How to escape a double quote in varnish vcl

Question

In vcl_recv I'm trying to send a 403 to requests that contain the following characters in the url: ",',<,>,(, and )

if(req.url ~ "[\'\<\>()].*\.html" ) {
  return (synth(403, "Forbidden"));
}

everything works except the double quote " I tried regex like:

"[\"\'\<\>()].*\.html"
"[\\"\'\<\>()].*\.html"
"[%22\'\<\>()].*\.html"
"[x22\'\<\>()].*\.html"

All of them do not compile with "varnishd -C -f default.vcl" I'm currently on varnish-4.1.1 Does anyone know how to escape the " correctly?

score 7 · Accepted Answer · answered May 15 '17 at 18:16

7

How about:

if (req.url ~ "[\x27<>()\x22]") {
    return (synth(403, "Forbidden"));
}

answered May 15 '17 at 18:16

Danila Vershinin

perhaps we want to allow those chars in the query string `"^/[^\?]*[\x27<>()\x22]"` – Antony Gibbs Mar 21 '22 at 23:14

score 2 · Answer 2 · answered Mar 29 '18 at 21:00

2

%22 will give you a double quote within your quoted string in Varnish VCL

answered Mar 29 '18 at 21:00

Vinnie James

Take into account that Fastly VCL has many custom extensions. Percent-escaping is one of those extensions, see https://www.fastly.com/blog/unicode-in-vcl – Martijn Pieters Jun 21 '21 at 20:05

2 Answers2