Moving a redirect from backend to varnish

Wed Jan 17 09:08:11 CET 2007

Hi there. I am currently responsible for a reasonably large cms 
(http://www.hio.no). Now, the problem is, my predecessor has *not* 
implemented a cache for this site, and the server is getting loaded down 
quite heavily due to many mysql-requests.

Enter varnish (1.0.2-7 on Red Hat AS4) .... but, there is a problem: 
poorly documented vcl ;)

One of the most important aspects about the site is that we have an 
apache-rewrite on "/" for all http-requests from our OWN networks when 
there is no Referer header set. The reason is we (or, our information 
department.... ;) want all internal requests to / to end up on the news 
page on first open, and subsequent clicks on links to / to actually take 
you to /.

Now, a proxy will certainly mess up this apache rewrite. The apache 
rewrite itself looks like this (truncated for brevity):

RewriteCond %{REMOTE_ADDR}  ^128\.39\.75\.*  [OR]
RewriteCond %{REMOTE_ADDR}  ^128\.39\.89\.*  [OR]
RewriteCond %{REMOTE_ADDR}  ^2001:700:700:\.*
RewriteCond %{HTTP_REFERER} !^http://www\.hio\.no
RewriteRule ^/$ /content/view/full/27 [R=permanent,L]

A rather simple redirect.

The problem is, with varnish in place, this will of course not have the 
desired effect. the vcl man page tells us a few things, but there have 
been some problems implementing this redirect.

At the moment, I am playing with using an acl to check if the client is 
on an internal network, and then see if Referer is set and the page 
being requested is /, and then act accordingly.

There are two problems in this. The first is making the test act 
accordingly, the second is the acl syntax.. first, the test. I am 
currently using something like:

if (client ~ internal && req.url == "/" && req.http.referer) {...}

The acl uses a syntax which I've noticed in the list archives for this 
list is possibly bugged for checking IP's (?):

acl internal {
         "158.36.161.1"/24;
         "158.36.78.1"/23;
	...
	...
}

Now, the man page uses .1 for the IPs, but .0 should be more intuitive? 
Also the /24 should probably be placed inside the quotes?

Now, provided I get the right test in place - the next question is how 
to handle the redirect itself. You could either send the request on to 
the backend (but this is not good caching... ;), using pipe (?), or we 
could tell the client directly that the document is moved, and what the 
correct url is. But how could I get varnish to simply say "beeeep, no, 
go to THIS page instead" using something like a http 301?

Or is there another solution that the current documentation does not expose?

Oh, and is there any need for credits to the varnishproject if I use it 
on http://www.hio.no?

-- 
Kenneth Rørvik, IT HiO
Tlf 22 45 20 83
Kenneth.Rorvik at hio.no