Session issues when using Varnish

Wed Mar 16 19:59:02 CET 2011

Hi David, List.

I think I'll use this snipplet in the documentation if you don't mind.
I need to work in more regsub calls there anyway.

Cheers,

Per.

On Wed, Mar 16, 2011 at 7:51 PM, David Helkowski <dhelkowski at sbgnet.com> wrote:
> The vcl you are showing may be standard, but as you have noticed it will not
> work properly when
> query strings end in a file extension. I encountered this same problem after
> blindly copying from
> example varnish configurations.
> Before the check is done, the query parameter needs to be stripped from the
> url.
> Example of an alternate way to check the extensions:
>
> sub vcl_recv {
>     ...
>     set req.http.ext = regsub( req.url, "\?.+$", "" );
>     set req.http.ext = regsub( req.http.ext, ".+\.([a-zA-Z]+)$", "\1" );
>     if( req.http.ext ~
> "^(js|gif|jpg|jpeg|png|ico|css|html|ehtml|shtml|swf)$" ) {
>       return(lookup);
>     }
>     ...
> }
>
> Doubtless others will say this approach is wrong for some reason or another.
> I use it in a production
> environment and it works fine though. Pass it along to your hosting provider
> and request that they
> consider changing their config.
>
> Note that the above code will cause the end user to receive a 'ext' header
> with the file extension.
> You can add a 'remove req.http.ext' after the code if you don't want that to
> happen...
>
> Another thing to consider is that whether it this is a bug or not; it is a
> common problem with varnish
> configurations, and as such can be used on most varnish servers to force
> them to return things
> differently then they normally would. IE: if some backend script is a huge
> request and eats up resources, sending
> it a '?.jpg' could be used to hit it repeatedly and bring about a denial of
> service.
>
> On 3/16/2011 11:55 AM, Chris Bloom wrote:
>
> Thank you, Bjorn, for your response.
> Our hosting provider tells me that the following routines have been added to
> the default config.
> sub vcl_recv {
>   # Cache things with these extensions
>   if (req.url ~
> "\.(js|css|JPG|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
>     unset req.http.cookie;
>     return (lookup);
>   }
> }
> sub vcl_fetch {
>   # Cache things with these extensions
>   if (req.url ~
> "\.(js|css|JPG|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
>     unset req.http.set-cookie;
>     set obj.ttl = 1h;
>   }
> }
> Clearly the req.url variable contains the entire request URL, including the
> querystring. Is there another variable that I should be using instead that
> would only include the script name? If this is the default behavior, I'm
> inclined to cry "bug".
> You can test that other script for yourself by substituting
> maxisavergroup.com for the domain in the example URLs I provided.
> PS: We are using Varnish 2.0.6
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

-- 
Per Buer, Varnish Software
Phone: +47 21 98 92 61 / Mobile: +47 958 39 117 / Skype: per.buer
Varnish makes websites fly!
Want to learn more about Varnish? http://www.varnish-software.com/whitepapers