Download to read offline
![fiddle/9c137528
DELIVER:
if (resp.http.Paywall ~ "^https?://[^/]+(.*)$" && !req.http.Paywall-Result) {
set req.http.paywallOrigUrl = req.url;
set req.url = re.group.1;
restart;
}
Paywall
5](https://image.slidesharecdn.com/andrewbettsprogrammingtheedgeworkshop-180925015006/85/Altitude-San-Francisco-2018-Programming-the-Edge-39-320.jpg)
Uploaded byFastly
Altitude San Francisco 2018: Programming the Edge
The document discusses the features and functionalities of Fastly's CDN, focusing on edge programming techniques. It covers a variety of topics including geo-location, logging, redirects, paywalls, A/B testing, authentication, and caching, with practical examples provided through 'fiddles'. Users are encouraged to explore Fastly's demos and engage with the community for further advancements in edge programming.
More Related Content
Similar to Altitude San Francisco 2018: Programming the Edge
![[OPD 2019] Side-Channels on the Web:
Attacks and Defenses](https://cdn.slidesharecdn.com/ss_thumbnails/owasp-poland-day-tom-van-goethem-191021171917-thumbnail.jpg?width=640&height=640&fit=bounds)
Altitude San Francisco 2018: Programming the Edge
- 1.
- 2.
- 3. Your application Fastly aspart of your app
- 4.
- 6. Geo-IP API atthe Edge Redirects Decoding auth cookies at the edge Relative date insertion Overriding TTLs based on content-type Streaming server-sent-events RUM logging and aggregation Routing for microservices CORS OPTIONS preflights at the edge Serve robots.txt from the edge Serve stale on origin failure Getting creative at the edge Partial content 'Range' requests Time-limited URL tokens Image optimization Modern web security headers GZip compression at the edge Client public IP API at the edge Google Cloud storage / AWS S3 origin CAPTCHA challenge Logging to Google BigQuery Blocking obsolete TLS Replace origin errors with 'safe' responses
- 7. Debugging today: headers Fastly-Debug-Path: Fastly-Debug-TTL: X-Cache: X-Cache-Hits: (Dcache-iad2150-IAD 1523245558) (F cache-iad2120-IAD 1523245558) (D cache-lcy8132-LCY 1523245558) (F cache-lcy8149-LCY 1523245531) (M cache-iad2150-IAD - - 0) (H cache-lcy8132-LCY - - 27) HIT, MISS 1, 0
- 8. Washington, DC London iad2150iad2120 MISS lcy8132 lcy8149 HIT! 27 sec old 1 previous hit
- 9.
- 11. Fastly-Debug-Path: (D cache-iad2150-IAD 1523245558) (Fcache-iad2120-IAD 1523245558) (D cache-lcy8132-LCY 1523245558) (F cache-lcy8149-LCY 1523245531) Fastly-Debug-TTL: (M cache-iad2150-IAD - - 0) (H cache-lcy8132-LCY - - 27)
- 12. ● Everything youenter into fiddle is public ● Please disable pop-up blocking for fiddle.fastlydemo.net ● Deploying code to thousands of servers is not instantaneous. Please be patient! ● We suggest you do each fiddle in a different tab, so you still have them all to refer to at the end. ● Ask Fastly helpers if you get stuck
- 13.
- 14.
- 15. Learn about fiddle ➔Create a fiddle ➔ Set a fiddle title ➔ Configure a backend ➔ Execute the fiddle ➔ Use fiddle insights fiddle/5f263e69 Basics 1 Learn about Fastly ➔ Edge cache
- 16.
- 17. Add extra data fiddle/7a6cbc28 GeoIPheaders 2
- 18. fiddle/7a6cbc28 GeoIP headers 2 Learn aboutfiddle ➔ Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Header highlighting Learn about Fastly ➔ Edge cache ➔ Header manipulation ➔ Predefined VCL variables
- 19. fiddle/7a6cbc28 RECV: set req.http.client-geo-continent =client.geo.continent_code; set req.http.client-geo-country = client.geo.country_code; set req.http.client-geo-city = client.geo.city; set req.http.edge-geo-datacenter = server.datacenter; set req.http.client-source-network = client.as.number; GeoIP headers 2
- 20.
