reliable varnish crash using pcre
Geoff Simmons
geoff at uplex.de
Wed Aug 5 05:26:47 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 8/5/15 3:07 AM, Jason Price wrote:
>
> if (req.url ~ "^((?!_product).)*$") {
Are you certain that this regex really does what you want it to do? It
matches a URL with this sequence:
* start of string, followed by
* zero or more repetitions of
* a point at which "_product" does not match
* followed by any character
* followed by end of string
My poor imagination fails to come up with a real-world use case for that
.
For your example:
> "/internal/v2/location?geocode=33.33,44.44&apiKey=hithere"
... the regex matches the 'e' at the end of the string (try it at
http://regex101.com/).
If I'm reading it right, your regex will match the empty string, or
the final character of any non-empty string, provided that the final
character is not preceded by "_product". Again, I suspect that that's
not what you wanted.
> This ticket discusses the issue:
> https://www.varnish-cache.org/trac/ticket/1576 It's closed,
> however the remedies mentioned don't help ("-p
> thread_pool_stack=64k"). The ticket did mention a request for
> minimal VCL to replicate.
That ticket is about regexen that send the PCRE matcher into deep
recursion, and your regex might have also sent PCRE off the rails
(negative lookahead within a zero-or-more quantifier could conceivably
do that).
I think you'd be much better off by rewriting your regex, first of all
because I doubt that it accomplishes functionally what you're trying
to do. But also because deep recursion in PCRE, or generally a regex
that is expensive to match, is in my experience the one thing you can
do in VCL to get Varnish to run slowly. Poorly written regexen in VCL
can slow down whole web sites, I've seen it happen (if not to say:
I've done it myself).
HTH,
Geoff
- --
UPLEX Systemoptimierung
Scheffelstraße 32
22301 Hamburg
http://uplex.de/
Mob: +49-176-63690917
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQIcBAEBCAAGBQJVwYJ2AAoJEOUwvh9pJNUR8vwQAIXX9dPtb8nocSv/Fcmt7Imo
YBbryWrCtz+qakwGc1xMdmk2ul/OgSsZCpoViX9DfVyrxUBsShBtSTsq/bEaOccK
YXBlwj6TlwX1x4uKLfZIT2mc7QOKz9qYEjyy8Aak/+ImaWC6aUs/6y3VhpdLgkuJ
bm3Cncs8bWbT1C9KWwViaMNZ4kf19/x62PtGUaP1LzdD3Wqh1STSaKmqC7rN7W4g
KguTX5jPiuMnGv2ZkT+RtfodCyItAw0b82lQ4Yo0XlA1IMQYFLoDiK95SQUlL0Ad
/GGWwdUSVoXdQkwJiLH1QooFHqtUPHeF4nDQClwQ5E4pNThg6Za10vjrG57wjMGl
TUT5OmAVY+tGn9i0kxlR0Kkg0T7Z1k3nMxpzt9ehhR6uyj99lRyytwc9TTD3jcp6
/y2xOcdMVnbWZasznBO1HNF4ix5l4vas4eicsw2vwFSqk8Onsu/KhWKJ8ti2xH3W
WsLXtAQYP/iQA2Ouvox7J5ynE/2CFABp23D3DurpBAhnCJ6FZMNYZ4hlrNdZ17Si
Csu0JJwy+kZodNL4Lp8qWBDCfDWAHc+kSfXFpayYlva7NIrgZi6DOx/f/w71AcyR
UjxYNFibtZisqUxrnofzpSu2jleIoID3bTVIhOyFNTaqRICQN0ONG8Btl7JBCr4r
2Mj23zYEcQM6o4CA5JE8
=X851
-----END PGP SIGNATURE-----
More information about the varnish-misc
mailing list