varnish security

Poul-Henning Kamp phk at
Mon Jul 12 12:20:29 CEST 2010

In message <4C3AD9F6.8020307 at>, Chris Hecker writes:

>> I pressume you also bothered to read the vendor response ?
>Of course.  I was just pointing out the related thread.

Uhm, no, you pointed to the message with the bogo-advisory and
I do not seem to be able to find any ensuing discussion from there ?

>Maybe a wiki page on on securing varnish would be 
>useful here.  It could contain the thing about the file permissions 
>above, a short discussion of the CLI, etc.  That would help, and 
>couldn't hurt.

Yeah, our docs need work...

>The Husqvarna analogy is slightly flawed since most people can't run
>yum install husqvarna
>and have one magically appear at their feet, gassed and ready to go.  :)

That argument would be much more convincing, if sites like this
did not exist:


Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list