<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1465968145706_2725">Hi,</div><div id="yui_3_16_0_ym19_1_1465968145706_2725"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725">I've installed Varnish 4.1.2 about two weeks ago on Centos 6. A week later some of my domains, top levels only '/', became redirected to amazon site. Subdirectories don't seem to be affected.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Flushing url removes redirection for day o two until the next time.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Source code was scanned against any malicious code with no positives. As well I cannot find anything suspicious in logs, no varnish commands in syslog, not much in apache and varnish logs. Passwords were changed. The issue occurs on two different vps servers with exact the same source code.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">X-Forwarded-For and mod_remoteip are used to get client IPs.<br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Before installing Varnish, all domains were online for about two years with no issues.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Below are three requests from varnishlog showing affected domain. First is HEAD request from my script monitoring website, Age 0, returning status code 200. </div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">The next one where status code was changed to 302 and redirects traffic to amazon site, Age 0.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">And the last one, my status monitoring HEAD request returning 302 and Age 17, which means page is delivered from cache.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">I got two opinions so far that such behaviour is not possible in Varnish level, and must be triggered by some software.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">After a week I have no idea what else I can do so any suggestions are appreciated.</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Thank you,</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr">Derek</div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div id="yui_3_16_0_ym19_1_1465968145706_2725" dir="ltr"><br></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3525">* << Request >> 1218382 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3526">- Begin req 1218381 rxreq</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3527">- Timestamp Start: 1465944871.292117 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3528">- Timestamp Req: 1465944871.292117 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3529">- ReqStart 1.2.3.4 39668</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3530">- ReqMethod HEAD</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3531">- ReqURL /</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3532">- ReqProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3533">- ReqHeader User-Agent: Firefox</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3534">- ReqHeader Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3535">- ReqHeader Accept: */*</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3536">- ReqHeader X-Forwarded-For: 1.2.3.4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3537">- VCL_call RECV</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3538">- VCL_acl NO_MATCH forbidden_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3539">- ReqHeader X-Device: pc</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3540">- ReqHeader Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3541">- ReqUnset Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3542">- ReqUnset Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3543">- ReqHeader host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3544">- VCL_acl NO_MATCH allowed_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3545">- VCL_return hash</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3546">- VCL_call HASH</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3547">- VCL_return lookup</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3548">- Debug "XXXX HIT-FOR-PASS"</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3549">- HitPass 1218341</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3550">- VCL_call PASS</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3551">- VCL_return fetch</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3552">- Link bereq 1218383 pass</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3553">- Timestamp Fetch: 1465944871.779680 0.487563 0.487563</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3554">- RespProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3555">- RespStatus 200</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3556">- RespReason OK</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3557">- RespHeader Date: Tue, 14 Jun 2016 22:54:31 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3558">- RespHeader Server: Apache</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3559">- RespHeader Set-Cookie: PHPSESSID=db67f651e1635d1163145b49622a1639; path=/</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3560">- RespHeader Expires: Thu, 19 Nov 1981 08:52:00 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3561">- RespHeader Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3562">- RespHeader Pragma: no-cache</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3563">- RespHeader Content-Type: text/html; charset=utf-8</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3564">- RespHeader X-Varnish: 1218382</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3565">- RespHeader Age: 0</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3566">- RespHeader Via: 1.1 varnish-v4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3567">- VCL_call DELIVER</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3568">- VCL_return deliver</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3569">- Timestamp Process: 1465944871.779733 0.487616 0.000054</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3570">- RespHeader Accept-Ranges: bytes</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3571">- Debug "RES_MODE 0"</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3572">- RespHeader Connection: keep-alive</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3573">- Timestamp Resp: 1465944871.779789 0.487672 0.000056</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3574">- ReqAcct 81 0 81 408 0 408</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3575">- End </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3576"><br id="yui_3_16_0_ym19_1_1465968145706_3577"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3578"><br id="yui_3_16_0_ym19_1_1465968145706_3579"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3580"><br id="yui_3_16_0_ym19_1_1465968145706_3581"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3582">* << Request >> 2296119 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3583">- Begin req 2296117 rxreq</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3584">- Timestamp Start: 1465944914.191716 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3585">- Timestamp Req: 1465944914.191716 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3586">- ReqStart 100.43.91.12 48042</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3587">- ReqMethod GET</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3588">- ReqURL /</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3589">- ReqProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3590">- ReqHeader Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3591">- ReqHeader Connection: Keep-Alive</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3592">- ReqHeader user-agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3593">- ReqHeader from: support@search.yandex.ru</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3594">- ReqHeader Accept-Encoding: gzip,deflate</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3595">- ReqHeader Accept-Language: ru, uk;q=0.8, be;q=0.8, en;q=0.7, *;q=0.01</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3596">- ReqHeader Accept: */*</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3597">- ReqHeader X-Forwarded-For: 100.43.91.12</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3598">- VCL_call RECV</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3599">- VCL_acl NO_MATCH forbidden_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3600">- ReqHeader X-Device: pc</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3601">- ReqHeader Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3602">- ReqUnset Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3603">- ReqUnset Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3604">- ReqHeader host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3605">- VCL_acl NO_MATCH allowed_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3606">- VCL_return hash</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3607">- ReqUnset Accept-Encoding: gzip,deflate</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3608">- ReqHeader Accept-Encoding: gzip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3609">- VCL_call HASH</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3610">- VCL_return lookup</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3611">- VCL_call MISS</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3612">- VCL_return fetch</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3613">- Link bereq 2296120 fetch</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3614">- Timestamp Fetch: 1465944914.200088 0.008372 0.008372</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3615">- RespProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3616">- RespStatus 302</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3617">- RespReason Found</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3618">- RespHeader Date: Tue, 14 Jun 2016 22:55:14 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3619">- RespHeader Server: Apache</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3620">- RespHeader Cache-Control: max-age=2592000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3621">- RespHeader Expires: Thu, 14 Jul 2016 22:55:14 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3622">- RespHeader Content-Length: 205</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3623">- RespHeader Content-Type: text/html; charset=iso-8859-1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3624">- RespHeader Location: http://www.amazon.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3625">- RespHeader X-Varnish: 2296119</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3626">- RespHeader Age: 0</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3627">- RespHeader Via: 1.1 varnish-v4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3628">- VCL_call DELIVER</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3629">- VCL_return deliver</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3630">- Timestamp Process: 1465944914.200132 0.008417 0.000044</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3631">- Debug "RES_MODE 2"</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3632">- RespHeader Connection: keep-alive</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3633">- Timestamp Resp: 1465944914.200198 0.008483 0.000066</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3634">- ReqAcct 285 0 285 319 205 524</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3635">- End </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3636"><br id="yui_3_16_0_ym19_1_1465968145706_3637"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3638"><br id="yui_3_16_0_ym19_1_1465968145706_3639"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3640"><br id="yui_3_16_0_ym19_1_1465968145706_3641"></div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3642">* << Request >> 2296134 </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3643">- Begin req 2296133 rxreq</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3644">- Timestamp Start: 1465944930.719179 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3645">- Timestamp Req: 1465944930.719179 0.000000 0.000000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3646">- ReqStart 70.27.178.167 39686</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3647">- ReqMethod HEAD</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3648">- ReqURL /</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3649">- ReqProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3650">- ReqHeader User-Agent: Firefox</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3651">- ReqHeader Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3652">- ReqHeader Accept: */*</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3653">- ReqHeader X-Forwarded-For: 70.27.178.167</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3654">- VCL_call RECV</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3655">- VCL_acl NO_MATCH forbidden_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3656">- ReqHeader X-Device: pc</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3657">- ReqHeader Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3658">- ReqUnset Cookie: </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3659">- ReqUnset Host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3660">- ReqHeader host: www.example.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3661">- VCL_acl NO_MATCH allowed_ip</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3662">- VCL_return hash</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3663">- VCL_call HASH</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3664">- VCL_return lookup</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3665">- Hit 2296120</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3666">- VCL_call HIT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3667">- VCL_return deliver</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3668">- RespProtocol HTTP/1.1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3669">- RespStatus 302</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3670">- RespReason Found</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3671">- RespHeader Date: Tue, 14 Jun 2016 22:55:14 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3672">- RespHeader Server: Apache</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3673">- RespHeader Cache-Control: max-age=2592000</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3674">- RespHeader Expires: Thu, 14 Jul 2016 22:55:14 GMT</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3675">- RespHeader Content-Length: 205</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3676">- RespHeader Content-Type: text/html; charset=iso-8859-1</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3677">- RespHeader Location: http://www.amazon.com</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3678">- RespHeader X-Varnish: 2296134 2296120</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3679">- RespHeader Age: 17</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3680">- RespHeader Via: 1.1 varnish-v4</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3681">- VCL_call DELIVER</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3682">- VCL_return deliver</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3683">- Timestamp Process: 1465944930.719297 0.000118 0.000118</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3684">- Debug "RES_MODE 0"</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3685">- RespHeader Connection: keep-alive</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3686">- Timestamp Resp: 1465944930.719347 0.000169 0.000051</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3687">- ReqAcct 81 0 81 328 0 328</div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3688">- End </div><div dir="ltr" id="yui_3_16_0_ym19_1_1465968145706_3689"><br id="yui_3_16_0_ym19_1_1465968145706_3690"></div></div></body></html>