Provided by: varnish_6.2.1-2ubuntu0.2_amd64 
NAME
VMOD std - Varnish Standard Module
SYNOPSIS
import std [from "path"]
REAL random(REAL lo, REAL hi)
REAL round(REAL r)
VOID collect(HEADER hdr, STRING sep)
STRING querysort(STRING)
STRING toupper(STRING s)
STRING tolower(STRING s)
STRING strstr(STRING s1, STRING s2)
BOOL fnmatch(STRING pattern, STRING subject, BOOL pathname, BOOL noescape, BOOL period)
STRING fileread(STRING)
BOOL file_exists(STRING path)
BOOL healthy(BACKEND be)
INT port(IP ip)
DURATION duration([STRING s], [DURATION fallback], [REAL real], [INT integer])
BYTES bytes([STRING s], [BYTES fallback], [REAL real], [INT integer])
INT integer([STRING s], [INT fallback], [BOOL bool], [BYTES bytes], [DURATION duration], [REAL real], [TIME time])
IP ip(STRING s, [IP fallback], BOOL resolve)
REAL real([STRING s], [REAL fallback], [INT integer], [BOOL bool], [BYTES bytes], [DURATION duration], [TIME time])
TIME time([STRING s], [TIME fallback], [REAL real], [INT integer])
VOID log(STRING s)
VOID syslog(INT priority, STRING s)
VOID timestamp(STRING s)
BOOL syntax(REAL)
STRING getenv(STRING name)
BOOL cache_req_body(BYTES size)
VOID late_100_continue(BOOL late)
VOID set_ip_tos(INT tos)
VOID rollback(HTTP h)
INT real2integer(REAL r, INT fallback)
TIME real2time(REAL r, TIME fallback)
INT time2integer(TIME t, INT fallback)
REAL time2real(TIME t, REAL fallback)
DESCRIPTION
vmod_std contains basic functions which are part and parcel of Varnish, but which for reasons of
architecture fit better in a VMOD.
NUMERIC FUNCTIONS
REAL random(REAL lo, REAL hi)
Returns a random real number between lo and hi.
This function uses the "testable" random generator in varnishd which enables determinstic tests to be run
(See m00002.vtc). This function should not be used for cryptographic applications.
Example:
set beresp.http.random-number = std.random(1, 100);
REAL round(REAL r)
Rounds the real r to the nearest integer, but round halfway cases away from zero (see round(3)).
STRING FUNCTIONS
VOID collect(HEADER hdr, STRING sep=", )
Collapses multiple hdr headers into one long header. The default separator sep is the standard comma
separator to use when collapsing headers, with an additional whitespace for pretty printing.
Care should be taken when collapsing headers. In particular collapsing Set-Cookie will lead to unexpected
results on the browser side.
Examples:
std.collect(req.http.accept);
std.collect(req.http.cookie, "; ");
STRING querysort(STRING)
Sorts the query string for cache normalization purposes.
Example:
set req.url = std.querysort(req.url);
STRING toupper(STRING s)
Converts the string s to uppercase.
Example:
set beresp.http.scream = std.toupper("yes!");
STRING tolower(STRING s)
Converts the string s to lowercase.
Example:
set beresp.http.nice = std.tolower("VerY");
STRING strstr(STRING s1, STRING s2)
Returns a string beginning at the first occurrence of the string s2 in the string s1, or an empty string
if s2 is not found.
Note that the comparison is case sensitive.
Example:
if (std.strstr(req.url, req.http.restrict)) {
...
}
This will check if the content of req.http.restrict occurs anywhere in req.url.
BOOL fnmatch(STRING pattern, STRING subject, BOOL pathname, BOOL noescape, BOOL period)
BOOL fnmatch(
STRING pattern,
STRING subject,
BOOL pathname=1,
BOOL noescape=0,
BOOL period=0
)
Shell-style pattern matching; returns true if subject matches pattern, where pattern may contain wildcard
characters such as * or ?.
The match is executed by the implementation of fnmatch(3) on your system. The rules for pattern matching
on most systems include the following:
• * matches any sequence of characters
• ? matches a single character
• a bracket expression such as [abc] or [!0-9] is interpreted as a character class according to the rules
of basic regular expressions (not pcre(3) regexen), except that ! is used for character class negation
instead of ^.
If pathname is true, then the forward slash character / is only matched literally, and never matches *, ?
or a bracket expression. Otherwise, / may match one of those patterns. By default, pathname is true.
