[Varnish 4] Respecting client's Cache-Control: max-age= as TTL

Dridi Boukelmoune dridi at varni.sh
Tue Aug 1 11:04:16 CEST 2017

On Tue, Aug 1, 2017 at 9:34 AM, Guillaume Quintard
<guillaume at varnish-software.com> wrote:
> Ah, right, I totally forgot about that, sorry.
> Sooooooo, there's no real clean way to do it (that I can see, smarter people
> than me may have a solution), but here's what I can offer.

First, I would say that honoring a client's cache-control is a
terrible idea: it's a glorified DoS vector.

Now if you really want to do that (eg. you have a trustworthy client,
say a script, that drives caching decisions) you still can't outlive
the object's TTL (the one that was picked at the end of
vcl_backend_getch). Of course you need to assert the trustworthiness
of such requests too. It becomes quite cumbersome to allow clients to
make decisions.

Sorry, I can't help, I will only say "don't do it" :)


More information about the varnish-misc mailing list