![]() |
![]()
| ![]() |
![]()
NAMEvmod_proxy - Varnish Module to extract TLV attributes from PROXYv2 SYNOPSISimport proxy [as name] [from "path"] STRING alpn() STRING authority() BOOL is_ssl() BOOL client_has_cert_sess() BOOL client_has_cert_conn() INT ssl_verify_result() STRING ssl_version() STRING client_cert_cn() STRING ssl_cipher() STRING cert_sign() STRING cert_key() DESCRIPTIONvmod_proxy contains functions to extract proxy-protocol-v2
TLV attributes as described in
STRING alpn()Extract ALPN attribute. Example: set req.http.alpn = proxy.alpn(); Restricted to: client. STRING authority()Extract authority attribute. This corresponds to SNI from a TLS connection. Example: set req.http.authority = proxy.authority(); Restricted to: client. BOOL is_ssl()Report if proxy-protocol-v2 has SSL TLV. Example: if (proxy.is_ssl()) { Restricted to: client. BOOL client_has_cert_sess()Report if the client provided a certificate at least once over the TLS session this connection belongs to. Restricted to: client. BOOL client_has_cert_conn()Report if the client provided a certificate over the current connection. Restricted to: client. INT ssl_verify_result()Report the SSL_get_verify_result from a TLS session. It only matters if client_has_cert_sess() is true. Per default, value is set to 0 (X509_V_OK). Example: if (proxy.client_has_cert_sess() && proxy.ssl_verify_result() == 0) { Restricted to: client. STRING ssl_version()Extract SSL version attribute. Example: set req.http.ssl-version = proxy.ssl_version(); Restricted to: client. STRING client_cert_cn()Extract the common name attribute of the client certificate's.
Restricted to: client. STRING ssl_cipher()Extract the SSL cipher attribute. Example: set req.http.ssl-cipher = proxy.ssl_cipher(); Restricted to: client. STRING cert_sign()Extract the certificate signature algorithm attribute. Example: set req.http.cert-sign = proxy.cert_sign(); Restricted to: client. STRING cert_key()Extract the certificate key algorithm attribute. Example: set req.http.cert-key = proxy.cert_key(); Restricted to: client. SEE ALSO
COPYRIGHTCopyright (c) 2018 GANDI SAS All rights reserved. Author: Emmanuel Hocdet <manu@gandi.net> SPDX-License-Identifier: BSD-2-Clause Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright
|