If noescape is true, then the backslash character \ is matched as an ordinary character. Otherwise, \ is
an escape character, and matches the character that follows it in the pattern. For example, \\ matches \
when noescape is true, and \\ when false. By default, noescape is false.
If period is true, then a leading period character . only matches literally, and never matches *, ? or a
bracket expression. A period is leading if it is the first character in subject; if pathname is also
true, then a period that immediately follows a / is also leading (as in /.). By default, period is
false.
vmod_std.fnmatch invokes VCL failure and returns false if either of pattern or subject is NULL -- for
example, if an unset header is specified.
Examples:
# Matches URLs such as /foo/bar and /foo/baz
if (std.fnmatch("/foo/\*", req.url)) { ... }
# Matches URLs such as /foo/bar/baz and /foo/baz/quux
if (std.fnmatch("/foo/\*/\*", bereq.url)) { ... }
# Matches /foo/bar/quux, but not /foo/bar/baz/quux
if (std.fnmatch("/foo/\*/quux", req.url)) { ... }
# Matches /foo/bar/quux and /foo/bar/baz/quux
if (std.fnmatch("/foo/\*/quux", req.url, pathname=false)) { ... }
# Matches /foo/bar, /foo/car and /foo/far
if (std.fnmatch("/foo/?ar", req.url)) { ... }
# Matches /foo/ followed by a non-digit
if (std.fnmatch("/foo/[!0-9]", req.url)) { ... }
FILE(SYSTEM) FUNCTIONS
STRING fileread(STRING)
Reads a file and returns a string with the content. The result is cached indefinitely per filename.
Example:
synthetic("Response was served by " + std.fileread("/etc/hostname"));
Consider that the entire contents of the file appear in the string that is returned, including newlines
that may result in invalid headers if vmod_std.fileread is used to form a header. In that case, you may
need to modify the string, for example with regsub() (see vcl(7)):
set beresp.http.served-by = regsub(std.fileread("/etc/hostname"), "\R$", "");
BOOL file_exists(STRING path)
Returns true if path or the file pointed to by path exists, false otherwise.
Example:
if (std.file_exists("/etc/return_503")) {
return (synth(503, "Varnish is in maintenance"));
}
TYPE INSPECTION FUNCTIONS
BOOL healthy(BACKEND be)
Returns true if the backend be is healthy.
INT port(IP ip)
Returns the port number of the IP address ip. Always returns 0 for a *.ip variable whose value is 0.0.0.0
because the listen address is a Unix domain socket.
TYPE CONVERSION FUNCTIONS
These functions all have the same form:
TYPE type([arguments], [fallback TYPE])
Precisely one of the arguments must be provided (besides the optional fallback), and it will be converted
to TYPE.
If conversion fails, fallback will be returned and if no fallback was specified, the VCL will be failed.
DURATION duration([STRING s], [DURATION fallback], [REAL real], [INT integer])
DURATION duration(
[STRING s],
[DURATION fallback],
[REAL real],
[INT integer]
)
Returns a DURATION from a STRING, REAL or INT argument.
For a STRING s argument, s must be quantified by ms (milliseconds), s (seconds), m (minutes), h
(hours),``d`` (days), w (weeks) or y (years) units.
real and integer arguments are taken as seconds.
If the conversion of an s argument fails, fallback will be returned if provided, or a VCL failure will be
triggered.
Conversions from real and integer arguments never fail.
Only one of the s, real or integer arguments may be given or a VCL failure will be triggered.
Examples::
set beresp.ttl = std.duration("1w", 3600s); set beresp.ttl = std.duration(real=1.5); set
beresp.ttl = std.duration(integer=10);
BYTES bytes([STRING s], [BYTES fallback], [REAL real], [INT integer])
BYTES bytes(
[STRING s],
[BYTES fallback],
[REAL real],
[INT integer]
)
Returns BYTES from a STRING, REAL or INT argument.
A STRING s argument can be quantified with a multiplier (k (kilo), m (mega), g (giga), t (tera) or p
(peta)).
real and integer arguments are taken as bytes.
If the conversion of an s argument fails, fallback will be returned if provided, or a VCL failure will be
triggered.
Other conversions may fail if the argument can not be represented, because it is negative, too small or
too large. Again, fallback will be returned if provided, or a VCL failure will be triggered.
real arguments will be rounded down.
