Connecting to remote host

Thu Dec 19 12:45:10 UTC 2019

you need to understand what is going on why the backend is replying with
403, then we can fix the vcl.

-- 
Guillaume Quintard

On Thu, Dec 19, 2019 at 1:18 PM Varun Nath <varunnath86 at gmail.com> wrote:

> Thank You. Could you please confirm whether the VCL config I have shared
> if fine?
>
> On Thu, Dec 19, 2019 at 5:46 PM Guillaume Quintard <
> guillaume at varnish-software.com> wrote:
>
>> check the backend transaction, and understand why your origin is sending
>> back a 403. This is due to your backend configuration and I can't help you
>> with that.
>>
>> --
>> Guillaume Quintard
>>
>>
>> On Thu, Dec 19, 2019 at 1:03 PM Varun Nath <varunnath86 at gmail.com> wrote:
>>
>>> This is the VCL file am using:
>>>
>>> Note: Host is not a valid one
>>>
>>> vcl 4.0;
>>> import std;
>>> import directors;
>>>
>>> # Default backend definition. Set this to point to your content server.
>>> backend default {
>>>     .host = "remote.host.com";
>>>     .port = "80";
>>> }
>>>
>>> sub vcl_init {
>>> new vdir = directors.round_robin();
>>> vdir.add_backend(default);
>>> }
>>>
>>> sub vcl_recv {
>>>     unset req.http.proxy;
>>>     unset req.http.cookie;
>>>     set req.http.x-host = "http://remote.host.com";
>>>     set req.http.x-clientip = client.ip;
>>>     set req.http.x-serverip = server.ip;
>>>     set req.http.x-localip = local.ip;
>>>     set req.http.x-remoteip = remote.ip;
>>>     unset req.http.X-Forwarded-For;
>>>     set req.http.x-forwarded-for = client.ip;
>>>     return(pass);
>>> }
>>>
>>> sub vcl_backend_response {
>>>     # Happens after we have read the response headers from the backend.
>>>     #
>>>     # Here you clean the response headers, removing silly Set-Cookie
>>> headers
>>>     # and other mistakes your backend does.
>>> }
>>>
>>> sub vcl_deliver {
>>>     # Happens when we have all the pieces we need, and are about to send
>>> the
>>>     # response to the client.
>>> }
>>>
>>> Please let me know if I need to add something more to make the remote
>>> host caching from localhost varnish
>>>
>>> On Thu, Dec 19, 2019 at 5:05 PM Varun Nath <varunnath86 at gmail.com>
>>> wrote:
>>>
>>>> Hello,
>>>> I got some response via CURL. But getting 403 Forbidden message. Log is
>>>> as below:
>>>> * BerespStatus   403*
>>>> * BerespReason   Forbidden*
>>>> Also tried setting
>>>>
>>>> *remove req.http.X-Forwarded-For;set req.http.x-forwarded-for =
>>>> client.ip;*
>>>> But didnt work.
>>>> Could you please share your thoughts?
>>>>
>>>> On Thu, Dec 19, 2019 at 3:00 PM Varun Nath <varunnath86 at gmail.com>
>>>> wrote:
>>>>
>>>>> Thank You so much for your support. Will try this and let you know
>>>>>
>>>>> On Thu, Dec 19, 2019 at 2:49 PM Guillaume Quintard <
>>>>> guillaume at varnish-software.com> wrote:
>>>>>
>>>>>> The backend portion of the vcl only handles the TCP part of the
>>>>>> equation. If your backend expect a specific host, you need to either have
>>>>>> the client give it, or have varnish override it.
>>>>>>
>>>>>> Try curl -I localhost/your/file -H "host: whatever.your.host.is.com"
>>>>>>
>>>>>> On Thu, Dec 19, 2019, 09:02 Varun Nath <varunnath86 at gmail.com> wrote:
>>>>>>
>>>>>>> Yes, I tried with http://locahost, but that is expected, right?
>>>>>>> since the backend server is configured in VCL file. Sorry if I am wrong
>>>>>>>
>>>>>>> On Thu, Dec 19, 2019 at 2:29 PM Guillaume Quintard <
>>>>>>> guillaume at varnish-software.com> wrote:
>>>>>>>
>>>>>>>> Note: please keep the mailing list CC'd
>>>>>>>>
>>>>>>>> Check the host header you are sending to the backend. Usually, a
>>>>>>>> 404 arises because the URL and/or the host wrong.
>>>>>>>>
>>>>>>>> I'm thinking you possibly tested varnish requesting something like
>>>>>>>> http://localhost/your/test/file, but your backend isn't configured
>>>>>>>> to reply to the "localhost" host
>>>>>>>>
>>>>>>>> On Thu, Dec 19, 2019, 08:55 Varun Nath <varunnath86 at gmail.com>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>> Thanks again for the quick response.
>>>>>>>>> I have checked the log and getting the expected IP address in *BackendStart
>>>>>>>>> *parameter.  Sorry I didnt get what you mean by  you need to
>>>>>>>>> change *the host header before sending the request to the
>>>>>>>>> backend. *Could you please elaborate a little bit?
>>>>>>>>>
>>>>>>>>> On Thu, Dec 19, 2019 at 2:20 PM Guillaume Quintard <
>>>>>>>>> guillaume at varnish-software.com> wrote:
>>>>>>>>>
>>>>>>>>>> Hi,
>>>>>>>>>>
>>>>>>>>>> Use varnishlog -b (with possibly -d) to see the backend
>>>>>>>>>> transactions and see what IP is being used (is it the right one). It could
>>>>>>>>>> also be that you need to change the host header before sending the request
>>>>>>>>>> to the backend.
>>>>>>>>>>
>>>>>>>>>> Cheers,
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On Thu, Dec 19, 2019, 08:39 Varun Nath <varunnath86 at gmail.com>
>>>>>>>>>> wrote:
>>>>>>>>>>
>>>>>>>>>>> Hello,
>>>>>>>>>>> I need to connect to a remote host from local VCL config file. I
>>>>>>>>>>> have added the backend config as below
>>>>>>>>>>>
>>>>>>>>>>> backend default {
>>>>>>>>>>>     .host = "remote.host.com";
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> But am getting Page not available message. Do I miss something?
>>>>>>>>>>> Thanks in advance
>>>>>>>>>>>
>>>>>>>>>>> --
>>>>>>>>>>> VARUN NATH A V
>>>>>>>>>>> _______________________________________________
>>>>>>>>>>> varnish-misc mailing list
>>>>>>>>>>> varnish-misc at varnish-cache.org
>>>>>>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> VARUN NATH A V
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> VARUN NATH A V
>>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> VARUN NATH A V
>>>>>
>>>>
>>>>
>>>> --
>>>> VARUN NATH A V
>>>>
>>>
>>>
>>> --
>>> VARUN NATH A V
>>>
>>
>
> --
> VARUN NATH A V
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20191219/68b43e0a/attachment-0001.html>