Varnish and hot linking

Darryl Dixon - Winterhouse Consulting darryl.dixon at winterhouseconsulting.com
Thu Jul 3 00:36:43 CEST 2008 

> I've set up varnish to handle hot linking, but I have an issue with
> varnish caching the "hotlink" image for the image request.
>
> Here's the relevant part of default.vcl:
>
> sub vcl_recv {
>
> # Add a unique header containing the client address
> remove req.http.X-Forwarded-For;
> set    req.http.X-Forwarded-For = client.ip;
>          if (req.request == "GET") {
>                  if ( !(req.http.referer ~ "[a-z0-9]+.domain.com|
> yahoo.|rssbandit.org|newsgator.com|google.|search?q=cache" ) &&
> (req.http.host ~ "^(raw)?images.domain.") && (req.http.referer) ) {
>                      set req.url="http://images.domain.com/hotlink.gif";
>                      pass;
>                  }
>                  lookup;
>          }
>
>          if (req.request == "PURGE") {
>                  purge_url(req.url);
>                  error 200 "OK!!";
>          }
> }
>
> The problem is this,  a user hotlinks http://images.domain.com/puppy.jpeg
>   and we return hotlink.gif.
> Now if a user legitimately loads puppy.jpeg he receives the cached
> copy of hotlink.gif in its place.
> I though by setting the req.url that the cached file is now
> hotlink.gif and we haven't even attempted to store puppy.jpeg in the
> cache.
> I need to legitimately serve puppy.jpeg even if it's being hotlinked
> from somewhere.
> Any help would be appreciated.

Hi Chris,

You need to add some conditions in vcl_fetch to prevent the 'hotlink'
image from being cached on its way back from being fetched from the
backend. In other words, calling 'pass' in vcl_recv ensures that the
current request will get a fresh copy from the backend, but during the
processing of that request, the fresh copy will be 'insert'-ed into the
cache during vcl_fetch, and so subsequent requests which hit the 'lookup'
in vcl_recv will see the previously cached copy. You need to perform a
check in vcl_fetch very similar to the one in vcl_recv to prevent the
'pass'-ed response from being cached.

Hope this helps,

regards,
Darryl Dixon
Winterhouse Consulting Ltd
http://www.winterhouseconsulting.com

More information about the varnish-misc mailing list