Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.In non-production environment in Acquia Cloud is common to use some authentication type to prevent other people or robots to have access to these environments, like Drupal Shield module.
In our case, We are using drupal Shield module to provide a basic HTTP authentication, but, when the users update contents these updates are not visualised by others users. For each update we can see the Acquia Purge ajax processor in action without any errors.
We were thinking that it was a cache issue, but was not. If we disable the Shield module, the issue disappears and new content updates are visualised correctly after the AP ajax processor be performed.
When we are under shield, all requests made to website have a header for basic authentication and Varnish considers this header as part of cache request, similar when we send parameters in URL, but we don't know what Varnish does exactly. But when we disable the Shield, this header is not sent and all things work.
For test purpose, when changed the PURGE request made by Acquia Purge to Varnish and we added the basic HTTP authentication header. After this, all updates made by users under shield worked fine, BUT, when we disable the Shield, the issue occurred for users without shield.
We concluded that Varnish considers this basic HTTP authentication header to build your cache and this cache is provided to requests made using this header. (Caches made with authentication header are provided to requests with authentication header and caches made without authentication header are provided to requests made without authentication header).
Some browsers (like Chrome for Mac) does not send authentication header for images, so, we need two caches in environments under shield.
To solve this issue, we added a code in Acquia Purge to verify if it need to use basic HTTP authentication and send two requests to Varnis: one with authentication header and the other without this header.
We are using a variable containing the authentication encoded in Base 64 and added an instruction in settings.php file to clean this variable in production environment (because our production has not shield).
Please, see path attached with code for Acquia Purge.
| Comment | File | Size | Author |
|---|---|---|---|
| acquia_purge.patch | 738 bytes | leotorati | |
| |||
Comments
Comment #3
nielsvm CreditAttribution: nielsvm as a volunteer and at Acquia commentedI don't think supporting this should be considered the scope of Acquia Purge, especially as users almost always only use HTTP Authentication on development and test environments. In addition to this, there's a serious technical risk that adding that HTTP header causes other unforseen issues.
I will add a diagnostic warning however, so that folks are more clearly aware of what is happening.
Thank you.
Comment #5
nielsvm CreditAttribution: nielsvm as a volunteer and at Acquia commentedSince warning seems to be within the scope of this module, I'm now closing it as fixed. However, feel free to reopen may the need arise.