[Varnish] #261: regexp on cookie header breaks the URL
Varnish
varnish-bugs at projects.linpro.no
Tue Jun 24 15:56:23 CEST 2008
#261: regexp on cookie header breaks the URL
----------------------+-----------------------------------------------------
Reporter: wichert | Owner: phk
Type: defect | Status: new
Priority: highest | Milestone: Varnish 2.0 release
Component: varnishd | Version: trunk
Severity: major | Keywords:
----------------------+-----------------------------------------------------
Using varnish from trunk as of r2790.
I have this bit of VCL:
{{{
sub vcl_recv {
set req.backend = lb01;
set req.url =
"/VirtualHostBase/http/plone.customer.int:80/eli/VirtualHostRoot" req.url;
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
lookup;
}
if (req.request == "POST") {
pass;
}
if (req.http.If-None-Match) {
pass;
}
if (req.url ~ "\.(gif|png|jpg|css|kss|js)") {
remove req.http.cookie;
lookup;
}
if (req.url ~ "VirtualHostRoot/?$" && ! req.http.cookie ~ "__ac" ) {
if (req.http.cookie ~ "mainchain") {
set req.http.cookie = regsub(req.http.cookie,
".*mainchain=%22([^%22]*%22).*", "mainchain=\1");
} else {
remove req.http.cookie;
}
}
}
}}}
What this tries to do is sanitize the ''mainchain'' cookie when the user
is looking at the frontpage. Strangely enough if a user tries to look at
the frontpage varnish mangles the URL. Here is the relevant varnishlog:
{{{
9 ReqStart c 10.121.10.84 41581 1274035111
9 RxRequest c GET
9 RxURL c /
9 RxProtocol c HTTP/1.1
9 RxHeader c Accept-Language: en
9 RxHeader c Accept-Encoding: gzip, deflate
9 RxHeader c Cookie: mainchain="89b21ac46cd08651c0fc0870a03470ec"
9 RxHeader c User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X
10_4_
11; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18
9 RxHeader c Accept:
text/xml,application/xml,application/xhtml+xml,text
/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
9 RxHeader c Cache-Control: max-age=0
9 RxHeader c Connection: keep-alive
9 RxHeader c Host: plone.customer.int
9 VCL_call c recv
9 VCL_return c pass
9 VCL_call c pass
9 VCL_return c pass
11 TxRequest b GET
11 TxURL b /VirtualHostBase/httcookie:
mainchain=89b21ac46cd08651c0fc0
870
11 TxProtocol b HTTP/1.1
11 TxHeader b Accept-Language: en
11 TxHeader b Accept-Encoding: gzip, deflate
11 TxHeader b User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X
10_4_
11; en) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.18
11 TxHeader b Accept:
text/xml,application/xml,application/xhtml+xml,text
/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
11 TxHeader b Host: plone.customer.int
11 TxHeader b cookie: mainchain=89b21ac46cd08651c0fc0870a03470ec"
11 TxHeader b X-Varnish: 1274035111
11 TxHeader b X-Forwarded-For: 10.121.10.84
11 RxProtocol b HTTP/1.0
11 RxStatus b 400
11 RxResponse b Bad Request
11 RxHeader b Date: Tue, 24 Jun 2008 13:50:58 GMT
11 RxHeader b Content-Length: 136
11 RxHeader b Content-Type: text/html
11 RxHeader b Server: Medusa/24763
9 ObjProtocol c HTTP/1.0
9 ObjStatus c 400
9 ObjResponse c Bad Request
9 ObjHeader c Date: Tue, 24 Jun 2008 13:50:58 GMT
9 ObjHeader c Content-Type: text/html
9 ObjHeader c Server: Medusa/24763
}}}
Notice how the cookie is suddenly inserted in the middle of the URL.
--
Ticket URL: <http://varnish.projects.linpro.no/ticket/261>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list