Is there a recent security problem?

Andrzej Godziuk info at massivescale.net
Thu Jan 29 10:46:15 CET 2015


Hello,

I'm administrating a few servers, some of them running Varnish, set up
and running in different companies by different people. 

In the recent days, unrelated servers which have been runing stable for
many months suddenly started not accepting connections on the Varnish
port. No system metrics such as accept() backlog, number of open files
or RAM, system load etc are on an unusually high level.

Restarting Varnish helps, but the problem returns in a few hours or
days, depending on traffic. Most systems have the Varnish port 80
exposed to the internet, one is behind a firewall and another is behind
Pound.

The only thing these systems have in common is that they're running
Varnish 3.0.6 on CentOS 6 - and that they have a mysterious problem
which is only solved by restarting Varnish. Configuration has not been
changed in any of them recently, except for standard CentOS updates (not
on all of them).

One of the systems has been running for 2 years without any
intervention and today, all of the sudden, I got 503 from Pound (which
was in front of Varnish). This is highly irregular.

Is somebody having problems like this recently? The only explanation I
have is a security problem that someone found and is exploiting. This
or sun spots or increased radiation above Europe :)

Andrzej Godziuk



More information about the varnish-misc mailing list