Skip to content

Instantly share code, notes, and snippets.

Last active July 6, 2023 13:02
Show Gist options
  • Save rezan/b744c513045ea97e87ab to your computer and use it in GitHub Desktop.
Save rezan/b744c513045ea97e87ab to your computer and use it in GitHub Desktop.
Varnish AWS S3 Gateway VCL
# Varnish AWS S3 Gateway VCL
# Allows global read (GET, HEAD) and ACL protected writes (POST, PUT, DELETE).
# When writing, pass in Content-Type and Content-MD5, both are optional.
# Params:
# %BUCKET% - S3 bucket name, S3 host may be regional
# %ACCESS_ID% - IAM access ID for bucket
# %SECRET_KEY% - IAM secret key for access ID
vcl 4.0;
import digest;
backend default
.host = "";
.port = "80";
acl s3_write
sub vcl_recv
if(req.method != "GET" && req.method != "HEAD" &&
client.ip !~ s3_write)
return(synth(403, "Access denied"));
sub vcl_backend_fetch
set bereq.http.Host = "";
set bereq.http.Date = now;
set bereq.http.NL = {"
set bereq.http.Authorization = "AWS " + "%ACCESS_ID%" + ":" +
bereq.method + bereq.http.NL + bereq.http.Content-MD5 + bereq.http.NL +
bereq.http.Content-Type + bereq.http.NL + bereq.http.Date + bereq.http.NL +
"/" + "%BUCKET%" + bereq.url
unset bereq.http.NL;
sub vcl_deliver
set resp.http.Server = "Varnish AWS S3 Gateway";
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment