<div>I have been investigating an issue on a client's website that is very peculiar. I have verified that the behavior is due to the instance of Varnish that Rackspace configured for us. However, I'm not sure if this constitutes a bug in Varnish or a configuration error. I'm hoping someone can verify it for me one way or the other.</div>
<div><br></div><div>Here is the scenario: Some of our PHP pages are protected by way of verifying that certain session variables are set. If not, the user is sent to the login page. We have observed that on URLs in which there is a querystring, and when the last value of that querystring ends in ".jpg", ".jpeg", ".gif", or ".png", and when we have an iptable rule that routes requests from port 80 to Varnish, the session is reset completely. Oddly enough, no other extension seems to have this affect. I have recreated this behavior in a clean PHP file, which I've attached. You can test this script on your own using the following URLs. The ones marked with the * are where the session gets reset.</div>
<div><br></div><div><div><a href="http://localhost/test_cdb.php">http://localhost/test_cdb.php</a></div><div><a href="http://localhost/test_cdb.php?foo=1">http://localhost/test_cdb.php?foo=1</a></div><div><a href="http://localhost/test_cdb.php?foo=1&baz=bix">http://localhost/test_cdb.php?foo=1&baz=bix</a></div>
<div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.far">http://localhost/test_cdb.php?foo=1&baz=bix.far</a></div><div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.far.jpg">http://localhost/test_cdb.php?foo=1&baz=bix.far.jpg</a> *</div>
<div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.fur">http://localhost/test_cdb.php?foo=1&baz=bix.fur</a></div><div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.gif">http://localhost/test_cdb.php?foo=1&baz=bix.gif</a> *</div>
<div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.bmp">http://localhost/test_cdb.php?foo=1&baz=bix.bmp</a></div><div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.php">http://localhost/test_cdb.php?foo=1&baz=bix.php</a></div>
<div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.exe">http://localhost/test_cdb.php?foo=1&baz=bix.exe</a></div><div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.tar">http://localhost/test_cdb.php?foo=1&baz=bix.tar</a></div>
<div><a href="http://localhost/test_cdb.php?foo=1&baz=bix.jpeg">http://localhost/test_cdb.php?foo=1&baz=bix.jpeg</a> *</div></div><div><br></div><div>Here is the rule we created for iptables</div><div><br></div><font class="Apple-style-span" face="'courier new', monospace">-A PREROUTING -t nat -d x.x.x.128 -p tcp -m tcp --dport 80 -j DNAT --to-destination x.x.x.128:6081 </font><div>
<br></div><div>Chris Bloom<br>Internet Application Developer<br>
</div>