[FIXED] How to map apache authgroupfile with varnish-cache

Issue

Hi Friends,

Please help, we are trying add user and roles to our legacy application by mapping users in Apache AuthgroupFile with varnish-cache reverse-proxy, any user authenticated through Apache Basic Auth should be able to go through; The user is mapped to the role in the AuthgroupFile and in back-end we check for the group name and assign the role in the application

can we read the AuthgroupFile to a variable and in varnish-cache and check for the REMOTE_USER header?

#AuthgroupFile admin: foo boo roo readonly: goo too zoo

#varnish-cache rule

if (req.http.REMOTE_USER){
   set req.http.X-AUTH-USER = req.http.REMOTE_USER;
}

Solution

If you want to check for authenticated users, I'd advise you to have a look at vmod_basicauth.

Its a Varnish module that reads an .htpasswd file and gives you a VCL API to interact with these logins.

Here's how to use this module in VCL:

if (!basicauth.match("/var/www/.htpasswd", req.http.Authorization)) {
    return(synth(401, "Restricted"));
}

This will match the Authorization request header to whatever is allowed in .htpasswd.

Is this what you're looking for?

Answered By - Thijs Feryn

Answer Checked By - Gilberto Lyons (PHPFixing Admin)