- 21.
- 22. No origin request fiddle/b62fa9ee RUMLogging 3 Batch and write to log
- 23. fiddle/b62fa9ee RUM Logging 3 Learn aboutfiddle ➔ Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Log capture Learn about Fastly ➔ Predefined VCL variables ➔ Real time logging ➔ Synthetic responses
- 24. fiddle/b62fa9ee RECV: if (req.url ~"^/log/?") { error 901; } RUM Logging 3
- 25. fiddle/b62fa9ee ERROR: if (obj.status ==901) { log "syslog " req.service_id " logger_name :: " req.url.qs; set obj.status = 204; set obj.response = "No content"; return (deliver); } RUM Logging 3
- 26.
- 27. fiddle/b62fa9ee ERROR: if (obj.status ==901) { set req.url = querystring.add(req.url, "city", client.geo.city); set req.url = querystring.add(req.url, "dc", server.datacenter); log "syslog " req.service_id " logger_name :: " req.url.qs; set obj.status = 204; set obj.response = "No content"; return (deliver) } RUM Logging 3
- 28.
- 29. fiddle/7fc13ab0 Redirects 4 Redirect response for oldURLs Allow valid URLs to go to origin
- 30. fiddle/7fc13ab0 Redirects 4 Learn about fiddle ➔Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting Learn about Fastly ➔ Synthetic responses ➔ Edge dictionaries
- 31. fiddle/7fc13ab0 INIT: table redirects { "/source1":"/dest1", "/source2": "/dest2" } Redirects 4
- 32. fiddle/7fc13ab0 RECV: if (table.lookup(redirects, req.url)){ error 811; } Redirects 4
- 33. fiddle/7fc13ab0 ERROR: if (obj.status ==811) { set obj.status = 301; set obj.http.Location = "https://" req.http.host table.lookup(redirects, req.url); set obj.response = "Moved permanently"; return (deliver); } Redirects 4
- 34.
- 35.
- 36. fiddle/9c137528 Paywall 5 Fetch content $ Content includesPaywall header Fetch paywall URL Paywall returns 200 or 403 Serve content or paywall from cache
- 37. fiddle/9c137528 Paywall 5 Learn about fiddle ➔Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Multiple backends ➔ Custom request headers Learn about Fastly ➔ Edge cache ➔ Predefined VCL variables ➔ Synthetic responses ➔ Restarts ➔ Custom origin routing
- 38.
- 39. fiddle/9c137528 DELIVER: if (resp.http.Paywall ~"^https?://[^/]+(.*)$" && !req.http.Paywall-Result) { set req.http.paywallOrigUrl = req.url; set req.url = re.group.1; restart; } Paywall 5
- 40. fiddle/9c137528 RECV: if (req.http.paywallOrigUrl) { setreq.backend = F_origin_1; } else { set req.backend = F_origin_0; } Paywall 5
- 41. fiddle/9c137528 DELIVER: ... previous code... if (resp.http.Paywall-Result && req.http.paywallOrigUrl) { set req.http.Paywall-Result = resp.http.Paywall-Result; set req.http.Paywall-Meta = resp.http.Paywall-Meta; set req.url = req.http.paywallOrigUrl; unset req.http.paywallOrigUrl; restart; } Paywall 5
- 42.
- 43.
