wido/varnish-rgw-auth-pcre.vcl

## varnish-rgw-auth-pcre.vcl
import std;

#
# When using Varnish in front of Ceph's RADOS Gateway you might want to log the access keys doing a request
# and they are a part of the Authorization HTTP header
#
# Using regsub and PCRE we can fetch just that part from the header and log it to the VCL Log which we can pick up with varnishncsa
#

sub vcl_recv {
    if (req.http.Authorization || req.url ~ "AWSAccessKeyId") {
        if (req.http.Authorization) {
            set req.http.x-auth = regsub(req.http.Authorization, "^AWS ([-_A-z0-9+()%.]+&?):.*", "\1");
        } elseif (req.url ~ "AWSAccessKeyId") {
            set req.http.x-auth = regsub(req.url, "^\/.*(AWSAccessKeyId)=([-_A-z0-9+()%.]+&?)", "\2");
        }

        std.log("auth:" + req.http.x-auth);
    } else {
        std.log("auth:-");
    }
}
	import std;

	#
	# When using Varnish in front of Ceph's RADOS Gateway you might want to log the access keys doing a request
	# and they are a part of the Authorization HTTP header
	#
	# Using regsub and PCRE we can fetch just that part from the header and log it to the VCL Log which we can pick up with varnishncsa
	#

	sub vcl_recv {
	if (req.http.Authorization \|\| req.url ~ "AWSAccessKeyId") {
	if (req.http.Authorization) {
	set req.http.x-auth = regsub(req.http.Authorization, "^AWS ([-_A-z0-9+()%.]+&?):.*", "\1");
	} elseif (req.url ~ "AWSAccessKeyId") {
	set req.http.x-auth = regsub(req.url, "^\/.*(AWSAccessKeyId)=([-_A-z0-9+()%.]+&?)", "\2");
	}

	std.log("auth:" + req.http.x-auth);
	} else {
	std.log("auth:-");
	}
	}