Only one of the s, real or integer arguments may be given or a VCL failure will be triggered.
Example::
std.cache_req_body(std.bytes(something.somewhere, 10K));
std.cache_req_body(std.bytes(integer=10*1024)); std.cache_req_body(std.bytes(real=10.0*1024));
INT integer([STRING s], [INT fallback], [BOOL bool], [BYTES bytes], [DURATION duration], [REAL real], [TIME
time])
INT integer(
[STRING s],
[INT fallback],
[BOOL bool],
[BYTES bytes],
[DURATION duration],
[REAL real],
[TIME time]
)
Returns an INT from a STRING, BOOL or other quantity.
If the conversion of an s argument fails, fallback will be returned if provided, or a VCL failure will be
triggered.
A bool argument will be returned as 0 for false and 1 for true. This conversion will never fail.
For a bytes argument, the number of bytes will be returned. This conversion will never fail.
A duration argument will be rounded down to the number of seconds and returned.
A real argument will be rounded down and returned.
For a time argument, the number of seconds since the UNIX epoch (1970-01-01 00:00:00 UTC) will be
returned.
duration, real and time conversions may fail if the argument can not be represented because it is too
small or too large. If so, fallback will be returned if provided, or a VCL failure will be triggered.
Only one of the s, bool, bytes, duration, real or time arguments may be given or a VCL failure will be
triggered.
Examples:
if (std.integer(req.http.foo, 0) > 5) {
...
}
set resp.http.answer = std.integer(real=126.42/3);
IP ip(STRING s, [IP fallback], BOOL resolve=1)
Converts the string s to the first IP number returned by the system library function getaddrinfo(3). If
conversion fails, fallback will be returned or VCL failure will happen.
If resolve is false, getaddrinfo(3) is called using AI_NUMERICHOST to avoid network lookups. This makes
"numerical" IP strings cheaper to convert.
Example:
if (std.ip(req.http.X-forwarded-for, "0.0.0.0") ~ my_acl) {
...
}
REAL real([STRING s], [REAL fallback], [INT integer], [BOOL bool], [BYTES bytes], [DURATION duration], [TIME
time])
REAL real(
[STRING s],
[REAL fallback],
[INT integer],
[BOOL bool],
[BYTES bytes],
[DURATION duration],
[TIME time]
)
Returns a REAL from a STRING, BOOL or other quantity.
If the conversion of an s argument fails, fallback will be returned if provided, or a VCL failure will be
triggered.
A bool argument will be returned as 0.0 for false and 1.0 for true.
For a bytes argument, the number of bytes will be returned.
For a duration argument, the number of seconds will be returned.
An integer argument will be returned as a REAL.
For a time argument, the number of seconds since the UNIX epoch (1970-01-01 00:00:00 UTC) will be
returned.
None of these conversions other than s will fail.
Only one of the s, integer, bool, bytes, duration or time arguments may be given or a VCL failure will be
triggered.
Example:
if (std.real(req.http.foo, 0.0) > 5.5) {
...
}
TIME time([STRING s], [TIME fallback], [REAL real], [INT integer])
TIME time([STRING s], [TIME fallback], [REAL real], [INT integer])
Returns a TIME from a STRING, REAL or INT argument.
For a STRING s argument, the following formats are supported:
"Sun, 06 Nov 1994 08:49:37 GMT"
"Sunday, 06-Nov-94 08:49:37 GMT"
"Sun Nov 6 08:49:37 1994"
"1994-11-06T08:49:37"
"784111777.00"
"784111777"
real and integer arguments are taken as seconds since the epoch.
If the conversion of an s argument fails or a negative real or integer argument is given, fallback will
be returned if provided, or a VCL failure will be triggered.
Examples:
if (std.time(resp.http.last-modified, now) < now - 1w) {
...
}
if (std.time(int=2147483647) < now - 1w) {
...
}
LOGGING FUNCTIONS
VOID log(STRING s)
Logs the string s to the shared memory log, using vsl(7) tag SLT_VCL_Log.
Example:
std.log("Something fishy is going on with the vhost " + req.http.host);
VOID syslog(INT priority, STRING s)
Logs the string s to syslog tagged with priority. priority is formed by ORing the facility and level
values. See your system's syslog.h file for possible values.
Notice: Unlike VCL and other functions in the std vmod, this function will not fail VCL processing for
workspace overflows: For an out of workspace condition, the vmod_std.syslog function has no effect.