- 44. fiddle/38f96b56 A/B testing 6 Choose randomtests, then stick to them Add extra data Add A/B cookie
- 45. fiddle/38f96b56 A/B testing 6 Learn aboutfiddle ➔ Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Multiple backends ➔ Custom request headers ➔ Browse mode Learn about Fastly ➔ Edge cache ➔ Edge dictionaries ➔ Custom origin routing ➔ Hashing functions ➔ Randomness functions ➔ Vary ➔ Setting cookies ➔ Local variables
- 46. fiddle/38f96b56 Request URL: /article/kittens A/B testing 6 Originserver: https://fiddle-ab.glitch.me
- 47. fiddle/38f96b56 RECV: set req.http.ab =if ( req.http.Cookie:ab, req.http.Cookie:ab, uuid.version4() ); A/B testing 6
- 48. fiddle/38f96b56 DELIVER: if (!req.http.Cookie:ab) { addresp.http.Set-Cookie = "ab=" req.http.ab "; max-age=31536000; path=/; secure"; set resp.http.Cache-Control = "no-store"; } A/B testing 6
- 49. fiddle/38f96b56 A/B testing 6 0 100 0100 User = “fgj592hfe”... + “header” = 53 + “buttonSize” = 87
- 50. fiddle/38f96b56 RECV: declare local var.userTestSlotINTEGER; set var.userTestSlot = std.atoi(if( digest.hash_md5(req.http.ab "header") ~ "(d).*?(d)", re.group.1 re.group.2, "0" )); set req.http.ab-header = if (var.userTestSlot <= 50, "normal", "cute"); A/B testing 6
- 51. fiddle/38f96b56 RECV: ... previous code... set var.userTestSlot = std.atoi(if( digest.hash_md5(req.http.ab "buttonSize") ~ "(d).*?(d)", re.group.1 re.group.2, "0" )); set req.http.ab-buttonSize = if (var.userTestSlot <= 20, "small", if (var.userTestSlot <= 30, "medium", "large" )); A/B testing 6
- 52.
- 53.
- 54. fiddle/32f9f345 Shielding 7 Learn about fiddle ➔Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Shielding Learn about Fastly ➔ Edge cache ➔ Header manipulation ➔ Predefined VCL variables ➔ Shielding ➔ Passing the cache
- 55.
- 56. ★ Try invertingthe Fastly-FF test to move the pass to the Shield, instead of the Edge fiddle/32f9f345 Shielding 7
- 57.
- 58. fiddle/a5bfbcce Authentication 8 Learn about fiddle ➔Create a fiddle ➔ Execute the fiddle ➔ Write VCL ➔ Autocompletion & linting ➔ Log capture Learn about Fastly ➔ Edge cache ➔ Predefined VCL variables ➔ Local variables ➔ Hashing functions ➔ Querystring functions ➔ Edge dictionaries ➔ Time comparison functions
- 59.
- 60. fiddle/a5bfbcce INIT: table config { "secret":"my-super-secret-string", } Authentication 8
- 61. fiddle/a5bfbcce RECV: declare local var.tokenSTRING; declare local var.expiryTime TIME; declare local var.suppliedSig STRING; declare local var.expectedSig STRING; set var.token = subfield(req.url.qs, "token", "&"); Authentication 8
- 62. fiddle/a5bfbcce RECV: set var.token =subfield(req.url.qs, "token", "&"); if (var.token ~ "^(d+?)_(.+)$") { set var.expiryTime = std.integer2time(std.atoi(re.group.1)); set var.suppliedSig = re.group.2; set var.expectedSig = digest.hmac_sha1_base64( table.lookup(config, "secret"), req.url.path var.expiryTime /* client.ip req.http.User-Agent */ ); } else { error 901; } Authentication 8
- 63. fiddle/a5bfbcce RECV: if (var.token ~"^(d+?)_(.+)$") { ... if (var.suppliedSig != var.expectedSig) { log "Sig is incorrect, expected " var.expectedSig; error 902; } if (time.is_after(now, var.expiryTime)) { error 903; } } Authentication 8
- 64. fiddle/a5bfbcce RECV: if (var.token ~"^(d+?)_(.+)$") { ... set req.url = querystring.filter(req.url, "token"); } Authentication 8
- 65.
- 66. ● Explore moresolutions at fastly.com/demos ● Try fiddle yourself at fiddle.fastlydemo.net ● Got something good? Let us know in community.fastly.com or email me: abetts@fastly.com. ● Remember all fiddle content is public Programming the edge