[lmz]

It's fully programmable. You can probably make it verify the user token and URL against a database.

[fraggle222]

Really? I don't see much in the docs about this except https://www.varnish-cache.org/docs/4.1/users-guide/vcl-inlin...

They seem (at first glance) to have no concept of security in the sense of restricting people's access to certain content like in the case of all social networks.

[lmz]

It's extensible in C, and modules (http://www.varnish-cache.org/vmods/) are available to talk to e.g. Redis.