KristianLyng · June 15, 2011 07:33
diff --git a/backendbanning.vtc b/backendbanning.vtc
 #!/usr/bin/env varnishtest
 # Demo of backend-based banning for Varnish, using varnishtest
 # Author: Kristian Lyngstol <[email protected]>
 #
 # License: Consider it public domain.
 #
 # This is a varnishtest(1) program to demonstrated how a backend can pass
 # along a ban through a regular header. It uses a dummy-server and
 # dummy-client that doesn't do any logic to track users, which is far
 # beyond the scope of the demo.
 #
 # Usage: ./backendbanning.vtc (or varnishtest backendbanning.vtc)
 # Requires Varnish 3.0.0 (sort of)

 varnishtest "Demonstrate backend-hinted ban"

 # Web server (backend)
 # Since we don't implement a _real_ login, we assume:
 # 1. First request is for / and anonymous
 # 2. Second request is for /login and should trigger a ban
 # 3. Third request is for / again, but is now for a different user

 server s1 {
 	rxreq
 	expect req.url == "/"
 	txresp -hdr "user: ANON" -body "hi"

 	rxreq
 	expect req.url == "/login"
 	txresp -hdr "ban: ^/$" -body "loggged in"

 	rxreq
 	expect req.url == "/"
 	txresp -hdr "user: LOGGED" -body "Blah"
 } -start

 # Varnish server (backend is generated by varnishtest, matching the above)
 # 10s ttl. If backend sends 'ban'-header, we ban based on that before
 # removing the header.
 varnish v1 -vcl+backend {
 	sub vcl_fetch { 
 		set beresp.ttl = 10s;
 		if (beresp.http.ban) {
 			ban("req.url ~ " + beresp.http.ban);
 			unset beresp.http.ban;
 		}
 	}
 } -start

 # Test-client
 client c1 {
 	# Anon request, pulls content into cache
 	txreq -url "/"
 	rxresp
 	expect resp.http.user == "ANON"
 	expect resp.status == 200

 	# Still anon, but never hits the backend since it's cached.	
 	txreq -url "/"
 	rxresp
 	expect resp.http.user == "ANON"
 	expect resp.status == 200
 	
 	# "Log in", goes to backend that triggers ban
 	txreq -url "/login"
 	rxresp
 	expect resp.status == 200

 	# Re-request /, now logged in, goes to backend since /login 
 	# banned ^/$.
 	txreq -url "/"
 	rxresp
 	expect resp.status == 200
 	expect resp.http.user == "LOGGED"

 	# Re-request / again, now logged in and it's cached, never hitting
 	# the backend.
 	txreq -url "/"
 	rxresp
 	expect resp.status == 200
 	expect resp.http.user == "LOGGED"
 } -run
	#!/usr/bin/env varnishtest
	# Demo of backend-based banning for Varnish, using varnishtest
	# Author: Kristian Lyngstol <[email protected]>
	#
	# License: Consider it public domain.
	#
	# This is a varnishtest(1) program to demonstrated how a backend can pass
	# along a ban through a regular header. It uses a dummy-server and
	# dummy-client that doesn't do any logic to track users, which is far
	# beyond the scope of the demo.
	#
	# Usage: ./backendbanning.vtc (or varnishtest backendbanning.vtc)
	# Requires Varnish 3.0.0 (sort of)

	varnishtest "Demonstrate backend-hinted ban"

	# Web server (backend)
	# Since we don't implement a _real_ login, we assume:
	# 1. First request is for / and anonymous
	# 2. Second request is for /login and should trigger a ban
	# 3. Third request is for / again, but is now for a different user

	server s1 {
	rxreq
	expect req.url == "/"
	txresp -hdr "user: ANON" -body "hi"

	rxreq
	expect req.url == "/login"
	txresp -hdr "ban: ^/$" -body "loggged in"

	rxreq
	expect req.url == "/"
	txresp -hdr "user: LOGGED" -body "Blah"
	} -start

	# Varnish server (backend is generated by varnishtest, matching the above)
	# 10s ttl. If backend sends 'ban'-header, we ban based on that before
	# removing the header.
	varnish v1 -vcl+backend {
	sub vcl_fetch {
	set beresp.ttl = 10s;
	if (beresp.http.ban) {
	ban("req.url ~ " + beresp.http.ban);
	unset beresp.http.ban;
	}
	}
	} -start

	# Test-client
	client c1 {
	# Anon request, pulls content into cache
	txreq -url "/"
	rxresp
	expect resp.http.user == "ANON"
	expect resp.status == 200

	# Still anon, but never hits the backend since it's cached.
	txreq -url "/"
	rxresp
	expect resp.http.user == "ANON"
	expect resp.status == 200

	# "Log in", goes to backend that triggers ban
	txreq -url "/login"
	rxresp
	expect resp.status == 200

	# Re-request /, now logged in, goes to backend since /login
	# banned ^/$.
	txreq -url "/"
	rxresp
	expect resp.status == 200
	expect resp.http.user == "LOGGED"

	# Re-request / again, now logged in and it's cached, never hitting
	# the backend.
	txreq -url "/"
	rxresp
	expect resp.status == 200
	expect resp.http.user == "LOGGED"
	} -run
No results found