Varnish serving content from wrong backend

Paulo Paracatu paulo at aliancaproject.com
Tue Oct 11 18:58:55 CEST 2011 

>
> It's a possibility... I don't know offhand which browsers include the
> port in the host header for standard ports. It might be a good idea to
> use a regsub to delete a trailing :\d+ from the host header on every
> request just to be sure (assuming the port isn't important to you).
>

Good idea. I'll do it today. Thanks.


>
> Also I had another thought that you should check your vcl_hash to make
> sure it's including any information you or your backends use to decide
> which content to serve. For example if it wasn't incorporating the
> host header into the hash (only the request path) then the first
> resource with a particular path would be cached by Varnish, and then
> served for any request with the same path, regardless of host.
>

I'm using the default vcl_hash. I didn't really read about vcl_hash yet.
*sub vcl_hash {*
*    hash_data(req.url);*
*    if (req.http.host) {*
*        hash_data(req.http.host);*
*    } else {*
*        hash_data(server.ip);*
*    }*
*    return (hash);*
*}*



>
> Do your backends make use of the X-Sub or X-Host header you add to the
> request? If so, you'd want to make sure they're incorporated into the
> object's hash. If you're only using them temporarily to build
> redirects etc. then that's occurring before the cache lookup, so
> shouldn't be a concern.


> If you're not already, it might also be worthwhile checking the
> request actually includes the host header and displaying an error
> message or something if it's missing. Probably unlikely to be the case
> with any graphical browser in use today, but it never hurts to be
> thorough.
>
> Lastly, if you can't find a way to reproduce this on demand, then
> getting logs from it may be difficult. It might be worthwhile to set
> up a "dummy" backend as the first one Varnish loads, which should
> never actually be used by any of your sites. That way if it does
> somehow get used, you'll know the request somehow failed to get
> assigned to a backend, and you can log the request (on the dummy
> backend, even) - maybe something about it will stick out as the
> obvious culprit. Plus, it'd avoid accidentally serving certain images
> to unsuspecting users.
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20111011/b6573b1c/attachment-0003.html>

More information about the varnish-misc mailing list