Bug in 1.1.2: Multiple headers stripped (oops)
Poul-Henning Kamp
phk at phk.freebsd.dk
Tue Aug 19 21:37:11 CEST 2008
Hi Adrian,
Good catch.
I created a ticket (#292, now closed) for this because we number
our regression tests by ticket number.
Fixed in #3110.
Poul-Henning
>I found the reason why I hit this bug, but I need some tips to
>understand how to debug what's happening in the VCL code. First, I'll
>explain the bug:
>
>1) My default.vcl is configured to strip the Cookie header in
>vcl_recv like this:
>
>sub vcl_recv {
> if(req.http.Cookie) {
> remove req.http.Cookie;
> lookup;
> }
>}
>
>2) The Connection header sent from the client browser specified that
>the "TE" header should be stripped, and was so marked in position 13
>of http_DoConnection::hp->hdf, indicating that header at index 13
>should be skipped when headers are copied into the backend request.
>
>3) The VCL code ran to strip the cookie header, removed it, and
>shifted the other elements in the array UP one position. The Host
>header followed TE at position/index 14, and became position/index 13.
>
>4) The code for copying/morphing the client request to the backend
>ran, and skipped position/index 13, which was the Host header.
>
>5) Varnish kindly noticed that there was no Host header present in
>the backend connection, and added one of it's own using the IP
>address of the backend server as the content of that header.
>
>6) The incorrect document was fetched for the backend because the
>Host header was not correct.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-dev
mailing list