Fastly is a popular CDN based on the open-source Varnish. Since it supports VCL, a lot of custom “logic” to handle incoming requests can be added, right at the edge. This improves the user experience as well as frees up the overhead on origin servers.
We’ll implement a simple service which will return details about users accessing it. Details like public IP, user-agent, location etc. It can be extended to put out more information as needed.
The Solution
The service will rely entirely on Fastly’s VCL and will not depend on the origin at all! This is possible, thanks to synthetic responses that can be served from Fastly.
The request flow will be like this (no requests are sent to the origin) -
VCL Snippets
To make this work, we just need 2 VCL snippets - recv and error.
Add the following code in recv snippet -
unset req.http.Cookie;
if (req.url ~ "^/$" ){
set req.http.synthetic_resp = "Public IP: " + req.http.Fastly-Client-IP;
error 620;
}
if (req.url ~ "^/more$" ){
set req.http.synthetic_resp = "Public IP: " + req.http.Fastly-Client-IP + " | City: " + std.toupper(client.geo.city) + " | Country: " + client.geo.country_code + " | User-Agent: " + req.http.user-agent + " | FServer: " + server.hostname + " | FDC: " + server.datacenter;
error 620;
}
if (req.url ~ "^/ip$" ){
set req.http.synthetic_resp = req.http.Fastly-Client-IP;
error 620;
}
set req.http.synthetic_resp = "Not Found!";
error 644;Add the following code in error snippet -
if (obj.status == 620) {
set obj.status = 200;
set obj.response = "OK";
set obj.http.Content-Type = "text/html";
set obj.http.cache-control = "private, no-store, no-cache, max-age=0";
synthetic req.http.synthetic_resp;
return (deliver);
}
if (obj.status == 644) {
set obj.status = 404;
set obj.response = "Not Found";
set obj.http.Content-Type = "text/html";
set obj.http.cache-control = "private, no-store, no-cache, max-age=0";
synthetic req.http.synthetic_resp;
return (deliver);
}Both snippets and other service configurations are available here
Deployment
The service, configurations and vcls can be quickly deployed to Fastly using Terraform. The required code is here
Tests
Once the service is ready, a simple request via curl or browser will return the details like below.
Curl responses (masked some bits due to privacy reasons)
curl http://meta.dane-example.com.global.prod.fastly.net
Public IP: 192.168.1.1
curl http://meta.dane-example.com.global.prod.fastly.net/more
Public IP: 192.168.1.1 | City: CITY | Country: GB | User-Agent: curl/7.73.0 | FServer: cache-lhr7341 | FDC: LHR
curl http://meta.dane-example.com.global.prod.fastly.net/ip
192.168.1.1
curl http://meta.dane-example.com.global.prod.fastly.net/random
Not Found!Conclusion
This service can be nice value add, and also help non-technical folks gather all the information needed for whitelisting or debugging issues. It removes any reliance on 3rd party services which may or may not be hosted in secure environments. It is possible to further enhance this service to put out even more information, as needed.
Note: Code mentioned above is here