varnish 2.15 - possible security exploit?

Per Buer perbu at varnish-software.com
Tue Feb 22 15:15:16 CET 2011


Hi Mike,

On Tue, Feb 22, 2011 at 3:10 PM, Mike Franon <kongfranon at gmail.com> wrote:
>
> I was curious does anyone know of any serious security exploits that
> can use varnish as an open proxy?

No. It is impossible to configure Varnish as an open proxy, since
every backend has to be predefined.

> The reason I ask is we just put up 3 varnish servers, and about 4 days
> after we started to get a DDOS attack.
>
> If anything the varnish servers really helped offload it.  We are
> still unders attack for at least 12 hours +
>
> The reason why I am thinking that some sort of exploit might be going
> on is, looking at the varnish logs I was seeing some url's for domains
> we do not even own.  I am not sure how get requests are coming through
> for not our own domain's?  Majority of get are for us, but 10% or so
> are not

Just the DOS client which hammers you with random URLs, including host
names that are not configured at your site. You can probably just
whitelist the ones you're using and disregard the rest.


-- 
Per Buer, Varnish Software
Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
Varnish makes websites fly!
Want to learn more about Varnish? http://www.varnish-software.com/whitepapers



More information about the varnish-misc mailing list