From viktor.villafuerte at optusnet.com.au Mon Dec 2 04:51:55 2013 From: viktor.villafuerte at optusnet.com.au (Viktor Villafuerte) Date: Mon, 2 Dec 2013 15:51:55 +1100 Subject: Hash and how it works Message-ID: <20131202045155.GC4855@optusnet.com.au> Hi all, I'd like to ask about 'director hash'. Hash should ensure that the same request will go to the same backend server (please, correct me if I'm saying smth that's not right). In a situation where I have 3 Varnish servers, each of them with the same backends in 'hash', will the same URL request go to the same backend no matter which Varnish server processes the request? Or will each of them decide about its own 'variation' of hash and subsequently request the same URL from different backend, depending on which Varnish server processes the request? Eg in Nginx the carp plugin groups and makes the servers aware of which server hold which content in the cache. That's what I'm trying to get to :) -- Regards Viktor Villafuerte Optus Internet Engineering t: 02 808-25265 From alex at babyonline.com.sg Mon Dec 2 05:38:42 2013 From: alex at babyonline.com.sg (Alex Soo) Date: Mon, 2 Dec 2013 13:38:42 +0800 Subject: Looking for expert / freelance help Message-ID: <1B19A034-4D0E-46DF-8311-691CD8A38F36@babyonline.com.sg> Hi, I am looking for help in optimizing our website using varnish. Current setup :- OS - OSX Web Server - Nginx Web site - Magento Varnish Any freelance interested or any body knows where can I go for expert help? Thanks Alex Soo Smart LittleOne (S) Pte Ltd 126 Joo Seng Road #01-09 Gold Pine Industrial Building Singapore 368355 Tel : 6415 0373 www.babyonline.com.sg From lkarsten at varnish-software.com Mon Dec 2 12:11:25 2013 From: lkarsten at varnish-software.com (Lasse Karstensen) Date: Mon, 2 Dec 2013 13:11:25 +0100 Subject: Streaming of requests with Range In-Reply-To: References: Message-ID: <20131202121125.GA27954@immer.varnish-software.com> On Wed, Nov 27, 2013 at 05:20:52PM +0000, Duarte Bacelar De Begonha De Meneses wrote: > I need to cache requests of chunks of files using the "Range" HTTP header. The problem is that in some cases the files are very large, and Varnish downloads the entire file from the backend before passing the requested part to the client. Mind that if the files are very big, or the client plays back the files in real time (sound/video), you might need to increase send_timeout a lot. [..] > After checking the change logs of the latest releases (up to 3.0.4), I suppose this branch hasn't been merged with the main branch. Is the 3.0.2s the latest release supporting streaming? Correct, the 3.0.2s is the latest release in that branch. Similar functionality is available in upcoming 4.0. There should be a tech preview of it out soonish, if you don't want to pull from git master. > Also, going a bit offtopic, I feel a bit confused about how Varnish processes HTTP cache-related headers, such has If-Modified-Since, Cache-control, etc. > For example, I saw that it respects the "If-Modified-Since" in a transparent way, and returns 304 if needed. What would be the best way to override this behavior and ignore the header? Would it be to simply unset the header in vcl_recv? Filter the conditional header in vcl_recv is the best way. -- With regards, Lasse Karstensen Varnish Software AS From simon.lennon at oncommerce.co.uk Wed Dec 4 11:52:04 2013 From: simon.lennon at oncommerce.co.uk (Simon Lennon, OnCommerce Ltd.) Date: Wed, 04 Dec 2013 11:52:04 +0000 Subject: Help with IP Detection when using SSL Message-ID: <529F1764.9040001@oncommerce.co.uk> Hi I have a very strange issue and the hosting company is telling me its not possible I am hoping you guys can help. I have a nginx / varnish which acts as a load balancer and cache sitting in front of my webservers. My web servers are standard apache web servers. I am having problems with detecting the genuine IP address of users connecting to the system. The $_SERVER["REMOTE_ADDR"] shows the IP address of the load balancer/cache and not of the user visiting the site. We have written a hack so that with HTTP traffic we send through an X-Forwarded-For header with the correct IP address, but I have been told this is not possible with SSL. Unfortunately due to strict security requirements we are not able to offload SSL onto the load balancer/cache it has to go to apache. Has anyone got any ideas on how we could detect the IP address, when using SSL? (I have also posted this on stackoverflow, feel free to reply to either, http://stackoverflow.com/questions/20349943/varnish-nginx-ssl-ip-detection-issue) many thanks, Simon -- *Simon Lennon* Technical Director OnCommerce Ltd. +44 (0) 1202 970 940 OnBay | Mr Snaps oncommerce *www.oncommerce.co.uk * Follow Us on Twitter Find Us On Facebook Find Us On Google+ onbuy *www.onbuy.co.uk * Follow Us on Twitter Find Us On Facebook Find Us On Google+ onrecycle *www.onrecycle.co.uk * Follow Us on Twitter Find Us On Facebook Find Us On Google+ OnBuy and OnRecycle are trading names of OnCommerce Ltd which is a registered company in England & Wales, Company Number: 08358927. Our trading address is: C/O Centerprise International, Hampshire International Business Park, Lime Tree Way, Basingstoke, Hampshire, RG24 8GQ. OnCommerce is a registered trademark no. 2540468. OnCommerce Ltd is a Centeprise International Group Company. This electronic message contains information from OnCommerce Ltd, which may be legally privileged and confidential. The information is intended to be for the use of the individual(s) or entity named above. If you are not the intended recipient, be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. If you have received this electronic message in error, please notify us by telephone (to the number above) or e-mail immediately. Any views, opinions or advice expressed in this electronic message are not necessarily the views, opinions or advice of OnCommerce Ltd. It is the responsibility of the recipient to ensure that any attachments are virus free and OnCommerce Ltd. bear no responsibility for any loss or damage arising in any way from the use thereof. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_senor_pinchy.png Type: image/png Size: 4332 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature2_12.jpg Type: image/jpeg Size: 1244 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_oncommerce_logo.png Type: image/png Size: 5758 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_twitter.png Type: image/png Size: 3575 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_facebook.png Type: image/png Size: 2802 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_google.png Type: image/png Size: 2856 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_onbuy.png Type: image/png Size: 5216 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_onrecycle_logo.png Type: image/png Size: 6416 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature2_13.jpg Type: image/jpeg Size: 1298 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_centerprise_logo.png Type: image/png Size: 9852 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: spacer.gif Type: image/gif Size: 13126 bytes Desc: not available URL: From r at roze.lv Wed Dec 4 13:47:32 2013 From: r at roze.lv (Reinis Rozitis) Date: Wed, 4 Dec 2013 15:47:32 +0200 Subject: Help with IP Detection when using SSL In-Reply-To: <529F1764.9040001@oncommerce.co.uk> References: <529F1764.9040001@oncommerce.co.uk> Message-ID: <3F42A595D3454A76B9801FEE60C5ED9F@NeiRoze> > Unfortunately due to strict security requirements we are not able to > offload SSL onto the load balancer/cache it has to go to apache. Can you clarify this? In this scenario you can't even use anything besides a tcp balancer since you can't simply put a plain http cache/proxy like nginx or varnish between as it needs to read (and alter) the http headers which would beat all the ssl/encryption purpose ("man in the middle"). Of course nginx can proxy also https traffic (like proxy_pass https://yoursite;) to backends but it would still need the SSL certificates for the https to function on client side. This is why usually the SSL offloading is done on the top level (in your case it would be nginx which then passes the X-Forwarded-For header to varnish which further passes it to apache and apache converts it to client ip). rr From james at ifixit.com Wed Dec 4 19:19:06 2013 From: james at ifixit.com (James Pearson) Date: Wed, 04 Dec 2013 11:19:06 -0800 Subject: Help with IP Detection when using SSL In-Reply-To: <529F1764.9040001@oncommerce.co.uk> References: <529F1764.9040001@oncommerce.co.uk> Message-ID: <1386184372-sup-4455@geror.local> Excerpts from Simon Lennon, OnCommerce Ltd.'s message of 2013-12-04 03:52:04 -0800: > many thanks, > Simon > -- > > *Simon Lennon* > Technical Director > > > > OnCommerce Ltd. > +44 (0) 1202 970 940 > > > > OnBay | Mr Snaps > > oncommerce > > *www.oncommerce.co.uk * > > Follow Us on Twitter Find Us On > Facebook Find Us On Google+ > > > > > onbuy > > *www.onbuy.co.uk * > > Follow Us on Twitter Find Us On Facebook > Find Us On Google+ > > > > > onrecycle > > *www.onrecycle.co.uk * > > Follow Us on Twitter Find Us On > Facebook Find Us On Google+ > > > > OnBuy and OnRecycle are trading names of OnCommerce Ltd which is a > registered company in England & Wales, Company Number: 08358927. Our > trading address is: C/O Centerprise International, Hampshire > International Business Park, Lime Tree Way, Basingstoke, Hampshire, RG24 > 8GQ. OnCommerce is a registered trademark no. 2540468. > > OnCommerce Ltd is a Centeprise International Group Company. > > This electronic message contains information from OnCommerce Ltd, which > may be legally privileged and confidential. The information is intended > to be for the use of the individual(s) or entity named above. If you are > not the intended recipient, be aware that any disclosure, copying, > distribution or use of the contents of this information is prohibited. > If you have received this electronic message in error, please notify us > by telephone (to the number above) or e-mail immediately. Any views, > opinions or advice expressed in this electronic message are not > necessarily the views, opinions or advice of OnCommerce Ltd. It is the > responsibility of the recipient to ensure that any attachments are virus > free and OnCommerce Ltd. bear no responsibility for any loss or damage > arising in any way from the use thereof. Can you please not use a signature that uses 11 images and spans 63 (!) lines when wrapped at 80 characters? It's pretty distracting, and we don't care about your social media presence anyways (and the disclaimer is moot, since you're sending to a public list). Thanks. - P From tfheen at varnish-software.com Thu Dec 5 12:15:12 2013 From: tfheen at varnish-software.com (Tollef Fog Heen) Date: Thu, 5 Dec 2013 13:15:12 +0100 Subject: Logging to file with varnishlog and applying filters In-Reply-To: References: Message-ID: <20131205121512.GA14561@err.no> ]] Andy Lightfoot > Whenever, I log the varnishlog data to file it appears to ignore any > filters I am applying and log the complete data (which is a huge > amount of data!). Correct, -w and -m together are not supported together in the current version. -- Tollef Fog Heen Technical lead | Varnish Software AS ??: +47 21 98 92 64 We Make Websites Fly! From aashisn at hotmail.com Fri Dec 6 12:46:36 2013 From: aashisn at hotmail.com (Ashish Nepal) Date: Fri, 6 Dec 2013 12:46:36 +0000 Subject: backend_connection failed In-Reply-To: <20131202121125.GA27954@immer.varnish-software.com> References: , <20131202121125.GA27954@immer.varnish-software.com> Message-ID: Hi can anyone suggeset why i get backend connection failed when N-Worker_thread goes anything above default of 100 worker_thread? While trying to create 491 thread in peak it was unable to connect to backend.whereas, backend servers were not in load or anything. As i understood, while thread max is 1000 * 2[pools], and varnish server load is below 1, theoritically it should be able to handle that many spikes, And i would not see why backend would fail here. Also, Due to demand of use, it is designed to cache 1s to 5s at most. n_worker_thread = 100 , all goodn_worker_thread = 491 , 8 backend_connection failure. varnishadm thread_pool_add_delay 2 [milliseconds]thread_pool_add_threshold 2 [requests]thread_pool_fail_delay 200 [milliseconds]thread_pool_max 1000 [threads]thread_pool_min 50 [threads]thread_pool_purge_delay 1000 [milliseconds]thread_pool_stack unlimited [bytes]thread_pool_timeout 120 [seconds]thread_pool_workspace 65536 [bytes]thread_pools 2 [pools]thread_stats_rate 10 [requests] varnishstat32+03:45:05Hitrate ratio: 2 2 2Hitrate avg: 0.9404 0.9404 0.9404 backend_conn 4516262 1.63 Backend conn. successbackend_unhealthy 0 0.00 Backend conn. not attemptedbackend_busy 0 0.00 Backend conn. too manybackend_fail 9562 0.00 Backend conn. failuresbackend_reuse 67350518 24.24 Backend conn. reusesbackend_toolate 361647 0.13 Backend conn. was closedbackend_recycle 67715544 24.38 Backend conn. recyclesbackend_retry 5133 0.00 Backend conn. retryn_backend 5 . N backendsbackend_req 71855086 25.87 Backend requests madeLCK.backend.creat 5 0.00 Created locksLCK.backend.destroy 0 0.00 Destroyed locksLCK.backend.locks 149007648 53.64 Lock OperationsLCK.backend.colls 0 0.00 Collisions RegardsTikejhya -------------- next part -------------- An HTML attachment was scrubbed... URL: From Andy.Lightfoot at ig.com Fri Dec 6 14:13:25 2013 From: Andy.Lightfoot at ig.com (Andy Lightfoot) Date: Fri, 6 Dec 2013 14:13:25 +0000 Subject: Logging to file with varnishlog and applying filters In-Reply-To: <20131205121512.GA14561@err.no> References: <20131205121512.GA14561@err.no> Message-ID: Thanks for the confirmation Tollef. Are you aware of any plans to support this kind of behaviour in Varnish 4? -----Original Message----- From: Tollef Fog Heen [mailto:tfheen at varnish-software.com] Sent: 05 December 2013 12:15 To: Andy Lightfoot Cc: varnish-misc at varnish-cache.org Subject: Re: Logging to file with varnishlog and applying filters ]] Andy Lightfoot > Whenever, I log the varnishlog data to file it appears to ignore any > filters I am applying and log the complete data (which is a huge > amount of data!). Correct, -w and -m together are not supported together in the current version. -- Tollef Fog Heen Technical lead | Varnish Software AS ??: +47 21 98 92 64 We Make Websites Fly! The information contained in this email is strictly confidential and for the use of the addressee only, unless otherwise indicated. If you are not the intended recipient, please do not read, copy, use or disclose to others this message or any attachment. Please also notify the sender by replying to this email or by telephone (+44(020 7896 0011) and then delete the email and any copies of it. Opinions, conclusion (etc) that do not relate to the official business of this company shall be understood as neither given nor endorsed by it. IG is a trading name of IG Markets Limited (a company registered in England and Wales, company number 04008957) and IG Index Limited (a company registered in England and Wales, company number 01190902). Registered address at Cannon Bridge House, 25 Dowgate Hill, London EC4R 2YA. Both IG Markets Limited (register number 195355) and IG Index Limited (register number 114059) are authorised and regulated by the Financial Conduct Authority. From infos at opendoc.net Fri Dec 6 15:12:13 2013 From: infos at opendoc.net (Alexandre) Date: Fri, 06 Dec 2013 16:12:13 +0100 Subject: Cache invalidation with regex In-Reply-To: <52989419.5000607@opendoc.net> References: <52977D97.4040104@opendoc.net> <529865EF.90309@uplex.de> <52988D56.2050101@streppone.it> <52989419.5000607@opendoc.net> Message-ID: <52A1E94D.9040705@opendoc.net> Hi, I found a solution using directly varnishadm. I wanted to invalidate an entire url : Exemple : --- /image.php?var1=1&var2=1&var3=1 /image.php?var1=1&var2=2&var3=2 /image.php?var1=1&var3=1&var3=3 --- With this command : --- varnishadm "ban.url var=1" --- I can invalidate the cache of 3 url. thx Cosimo. Alex. On 29/11/13 14:18, Alexandre wrote: > Thank you very much. This is exactly what I want. I'll try to test the > script in the day. > > Good day. > > Alex. > > On 29/11/13 13:49, Cosimo Streppone wrote: >> On 11/29/2013 11:01 AM, Geoff Simmons wrote: >>> >>> On 11/28/2013 06:29 PM, Alexandre wrote: >>>> >>>> I will wish to invalidate my cache using a regex. >>>> >>>> example: ^/image.php?a=1&b=2* >>>> >>>> I would like to disable all url starting with ^/image.php?a=1&b=2 >>>> >>>> Do you have an idea for my problem? >>> >>> The '*' in a regular expression is not like a file glob, it means that >>> the character before it, in your case the '2', can appear 0 or more >>> times. >>> >>> So your regex matches anything starting with: >>> >>> /image.php?a=1&b= >> >> I made a simple shell script wrapper to the varnish admin. >> It is available here: >> >> https://gist.github.com/cosimo/890217 >> >> If you run it with: >> >> $ ./purge-cache.sh -h >> >> it will show some usage instructions. >> In particular: >> >> $ ./purge-cache -r '^/image\.php\?a=1&b=2.*' >> >> should purge the URLs you asked for. >> >> It worked for me at least, and I added >> to my varnish puppet module, to always have it available >> alongside reload-vcl etc... >> > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc From etiennelg at gmail.com Wed Dec 11 22:34:14 2013 From: etiennelg at gmail.com (Etienne Levesque Guitard) Date: Wed, 11 Dec 2013 17:34:14 -0500 Subject: PID file not being created on Debian 7? Message-ID: I'm having this weird issue where Varnish's init script is not creating the PID file on Debian 7, which makes it impossible to stop the server via the service command. ~# service varnish stop [FAIL] Stopping HTTP accelerator: varnishd failed! Further inspection reveals the /var/run (symlink to /run) directory doesn't have the PID file in it when Varnish is running. The init.d script I have is untouched; it comes from this installation: https://www.varnish-cache.org/installation/debian If you don't have the init script on hand, here's the line which is supposed to create the PID file: start-stop-demon --start --quiet --pidfile ${PIDFILE} --exec ${DAEMON} -- -P ${PIDFILE} ${DAEMON_OPTS} > ${output} 2>&1; This extrapolates to: start-stop-demon --start --quiet --pidfile /var/run/varnishd.pid --exec /usr/sbin/varnishd -- -P /var/run/varnishd.pid /usr/sbin/varnishd > $(/bin/tempfile -s.varnish) 2>&1; Any help would be greatly appreciated. Etienne Levesque Guitard -------------- next part -------------- An HTML attachment was scrubbed... URL: From japrice at gmail.com Sun Dec 15 01:58:57 2013 From: japrice at gmail.com (Jason Price) Date: Sat, 14 Dec 2013 20:58:57 -0500 Subject: Implicit Declaration of function? Message-ID: warning: implicit declaration of function ?strptime? I'm trying to do some basic Date parsing in Varnish. But I get this warning on compile. Here's the relevant bits of VCL: C{ #include #include #include #include }C sub date_skew { C{ time_t t = time(NULL); time_t digestepoch; struct tm tm; char *digestdate = VRT_GetHdr(sp, HDR_REQ, "\021x-digestdate:"); if (!strptime(digestdate, "%a, %d %b %Y %H:%M:%S GMT", &tm)) { VRT_SetHdr(sp, HDR_REQ, "\010dateparsefail:", "1\0", vrt_magic_string_end); } else { digestepoch = mktime(&tm); if (abs(digestepoch - t) > 7200) { VRT_SetHdr(sp, HDR_REQ, "\010dateskewfail:", "1\0", vrt_magic_string_end); } } }C } Note: Later on, I'll call error if either of the two headers above are set. I've discovered that if I add: #define _XOPEN_SOURCE 500 to the first C{ }C block, it passes muster. Any clue why? (may not be varnish related). Varnish related: will that impact anything else inside varnish? --Jason From japrice at gmail.com Sun Dec 15 03:58:53 2013 From: japrice at gmail.com (Jason Price) Date: Sat, 14 Dec 2013 22:58:53 -0500 Subject: Implicit Declaration of function? In-Reply-To: References: Message-ID: (I answered my initial question, but I have another below) ... Well, I obviously did SOMETHING dumb in the above code: Dec 15 03:00:17 devvcache4x00 varnish_key[32132]: Child (32134) Panic message: Assert error in http_GetHdr(), cache_http.c line 266:#012 *Condition(l == strlen(hdr + 1)) not true.*#012thread = (cache-worker)#012ident = Linux,3.4.66-55.43.amzn1.x86_64,x86_64,-smalloc,-smalloc,-hcritbit,epoll#012Backtrace:#012 0x431095: /usr/sbin/varnishd() Found several of my problems (and hopefully will save others grief). If you're using VRT_GetHdr, the third parameter stars with \0 so my: char *digestdate = VRT_GetHdr(sp, HDR_REQ, "\015x-digestdate:"); has to start with \015 since 'x-digestdate' is 13 characters, and 13 in octal is 15. Questions: 1) Do I need to free any of my temp variables here? Or does varnish clean them up for me? (in my case t, digestepoch, digestdate, and tm) 2) seriously: WTF with _XOpenSource needing to be set to use strptime?? --Jason On Sat, Dec 14, 2013 at 8:58 PM, Jason Price wrote: > warning: implicit declaration of function ?strptime? > > I'm trying to do some basic Date parsing in Varnish. But I get this > warning on compile. > > Here's the relevant bits of VCL: > > C{ > #include > #include > #include > #include > }C > > sub date_skew { > C{ > time_t t = time(NULL); > time_t digestepoch; > struct tm tm; > char *digestdate = VRT_GetHdr(sp, HDR_REQ, > "\021x-digestdate:"); > if (!strptime(digestdate, "%a, %d %b %Y %H:%M:%S GMT", > &tm)) { > VRT_SetHdr(sp, HDR_REQ, "\010dateparsefail:", > "1\0", vrt_magic_string_end); > } else { > digestepoch = mktime(&tm); > if (abs(digestepoch - t) > 7200) { > VRT_SetHdr(sp, HDR_REQ, > "\010dateskewfail:", "1\0", vrt_magic_string_end); > } > } > }C > } > > Note: Later on, I'll call error if either of the two headers above are set. > > I've discovered