Question about variables

Andrei lagged at gmail.com
Wed Jun 29 20:20:15 CEST 2016 

Hello,

The expected result is to have variables such as "block-domain.com" set for
15min once vsthrottle triggers, then later checked if defined. The
vsthrottle trigger works, but I'm not having any luck setting and checking
for the variables - they're always blank. Example vcl:

vcl_recv {
  if (client.ip ~ cloudflare) {
        var.set("ip",req.http.CF-Connecting-IP);
        var.set("src","cloud");
  } elseif (client.ip ~ sucuri) {
        var.set("ip",req.http.X-Sucuri-ClientIP);
        var.set("src","sucuri");
  } elseif (client.ip ~ incapsula) {
        var.set("ip",req.http.Incap-Client-IP);
        var.set("src","incapsula");

  } else {
        var.set("ip",client.ip);
        var.set("src","direct");
  }
        if (vsthrottle.is_denied(req.http.Host, 20, 5s) ||
(var.get("block-" + req.http.Host))) { # Here I'm trying to trigger on "
block-domain.com", but it's not working
                unset req.http.Cookie;
                unset req.http.User-Agent;
                unset req.http.Pragma;
                unset req.http.Cache-Control;
                set req.http.Attack = "ByHost " + req.http.Host + " (" +
var.get("src") + ")";
                set req.ttl = 15m;
                var.set_duration("block-" + req.http.Host,15m); # This is
where I'm trying to set the variable "block-domain.com"
                set req.http.Attack-Debug = var.get("block-" +
req.http.Host); # And again here for some debugging
                return (hash);
        }
}

vcl_deliver {
        if (req.http.Attack) {
          set resp.http.Attack-Debug = req.http.Attack-Debug;
          set resp.http.Attack = req.http.Attack;
        }
}


however Attack-Debug is always blank, thoughts?

*   << Request  >> 431527
-   Begin          req 431526 rxreq
-   Timestamp      Start: 1467223441.362702 0.000000 0.000000
-   Timestamp      Req: 1467223441.362702 0.000000 0.000000
-   ReqStart       11.22.33.44 62758
-   ReqMethod      HEAD
-   ReqURL         /
-   ReqProtocol    HTTP/1.1
-   ReqHeader      User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu)
libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
-   ReqHeader      Accept: */*
-   ReqHeader      Host: zhtest.com
-   ReqHeader      X-Forwarded-For: 11.22.33.44
-   VCL_call       RECV
-   VCL_acl        NO_MATCH cloudflare
-   VCL_acl        NO_MATCH sucuri
-   VCL_acl        NO_MATCH incapsula
-   ReqUnset       User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu)
libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
-   ReqHeader      Attack: ByHost zhtest.com (direct)
-   ReqHeader      Attack-Debug:
-   VCL_return     hash
-   VCL_call       HASH
-   VCL_return     lookup
-   Hit            329457
-   VCL_call       HIT
-   ReqHeader      X-Cache-Keep: 300.000
-   ReqHeader      X-Cache-TTL-Remaining: 110.641
-   ReqHeader      X-Cache-Age: 189.359
-   ReqHeader      Cache: HIT
-   VCL_return     deliver
-   RespProtocol   HTTP/1.1
-   RespStatus     200
-   RespReason     OK
-   RespHeader     Date: Wed, 29 Jun 2016 18:03:51 GMT
-   RespHeader     Server: Apache
-   RespHeader     Link: <http://zhtest.com/wp-json/>; rel="
https://api.w.org/"
-   RespHeader     X-Frame-Options: SAMEORIGIN
-   RespHeader     Strict-Transport-Security: max-age=31536000;
includeSubDomains
-   RespHeader     Content-Length: 7702
-   RespHeader     Content-Type: text/html; charset=UTF-8
-   RespHeader     x-url: /
-   RespHeader     X-Varnish: 431527 329457
-   RespHeader     Age: 9
-   RespHeader     Via: 1.1 varnish-v4
-   VCL_call       DELIVER
-   RespUnset      x-url: /
-   RespHeader     Cache: HIT
-   RespHeader     Cache-Hits: 1156
-   RespHeader     Attack-Debug:
-   RespHeader     Attack: ByHost zhtest.com (direct)
-   RespUnset      Server: Apache
-   RespUnset      X-Varnish: 431527 329457
-   RespUnset      Via: 1.1 varnish-v4
-   VCL_return     deliver
-   Timestamp      Process: 1467223441.362767 0.000065 0.000065
-   RespHeader     Accept-Ranges: bytes
-   Debug          "RES_MODE 0"
-   RespHeader     Connection: keep-alive
-   Timestamp      Resp: 1467223441.362802 0.000100 0.000036
-   ReqAcct        172 0 172 409 0 409
-   End


On Wed, Jun 29, 2016 at 11:14 AM, Guillaume Quintard <
guillaume at varnish-software.com> wrote:

> Hi,
>
> What do you mean by "work"? What's the expected result, and what is the
> actual result?
>
> --
> Guillaume Quintard
>
> On Wed, Jun 29, 2016 at 8:17 AM, Andrei <lagged at gmail.com> wrote:
>
>> Hello,
>>
>> I'm currently working on forcing cached results using vsthrottle vs
>> dropping requests, but for some reason (I probably did it wrong :) I can't
>> get var.get/var.set_duration to work. The vcl_recv snippet is as follows,
>> any input is greatly appreciated:
>>
>> sub vcl_recv {
>>         if (vsthrottle.is_denied(req.http.Host, 500, 5s) ||
>> (var.get("block-" + req.http.Host))) {
>>                 # The vsthrottle rate limit definitely triggers -
>> confirmed later with "Attack" header
>>                 unset req.http.Cookie;
>>                 unset req.http.User-Agent;
>>                 unset req.http.Pragma;
>>                 unset req.http.Cache-Control;
>>                 set req.http.Attack = "ByHost: " + req.http.Host;
>>                 set req.ttl = 15m;
>>                 var.set_duration("block-" + req.http.Host,15m);
>>                 return (hash);
>>         }
>> [..]
>> }
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160629/3b37ca0e/attachment-0001.html>

More information about the varnish-misc mailing list