OAuth 1.0 Signature Validation in Fastly VCL
Sometimes you want to be able to cache protected content in your CDN. One method of protecting content against unauthorised access is to use OAuth 1.0 authentication. However, since this requires an unique signature to be provided and validated for each request, it makes it non-trivial to cache such content and protect access at the same time.
Fastly is a CDN based on Varnish. As such, you are able to add logic in the form of VCL on the edge. In addition to the standard functionality contained within VCL, Fastly also provide access to cryptographic functions as well as other handy utilities such as regular expression, time and URL manipulation functions.
Whilst there are limitations to the breadth of protection that can be provided, it is possible to use these included libraries to perform basic OAuth 1.0 signature validation on the edge, thus enabling you to cache protected content.
Proof of concept VCL code, together with tests can be found my Fastly VCL Experiments repository on GitHub.