (! vk8s_reqdisp_0_0.hasprefix(req.url)) {
return (synth(403));
return (synth(403
, "Not whitelisted"
));
}
return (hash);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment