<div dir="ltr">Hello,<div><br></div><div>The expected result is to have variables such as "<a href="http://block-domain.com">block-domain.com</a>" set for 15min once vsthrottle triggers, then later checked if defined. The vsthrottle trigger works, but I'm not having any luck setting and checking for the variables - they're always blank. Example vcl:</div><div><br></div><div>vcl_recv {</div><div><div> if (client.ip ~ cloudflare) {</div><div> var.set("ip",req.http.CF-Connecting-IP);</div><div> var.set("src","cloud");</div><div> } elseif (client.ip ~ sucuri) {</div><div> var.set("ip",req.http.X-Sucuri-ClientIP);</div><div> var.set("src","sucuri");</div><div> } elseif (client.ip ~ incapsula) {</div><div> var.set("ip",req.http.Incap-Client-IP);</div><div> var.set("src","incapsula");</div><div><br></div><div> } else {</div><div> var.set("ip",client.ip);</div><div> var.set("src","direct");</div><div> }</div></div><div> if (vsthrottle.is_denied(req.http.Host, 20, 5s) || (var.get("block-" + req.http.Host))) { # Here I'm trying to trigger on "<a href="http://block-domain.com">block-domain.com</a>", but it's not working<br></div><div><div> unset req.http.Cookie;<br></div><div> unset req.http.User-Agent;</div><div> unset req.http.Pragma;</div><div> unset req.http.Cache-Control;</div><div> set req.http.Attack = "ByHost " + req.http.Host + " (" + var.get("src") + ")";</div><div> set req.ttl = 15m;</div><div> var.set_duration("block-" + req.http.Host,15m); # This is where I'm trying to set the variable "<a href="http://block-domain.com">block-domain.com</a>"</div><div> set req.http.Attack-Debug = var.get("block-" + req.http.Host); # And again here for some debugging</div><div> return (hash);</div><div> }</div></div><div>}</div><div><br></div><div>vcl_deliver {<br></div><div><div> if (req.http.Attack) {</div><div> set resp.http.Attack-Debug = req.http.Attack-Debug;</div><div> set resp.http.Attack = req.http.Attack;</div><div> }</div></div><div>}<br></div><div><br></div><div><br></div><div>however Attack-Debug is always blank, thoughts?</div><div><br></div><div><div>* << Request >> 431527 </div><div>- Begin req 431526 rxreq</div><div>- Timestamp Start: 1467223441.362702 0.000000 0.000000</div><div>- Timestamp Req: 1467223441.362702 0.000000 0.000000</div><div>- ReqStart 11.22.33.44 62758</div><div>- ReqMethod HEAD</div><div>- ReqURL /</div><div>- ReqProtocol HTTP/1.1</div><div>- ReqHeader User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2</div><div>- ReqHeader Accept: */*</div><div>- ReqHeader Host: <a href="http://zhtest.com">zhtest.com</a></div><div>- ReqHeader X-Forwarded-For: 11.22.33.44</div><div>- VCL_call RECV</div><div>- VCL_acl NO_MATCH cloudflare</div><div>- VCL_acl NO_MATCH sucuri</div><div>- VCL_acl NO_MATCH incapsula</div><div>- ReqUnset User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.21 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2</div><div>- ReqHeader Attack: ByHost <a href="http://zhtest.com">zhtest.com</a> (direct)</div><div>- ReqHeader Attack-Debug: </div><div>- VCL_return hash</div><div>- VCL_call HASH</div><div>- VCL_return lookup</div><div>- Hit 329457</div><div>- VCL_call HIT</div><div>- ReqHeader X-Cache-Keep: 300.000</div><div>- ReqHeader X-Cache-TTL-Remaining: 110.641</div><div>- ReqHeader X-Cache-Age: 189.359</div><div>- ReqHeader Cache: HIT</div><div>- VCL_return deliver</div><div>- RespProtocol HTTP/1.1</div><div>- RespStatus 200</div><div>- RespReason OK</div><div>- RespHeader Date: Wed, 29 Jun 2016 18:03:51 GMT</div><div>- RespHeader Server: Apache</div><div>- RespHeader Link: <<a href="http://zhtest.com/wp-json/">http://zhtest.com/wp-json/</a>>; rel="<a href="https://api.w.org/">https://api.w.org/</a>"</div><div>- RespHeader X-Frame-Options: SAMEORIGIN</div><div>- RespHeader Strict-Transport-Security: max-age=31536000; includeSubDomains</div><div>- RespHeader Content-Length: 7702</div><div>- RespHeader Content-Type: text/html; charset=UTF-8</div><div>- RespHeader x-url: /</div><div>- RespHeader X-Varnish: 431527 329457</div><div>- RespHeader Age: 9</div><div>- RespHeader Via: 1.1 varnish-v4</div><div>- VCL_call DELIVER</div><div>- RespUnset x-url: /</div><div>- RespHeader Cache: HIT</div><div>- RespHeader Cache-Hits: 1156</div><div>- RespHeader Attack-Debug: </div><div>- RespHeader Attack: ByHost <a href="http://zhtest.com">zhtest.com</a> (direct)</div><div>- RespUnset Server: Apache</div><div>- RespUnset X-Varnish: 431527 329457</div><div>- RespUnset Via: 1.1 varnish-v4</div><div>- VCL_return deliver</div><div>- Timestamp Process: 1467223441.362767 0.000065 0.000065</div><div>- RespHeader Accept-Ranges: bytes</div><div>- Debug "RES_MODE 0"</div><div>- RespHeader Connection: keep-alive</div><div>- Timestamp Resp: 1467223441.362802 0.000100 0.000036</div><div>- ReqAcct 172 0 172 409 0 409</div><div>- End </div></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jun 29, 2016 at 11:14 AM, Guillaume Quintard <span dir="ltr"><<a href="mailto:guillaume@varnish-software.com" target="_blank">guillaume@varnish-software.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>What do you mean by "work"? What's the expected result, and what is the actual result?</div></div><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature"><div dir="ltr"><div>-- <br></div>Guillaume Quintard<br></div></div></div>
<br><div class="gmail_quote"><div><div class="h5">On Wed, Jun 29, 2016 at 8:17 AM, Andrei <span dir="ltr"><<a href="mailto:lagged@gmail.com" target="_blank">lagged@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr">Hello,<div><br></div><div>I'm currently working on forcing cached results using vsthrottle vs dropping requests, but for some reason (I probably did it wrong :) I can't get var.get/var.set_duration to work. The vcl_recv snippet is as follows, any input is greatly appreciated:</div><div><br></div><div><div>sub vcl_recv {</div><div> if (vsthrottle.is_denied(req.http.Host, 500, 5s) || (var.get("block-" + req.http.Host))) {<br></div><div> # The vsthrottle rate limit definitely triggers - confirmed later with "Attack" header</div><div> unset req.http.Cookie;</div><div> unset req.http.User-Agent;</div><div> unset req.http.Pragma;</div><div> unset req.http.Cache-Control;</div><div> set req.http.Attack = "ByHost: " + req.http.Host;</div><div> set req.ttl = 15m;</div><div> var.set_duration("block-" + req.http.Host,15m);</div><div> return (hash);</div><div> }</div><div>[..]<br></div><div>}</div></div></div>
<br></div></div>_______________________________________________<br>
varnish-misc mailing list<br>
<a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.org</a><br>
<a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" rel="noreferrer" target="_blank">https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc</a><br></blockquote></div><br></div>
</blockquote></div><br></div>