Last active
July 10, 2018 05:51
-
-
Save wido/77538213e6736ad6f6a8d39e4f61d15d to your computer and use it in GitHub Desktop.
Varnish regsub PCRE Amazon AWS Authentication header
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import std; | |
# | |
# When using Varnish in front of Ceph's RADOS Gateway you might want to log the access keys doing a request | |
# and they are a part of the Authorization HTTP header | |
# | |
# Using regsub and PCRE we can fetch just that part from the header and log it to the VCL Log which we can pick up with varnishncsa | |
# | |
sub vcl_recv { | |
if (req.http.Authorization || req.url ~ "AWSAccessKeyId") { | |
if (req.http.Authorization) { | |
set req.http.x-auth = regsub(req.http.Authorization, "^AWS ([-_A-z0-9+()%.]+&?):.*", "\1"); | |
} elseif (req.url ~ "AWSAccessKeyId") { | |
set req.http.x-auth = regsub(req.url, "^\/.*(AWSAccessKeyId)=([-_A-z0-9+()%.]+&?)", "\2"); | |
} | |
std.log("auth:" + req.http.x-auth); | |
} else { | |
std.log("auth:-"); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment