From bernhardredl at gmail.com Sun Jul 12 18:08:35 2009 From: bernhardredl at gmail.com (bernhardredl at gmail.com) Date: Sun, 12 Jul 2009 20:08:35 +0200 (CEST) Subject: slowloris http dos Message-ID: hi you may have heard about the slowloris http dos. it is an prove of concept very very low bandwidth dos. with this tool an attacker with an 1MBit upload connection can completely interrupt service on an state of the art webserver running apache. according to the project's website http://ha.ckers.org/slowloris/ apache and squid are affected. nginx and iis6,7 are not. i recently testet varnish 2.0.4 and it is affected too. perl slowloris.pl -dns 192.168.178.67 -port 81 -timeout 1 -num 1000 -tcpto 5 this line resulted in a total Denial of Service. Altought the underlying apache 192.168.178.67:80 was fully operate able during the attack varnishstat shows a lot this: 2544 0.00 2.67 N overflowed work requests 20533 478.00 21.52 N dropped work requests cpu & ram & bandwidth utilization : none is there a possibility to fix this? or at least to get a bugreport. Because i think a varnish cluster will be affected too. yours -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 270 bytes Desc: OpenPGP digital signature URL: From n.leutner at all2e.com Thu Jul 16 19:40:32 2009 From: n.leutner at all2e.com (Norman Leutner) Date: Thu, 16 Jul 2009 21:40:32 +0200 Subject: munin plugin Message-ID: <242AED17A878084BAA524EBD35F3CEFF1A9CE436@winxbede03.exchange.xchg> Hi, I'm new to this mailing list. As a German partner of eZ Systems AS we're using varnish in combination with eZ Publish with great success. Currently I'm trying to get munin running with the plugin from the trunk http://varnish.projects.linpro.no/browser/trunk/varnish-tools/munin Now I stuck cause the munin-node doesn't deliver data... Trying manually using munin-run I'm getting the expected results. # munin-run varnish_hit_rate client_req.value 30714 cache_miss.value 9349 cache_hitpass.value 97 cache_hit.value 20207 Using the munin telnet interface I get no data... # telnet localhost 4949 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. # munin node at xxxx.com fetch varnish_hit_rate . Any hints ? Thanks in advance Norman Leutner all2e GmbH Enterprise Content Management http://www.all2e.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From des at des.no Fri Jul 17 10:59:19 2009 From: des at des.no (=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?=) Date: Fri, 17 Jul 2009 12:59:19 +0200 Subject: munin plugin In-Reply-To: <242AED17A878084BAA524EBD35F3CEFF1A9CE436@winxbede03.exchange.xchg> (Norman Leutner's message of "Thu, 16 Jul 2009 21:40:32 +0200") References: <242AED17A878084BAA524EBD35F3CEFF1A9CE436@winxbede03.exchange.xchg> Message-ID: <86eisfh8xk.fsf@ds4.des.no> Norman Leutner writes: > Now I stuck cause the munin-node doesn?t deliver data? > > Trying manually using munin-run I?m getting the expected results. > > # munin-run varnish_hit_rate > client_req.value 30714 > cache_miss.value 9349 > cache_hitpass.value 97 > cache_hit.value 20207 > > Using the munin telnet interface I get no data? > > # telnet localhost 4949 > Trying 127.0.0.1... > Connected to localhost.localdomain. > Escape character is '^]'. > # munin node at xxxx.com > fetch varnish_hit_rate > . > > Any hints ? Adding new plugins to Munin is a nightmare - you need to have all the correct symlinks in all the correct places, then sacrifice a black goat under the full moon. Check the Munin docs and / or ask the Munin devs. DES -- Dag-Erling Sm?rgrav - des at des.no From n.leutner at all2e.com Fri Jul 17 11:35:10 2009 From: n.leutner at all2e.com (Norman Leutner) Date: Fri, 17 Jul 2009 13:35:10 +0200 Subject: New purging mechanism within Varnish Message-ID: <242AED17A878084BAA524EBD35F3CEFF1A9CE4CD@winxbede03.exchange.xchg> I spoke to Jan William and Per Andreas at the eZ Conference in Paris. They mentioned that there will be a new purging mechanism based on Object ID's within the header information within Varnish in one of the further versions. I would like implement this with the eZ Publish CMS due to we have some serious problems with purging. Could someone tell me a bit more about that? Best regards Norman Leutner all2e GmbH Enterprise Content Management http://www.all2e.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From kristian at redpill-linpro.com Fri Jul 17 12:52:13 2009 From: kristian at redpill-linpro.com (Kristian Lyngstol) Date: Fri, 17 Jul 2009 14:52:13 +0200 Subject: New purging mechanism within Varnish In-Reply-To: <242AED17A878084BAA524EBD35F3CEFF1A9CE4CD@winxbede03.exchange.xchg> References: <242AED17A878084BAA524EBD35F3CEFF1A9CE4CD@winxbede03.exchange.xchg> Message-ID: <20090717125213.GC27748@kjeks.linpro.no> On Fri, Jul 17, 2009 at 01:35:10PM +0200, Norman Leutner wrote: > I spoke to Jan William and Per Andreas at the eZ Conference in Paris. > > They mentioned that there will be a new purging mechanism based on Object ID's within the header information > within Varnish in one of the further versions. Since Varnish 2.0.3 the 'purge' keyword can be used (both in VCL and cli), which allows fairly dynamic purging, including purging based on header-content. Example: sub vcl_recv { if (foo) { purge("req.http.bar" == req.http.foo); } } (Could be some typos with regards to the "", I haven't used this enough to get it under my skin quite yet). This would purge content where the Bar-header has the same content as the Foo header of the request that caused the purge. Hopefully, this should get you started. It can be used for virtually any variable that's accessible from VCL. -- Kristian Lyngst?l Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 835 bytes Desc: not available URL: From pbruna at it-linux.cl Mon Jul 20 15:14:02 2009 From: pbruna at it-linux.cl (Patricio A. Bruna) Date: Mon, 20 Jul 2009 11:14:02 -0400 (CLT) Subject: Varnish Monitoring Pluging for Hyperic In-Reply-To: <21633897.34691248102463939.JavaMail.root@lisa.itlinux.cl> Message-ID: <12088984.34741248102842438.JavaMail.root@lisa.itlinux.cl> For those who dont know about Hyperic (www.hyperic.com), is a great Monitoring Suite. We just finished the deployment of Varnish on one important Customer and to follow the performance of this machines we developed, is really simple, a plugin for Hyperic. If you want to test it, visit: http://support.hyperic.com/display/hypcomm/Varnish Bye ------------------------------------ Patricio Bruna V. IT Linux Ltda. http://www.it-linux.cl Fono : (+56-2) 333 0578 IT Linux en Facebook -------------- next part -------------- An HTML attachment was scrubbed... URL: From n.leutner at all2e.com Thu Jul 30 15:49:24 2009 From: n.leutner at all2e.com (Norman Leutner) Date: Thu, 30 Jul 2009 17:49:24 +0200 Subject: AW: New purging mechanism within Varnish In-Reply-To: <20090717125213.GC27748@kjeks.linpro.no> References: <242AED17A878084BAA524EBD35F3CEFF1A9CE4CD@winxbede03.exchange.xchg> <20090717125213.GC27748@kjeks.linpro.no> Message-ID: <242AED17A878084BAA524EBD35F3CEFF1AAC7FB4@winxbede03.exchange.xchg> Thanks for the hint Kristian. The hardest task has been to implement this within eZ Publish ;) We're currently doing some test, but this seems to works fine for our eZ Publish cachemanager extension. Best regards Norman Leutner all2e GmbH Enterprise Content Management http://www.all2e.com -----Urspr?ngliche Nachricht----- Von: Kristian Lyngstol [mailto:kristian at redpill-linpro.com] Gesendet: Freitag, 17. Juli 2009 14:52 An: Norman Leutner Cc: varnish-dev at projects.linpro.no Betreff: Re: New purging mechanism within Varnish On Fri, Jul 17, 2009 at 01:35:10PM +0200, Norman Leutner wrote: > I spoke to Jan William and Per Andreas at the eZ Conference in Paris. > > They mentioned that there will be a new purging mechanism based on > Object ID's within the header information within Varnish in one of the further versions. Since Varnish 2.0.3 the 'purge' keyword can be used (both in VCL and cli), which allows fairly dynamic purging, including purging based on header-content. Example: sub vcl_recv { if (foo) { purge("req.http.bar" == req.http.foo); } } (Could be some typos with regards to the "", I haven't used this enough to get it under my skin quite yet). This would purge content where the Bar-header has the same content as the Foo header of the request that caused the purge. Hopefully, this should get you started. It can be used for virtually any variable that's accessible from VCL. -- Kristian Lyngst?l Redpill Linpro AS Tlf: +47 21544179 Mob: +47 99014497