Remap Purge Plugin

This remap plugin allows the administrator to easily setup remotely controlled PURGE for the content of an entire remap rule. The actual purging is instant, and has no cost on the ATS server side. The plugin makes it easy to accomplish this, since it’s a simple REST API to trigger the PURGE event.

Purpose

Oftentimes, it’s important, or even mission critical, to be able to purge a large portion of an Apache Traffic Server. For example, imagine that you’ve pushed a new version of the site’s HTML files, and you know it’s going to be hours, or even days, before the content expires in the cache.

Using this plugin, you can now easily set the Cache-Control very long, yet expire a large portion of the cache instantly. This is building upon the proxy.config.http.cache.generation configuration. What the plugin does is to provide a REST API that makes it easy to manage this generation ID for one or many ATS servers.

Installation

This plugin is still experimental, but is included with Traffic Server when you build with the experimental plugins enabled via configure.

Configuration

This plugin only functions as a remap plugin, and is therefore configured in remap.config. Be aware that the PURGE requests are typically restricted to localhost, but see ip_allow.yaml and remap.config how to configure these access controls.

If PURGE does not work for your setup, you can enable a relaxed configuration which allows GET requests to also perform the purge. This is not a recommended configuration, since there are likely no ACLs for this now, only the secret protects the content from being maliciously purged.

Plugin Options

There are three configuration options for this plugin:

--secret      The secret the client sends to authorize the purge
--header      The header the client sends the secret in (optional)
--state-file  Name of the state file where we store the GenID
--allow-get   This also allows a simple GET to perform the purge

Examples

map https://www.example.com http://origin.example.com
@plugin=purge_remap.so @pparam=–state-file=example

@pparam=–header=ATS-Purger @pparam=–secret=8BFE-656DC3564C05

This setups the server to PURGE using a special header for authentication:

curl -X PURGE -H "ATS-Purger: 8BFE-656DC3564C05" https://www.example.com

The passing of the secret as a header is option, if not specified, the last component of the path is used instead. Example:

map https://www.example.com/docs http://docs.example.com \
   @plugin=purge_remap.so @pparam=--state-file=example_docs \
                          @pparam=--secret=8BFE-656DC3564C05

This can now be purged with an even simpler request, but be aware that the secret is now likely stored in access logs as well:

curl -X PURGE https://www.example.com/docs/8BFE-656DC3564C05