Example:
std.syslog(9, "Something is wrong");
This will send a message to syslog using LOG_USER | LOG_ALERT.
VOID timestamp(STRING s)
Introduces a timestamp in the log with the current time, using the string s as the label. This is useful
to time the execution of lengthy VCL procedures, and makes the timestamps inserted automatically by
Varnish more accurate.
Example:
std.timestamp("curl-request");
CONTROL AND INFORMATION FUNCTIONS
BOOL syntax(REAL)
Returns true if VCL version is at least REAL.
STRING getenv(STRING name)
Return environment variable name or the empty string. See getenv(3).
Example:
set req.http.My-Env = std.getenv("MY_ENV");
BOOL cache_req_body(BYTES size)
Caches the request body if it is smaller than size. Returns true if the body was cached, false
otherwise.
Normally the request body can only be sent once. Caching it enables retrying backend requests with a
request body, as usually the case with POST and PUT.
Example:
if (std.cache_req_body(1KB)) {
...
}
VOID late_100_continue(BOOL late)
Controls when varnish reacts to an Expect: 100-continue client request header.
Varnish always generates a 100 Continue response if requested by the client trough the Expect:
100-continue header when waiting for request body data.
But, by default, the 100 Continue response is already generated immediately after vcl_recv returns to
reduce latencies under the assumption that the request body will be read eventually.
Calling std.late_100_continue(true) in vcl_recv will cause the 100 Continue response to only be sent when
needed. This may cause additional latencies for processing request bodies, but is the correct behavior by
strict interpretation of RFC7231.
This function has no effect outside vcl_recv and after calling std.cache_req_body() or any other function
consuming the request body.
Example:
vcl_recv {
std.late_100_continue(true);
if (req.method == "POST") {
std.late_100_continue(false);
return (pass);
}
...
}
VOID set_ip_tos(INT tos)
Sets the IP type-of-service (TOS) field for the current session to tos. Silently ignored if the listen
address is a Unix domain socket.
Please note that the TOS field is not removed by the end of the request so probably want to set it on
every request should you utilize it.
Example:
if (req.url ~ "^/slow/") {
std.set_ip_tos(0);
}
VOID rollback(HTTP h)
Restores the h HTTP headers to their original state.
Example:
std.rollback(bereq);
DEPRECATED FUNCTIONS
INT real2integer(REAL r, INT fallback)
DEPRECATED: This function will be removed in a future version of varnish, use vmod_std.integer with a
real argument and the vmod_std.round function instead, for example:
std.integer(real=std.round(...), fallback=...)
Rounds the real r to the nearest integer, but round halfway cases away from zero (see round(3)). If
conversion fails, fallback will be returned.
Examples:
set req.http.integer = std.real2integer(1140618699.00, 0);
set req.http.posone = real2integer( 0.5, 0); # = 1.0
set req.http.negone = real2integer(-0.5, 0); # = -1.0
TIME real2time(REAL r, TIME fallback)
DEPRECATED: This function will be removed in a future version of varnish, use vmod_std.time with a real
argument and the vmod_std.round function instead, for example:
std.time(real=std.round(...), fallback=...)
Rounds the real r to the nearest integer (see vmod_std.real2integer) and returns the corresponding time
when interpreted as a unix epoch. If conversion fails, fallback will be returned.
Example:
set req.http.time = std.real2time(1140618699.00, now);
INT time2integer(TIME t, INT fallback)
DEPRECATED: This function will be removed in a future version of varnish, use vmod_std.integer with a
time argument instead, for example:
std.integer(time=..., fallback=...)
Converts the time t to a integer. If conversion fails, fallback will be returned.
Example:
set req.http.int = std.time2integer(now, 0);
REAL time2real(TIME t, REAL fallback)
DEPRECATED: This function will be removed in a future version of varnish, use vmod_std.real with a time
argument instead, for example:
std.real(time=..., fallback=...)
Converts the time t to a real. If conversion fails, fallback will be returned.
Example:
set req.http.real = std.time2real(now, 1.0);
SEE ALSO
• varnishd(1) • vsl(7) • fnmatch(3)
COPYRIGHT
Copyright (c) 2010-2017 Varnish Software AS
All rights reserved.
Author: Poul-Henning Kamp <phk@FreeBSD.org>
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
1. Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
3 VMOD(STD)