Search
Varnish Enterprise

Introduction Installation Upgrading Troubleshooting Changelog Changelog for 6.0.x Changes (Varnish Cache 4.1) Changes (Varnish Cache Plus 4.1) Known Issues Features Backend SSL/TLS Client SSL/TLS termination Cluster In-Process TLS MSE 4 Basic Configuration / Getting Started Configuration Persisted caching Categories Configuration Reference MSE 3.0 Settings mkfs.mse Memory Governor MSE 2.0 NUMA Parallel ESI Backend health counter HTTP/2 Support JSON Logging TCP Only Probes Timeouts Transit Buffer Varnish scoreboard VMODs Accept Accounting ACL (aclplus) ActiveDNS Akamai Connector AWS VCL Body Access & Transformation (xbody) Brotli Cookie Plus (cookieplus) DeviceAtlas DeviceAtlas3 Digest Dynamic backends (goto) Edgestash File Format Geolocation (geoip/mmdb) Header Manipulation (headerplus) HTTP communication (http) Image JSON parsing (json) JWT Key value storage (kvstore) Least connections director (leastconn) Module to control the built-in HTTP2 transport (h2) MSE control (mse) MSE4 control (mse4) Probe Proxy ProxyV2 TLV Attribute Extraction (proxy) Pseudo Random Number Generator Purge (purge/softpurge) Real-time Status (rtstatus) Reverse DNS (resolver) Rewrite S3 VMOD Session Slicer SQLite3 Stale Standard (std) Stat (Prometheus) Strings (str) Synthetic backends (synthbackend) Tag-based invalidation (Ykey/Xkey) TCP configuration (tcp) TLS Total Encryption (crypto) Unified director object (udo) Uniform Resource Identifier (uri) Unix Socket Utilities (unix) URL Plus (urlplus) Utils Vsthrottle

ProxyV2 TLV Attribute Extraction (proxy)

Description

The proxy vmod contains functions to extract proxy-protocol-v2 TLV attributes as described in https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt.

API

alpn

STRING alpn()

Extract ALPN attribute.

set req.http.alpn = proxy.alpn();

Arguments: None

Type: Function

Returns: String

Restricted to: client

authority

STRING authority()

Extract authority attribute. This corresponds to SNI from a TLS connection.

set req.http.authority = proxy.authority();

Arguments: None

Type: Function

Returns: String

Restricted to: client

is_ssl

BOOL is_ssl()

Report if proxy-protocol-v2 has SSL TLV.

if (proxy.is_ssl()) {
  set req.http.ssl-version = proxy.ssl_version();
}

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

client_has_cert_sess

BOOL client_has_cert_sess()

Report if the client provided a certificate at least once over the TLS session this connection belongs to.

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

client_has_cert_conn

BOOL client_has_cert_conn()

Report if the client provided a certificate over the current connection.

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

ssl_verify_result

INT ssl_verify_result()

Report the SSL_get_verify_result from a TLS session. It only matters if client_has_cert_sess() is true. Per default, value is set to 0 (X509_V_OK).

if (proxy.client_has_cert_sess() && proxy.ssl_verify_result() == 0) {
  set req.http.ssl-verify = "ok";
}

Arguments: None

Type: Function

Returns: Int

Restricted to: client

ssl_version

STRING ssl_version()

Extract SSL version attribute.

set req.http.ssl-version = proxy.ssl_version();

Arguments: None

Type: Function

Returns: String

Restricted to: client

client_cert_cn

STRING client_cert_cn()

Extract the common name attribute of the client certificate’s.

set req.http.cert-cn = proxy.client_cert_cn();

Arguments: None

Type: Function

Returns: String

Restricted to: client

ssl_cipher

STRING ssl_cipher()

Extract the SSL cipher attribute.

set req.http.ssl-cipher = proxy.ssl_cipher();

Arguments: None

Type: Function

Returns: String

Restricted to: client

cert_sign

STRING cert_sign()

Extract the certificate signature algorithm attribute.

set req.http.cert-sign = proxy.cert_sign();

Arguments: None

Type: Function

Returns: String

Restricted to: client

cert_key

STRING cert_key()

Extract the certificate key algorithm attribute.

set req.http.cert-key = proxy.cert_key();

Arguments: None

Type: Function

Returns: String

Restricted to: client

Availability

The proxy VMOD is available in Varnish Enterprise version 6.0.0r0 and later.


®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203