varnish 2.15 - possible security exploit?

Mike Franon kongfranon at gmail.com
Tue Feb 22 15:10:50 CET 2011


HI,

I was curious does anyone know of any serious security exploits that
can use varnish as an open proxy?


The reason I ask is we just put up 3 varnish servers, and about 4 days
after we started to get a DDOS attack.

If anything the varnish servers really helped offload it.  We are
still unders attack for at least 12 hours +

The reason why I am thinking that some sort of exploit might be going
on is, looking at the varnish logs I was seeing some url's for domains
we do not even own.  I am not sure how get requests are coming through
for not our own domain's?  Majority of get are for us, but 10% or so
are not

It could have been just a coicendence that we got a DDOS attack a few
days after, and glad I had varnish in, becuase we were getting over
3,000 req/sec, which our web servers definitely could not handle.



Thanks for any suggestions.



More information about the varnish-misc mailing list