DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
  1. Platform Integrations: Server-side
  2. Varnish

Varnish Changelog

DataDome Varnish Module

v3.5.0 (2026-05-05)

v3.4.2 (2024-12-19)

  • Fix truncation size of Content-Type header

v3.4.1 (2022-12-20)

  • Fix truncation size of Sec-* headers

v3.4.0 (2022-12-05)

  • Add Sec-CH- and Sec-Fetch- headers
  • Fix a typo in the XForwardedForIp payload field name
  • Add semver versioning

v3.3 (2022-05-11)

  • Fixed a segfault when the backend is set to none

v3.2 (2021-09-20)

  • Added support Varnish up to 7.0 included

v3.1 (2021-05-15)

  • Added support Varnish up to 6.6

v3.0 (2020-06-30)

  • Added support Varnish 6.4
  • Introduced the universal module that works at all supported varnish version

v2.44 (2020-06-11)

  • Fixed support of varnish4 before 4.0.3
  • Sync exclusion regex with another modules

v2.43 (2019-12-21)

  • Added support Varnish 6.1, 6.2 and 6.3.

v2.42 (2018-06-01)

  • Doesn't cleanup backend request if it was cleaned up at the first try

v2.41 (2018-05-10)

  • Included headers to ApiServer's call: Content-Type, From, X-Real-IP, Via and True-Client-IP
  • Improved X-Forwarded-For handling

v2.40 (2018-04-25)

  • Don't use static memory to keep headers name to prevent crash at vcl.load & vcl.discard

v2.39 (2018-04-11)

  • vmod_validate_url should change url and not method, fixed it

v2.38 (2018-04-11)

  • Don't use static memory from module inside Varnish request to prevent crash at vcl.load & vcl.discard

v2.37 (2018-04-03)

  • Prevented double free of memory when varnish run free at module config.

v2.36 (2018-03-22)

  • Added support Varnish 5.2 and 6.0.

v2.35 (2017-09-26)

  • Introduced ESI support

v2.34 (2017-09-04)

  • Force close connection with request body when API server's baned request

v2.33 (2017-08-07)

  • Introduced support 401 response code from the API Server

v2.32 (2017-07-20)

  • Cleanup unused tests from sources

v2.31 (2017-06-27)

  • Introduced data_dome_shield.is_datadome_call()
  • Tested with directors-based upstream

v2.30 (2017-05-24)

  • Added support VCL_Log:DataDome_status and VCL_Log:DataDome_spent_time

v2.29 (2017-04-27)

  • Restoring request inside is_valid() and made restore_request() deprecated
  • added datadome.vcl

v2.28 (2017-04-12)

  • Added support of Varnish-5.1.2+
  • Force use HTTP/1.1 protocol to ApiServer's call

v2.27 (2017-04-03)

  • Added support of Varnish5.1
  • Allocating more memory to overstep a bug inside http_Teardown

v2.26 (2017-03-16)

  • Implemented support X-DataDome-request-Headers
  • Reset memory that is used as new headers for the API server call

v2.25 (2017-02-21)

  • Reset memory that is used as new headers for the API server call

v2.24 (2017-01-25)

  • Removed X-DataDome headers at real backend request and introduced data_dome_shield.cleanup_backends_request
  • Don't copy URI for regex matching
  • Moved from syslog to standard varnish logging way

v2.23 (2016-12-09)

  • Added verification by X-DatadomeResponse header
  • Sent request's headers to the API server
  • Sent request's Connection, Pragma and Cache-Control header's value

v2.22 (2016-10-18)

  • Add support of Varnish5
  • Sync exclusion regex with another modules

v2.21 (2016-10-06)

  • Fixed crash when use data_dome_shield.uri_regex_exclusion without data_dome_shield.uri_regex

v2.20 (2016-09-26)

  • Switched to use prereserved memory to create API call body
  • Fixed memory overflow when value has a lot of symbols that will be url encoded
  • Don't duplicate Host header in request to real backend
  • Don't send request headers to API server
  • correct truncate url encoded value

v2.19 (2016-09-21)

  • Decreased the maximum API call to 10kb

v2.18 (2016-09-13)

  • Add .mp4 and .otf to default exclusion regex
  • release workspace memory when it has any errors

v2.17 (2016-09-06)

  • Don't allocate more memory that real use

v2.16 (2016-08-08)

  • Remove all code that can read request body
  • Add regex exclusion

v2.15 (2016-07-27)

  • Send Content-Length header as PostParamLen

v2.14 (2017-07-23)

  • Correctly handle extra-headers in blocking mode

v2.13 (2016-06-29)

  • Disable send Cookies and Body to API server by default
  • Add debug_params option
  • Send Cookies length and Body length to API server
  • Send Authorization length
  • Send Method
  • Send X-Requested-With
  • Send Origin

v2.12 (2016-06-23)

  • Add url encoding to API call parametrs

v2.11 (2016-06-03)

  • Fix param truncate logic

v2.10 (2016-04-25)

  • Don't overwrite Set-Cookie header.

v2.9 (2016-04-15)

  • Module don't generate CleintID
  • Remove X-DataDome header with module version
  • Support X-DataDome-headers from API response

v2.8 (2016-04-09)

  • Implemented setup DATA_DOME_IS_URI_REGEX_MATCHED env
  • Add X-DataDome header with module version

v2.7 (2016-01-28)

  • fixed truncated client ID generation
  • re-generate client ID if it shortest or longest what expected

v2.6 (2016-01-26)

  • fixed corrupt API call

v2.5 (2016-01-21)

  • disable send post param in default settings

v2.4 (2016-01-08)

  • fix crashing on POST request with zero body

v2.3 (2016-01-06)

  • moved logic to add Set-Cookie to is_valid function
  • fixed isSentByClient and generatedNewClientID
  • switched off default url encoding for API Call
  • replace old cookies
  • fixed accept encoding
  • forced re-read body (removes 5 seconds timeout)
  • accept body that sends in different packets

v2.2 (2015-12-10)

  • fixed crash X-Forwarder-For without port
  • don't send empty parameter anymore

v2.1 (2015-12-02)

  • Regex only apply to URL, not to MIME anymore

V2.0 (2015-11-30)

  • Cookie and session ID implementation
  • Extract more from Header : Accept, AcceptCharset, AcceptEncoding and AcceptLanguage