Search
Varnish Enterprise

ProxyV2 TLV Attribute Extraction (proxy)

Description

The proxy vmod contains functions to extract proxy-protocol-v2 TLV attributes as described in https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt.

API

alpn

STRING alpn()

Extract ALPN attribute.

set req.http.alpn = proxy.alpn();

Arguments: None

Type: Function

Returns: String

Restricted to: client

authority

STRING authority()

Extract authority attribute. This corresponds to SNI from a TLS connection.

set req.http.authority = proxy.authority();

Arguments: None

Type: Function

Returns: String

Restricted to: client

is_ssl

BOOL is_ssl()

Report if proxy-protocol-v2 has SSL TLV.

if (proxy.is_ssl()) {
  set req.http.ssl-version = proxy.ssl_version();
}

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

client_has_cert_sess

BOOL client_has_cert_sess()

Report if the client provided a certificate at least once over the TLS session this connection belongs to.

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

client_has_cert_conn

BOOL client_has_cert_conn()

Report if the client provided a certificate over the current connection.

Arguments: None

Type: Function

Returns: Bool

Restricted to: client

ssl_verify_result

INT ssl_verify_result()

Report the SSL_get_verify_result from a TLS session. It only matters if client_has_cert_sess() is true. Per default, value is set to 0 (X509_V_OK).

if (proxy.client_has_cert_sess() && proxy.ssl_verify_result() == 0) {
  set req.http.ssl-verify = "ok";
}

Arguments: None

Type: Function

Returns: Int

Restricted to: client

ssl_version

STRING ssl_version()

Extract SSL version attribute.

set req.http.ssl-version = proxy.ssl_version();

Arguments: None

Type: Function

Returns: String

Restricted to: client

client_cert_cn

STRING client_cert_cn()

Extract the common name attribute of the client certificate’s.

set req.http.cert-cn = proxy.client_cert_cn();

Arguments: None

Type: Function

Returns: String

Restricted to: client

ssl_cipher

STRING ssl_cipher()

Extract the SSL cipher attribute.

set req.http.ssl-cipher = proxy.ssl_cipher();

Arguments: None

Type: Function

Returns: String

Restricted to: client

cert_sign

STRING cert_sign()

Extract the certificate signature algorithm attribute.

set req.http.cert-sign = proxy.cert_sign();

Arguments: None

Type: Function

Returns: String

Restricted to: client

cert_key

STRING cert_key()

Extract the certificate key algorithm attribute.

set req.http.cert-key = proxy.cert_key();

Arguments: None

Type: Function

Returns: String

Restricted to: client

Availability

The proxy VMOD is available in Varnish Enterprise version 6.0.0r0 and later.