that if I add: > > #define _XOPEN_SOURCE 500 > > to the first C{ }C block, it passes muster. Any clue why? (may not be > varnish related). > > Varnish related: will that impact anything else inside varnish? > > --Jason > -------------- next part -------------- An HTML attachment was scrubbed... URL: From phk at phk.freebsd.dk Sun Dec 15 09:45:08 2013 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Sun, 15 Dec 2013 09:45:08 +0000 Subject: Implicit Declaration of function? In-Reply-To: References: Message-ID: <60555.1387100708@critter.freebsd.dk> In message , Jason Price writes: >warning: implicit declaration of function 'strptime' > >I'm trying to do some basic Date parsing in Varnish. But I get this >warning on compile. > >Here's the relevant bits of VCL: > >C{ >#include >#include >#include >#include >}C >I've discovered that if I add: > >#define _XOPEN_SOURCE 500 > >to the first C{ }C block, it passes muster. Any clue why? (may not be >varnish related). No idea, this is related to/caused by the include files on your operating system possibly in connection with the exact commandline Varnish uses to compile the code. (The latter you can see in the parameter "cc_command") >Varnish related: will that impact anything else inside varnish? I doubt it, usually that kind of standards-compliance #defines only affect what is shown in the #includes, it doesn't change important things like struct layouts etc. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From phk at phk.freebsd.dk Sun Dec 15 09:48:14 2013 From: phk at phk.freebsd.dk (Poul-Henning Kamp) Date: Sun, 15 Dec 2013 09:48:14 +0000 Subject: Implicit Declaration of function? In-Reply-To: References: Message-ID: <60584.1387100894@critter.freebsd.dk> In message , Jason Price writes: >1) Do I need to free any of my temp variables here? Or does varnish clean >them up for me? (in my case t, digestepoch, digestdate, and tm) Only if you allocate the memory from malloc() or similar. As far as I can see, all your variables are local to your function so they live on the stack so they are automatically destroyed. >2) seriously: WTF with _XOpenSource needing to be set to use strptime?? Ask whoever writes your OS. -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk at FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. From japrice at gmail.com Sun Dec 15 21:54:08 2013 From: japrice at gmail.com (Jason Price) Date: Sun, 15 Dec 2013 16:54:08 -0500 Subject: Implicit Declaration of function? In-Reply-To: <60584.1387100894@critter.freebsd.dk> References: <60584.1387100894@critter.freebsd.dk> Message-ID: (On my phone... Forgive my top-replying... And the accidental private reply) Thank you. One final question: do I need to be concerned with the 'char *' declaration for the VRT_GetHdr call? Would it be better to do a 'char buf[40]' or similar? On Dec 15, 2013 4:48 AM, "Poul-Henning Kamp" wrote: > In message RuNeyeBw5rbeXYszA4w at mail.gmail.com> > , Jason Price writes: > > >1) Do I need to free any of my temp variables here? Or does varnish clean > >them up for me? (in my case t, digestepoch, digestdate, and tm) > > Only if you allocate the memory from malloc() or similar. > > As far as I can see, all your variables are local to your function > so they live on the stack so they are automatically destroyed. > > >2) seriously: WTF with _XOpenSource needing to be set to use strptime?? > > Ask whoever writes your OS. > > -- > Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 > phk at FreeBSD.ORG | TCP/IP since RFC 956 > FreeBSD committer | BSD since 4.3-tahoe > Never attribute to malice what can adequately be explained by incompetence. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at babyonline.com.sg Mon Dec 16 02:55:30 2013 From: alex at babyonline.com.sg (Alex Soo) Date: Mon, 16 Dec 2013 10:55:30 +0800 Subject: req.url ~ in ban list Message-ID: Hi, In the ban list we find req.url ~ and when that happen ban lurker will stop deleting item from ban list. Is there a way to find where did (req.url ~) come from? Or anywhere to trace? Or if there is some setting in VCL that we can block? Thanks Alex Soo Smart LittleOne (S) Pte Ltd 126 Joo Seng Road #01-09 Gold Pine Industrial Building Singapore 368355 Tel : 6415 0373 www.babyonline.com.sg From falk.wachsmuth at kupper-computer.com Wed Dec 18 10:52:59 2013 From: falk.wachsmuth at kupper-computer.com (Wachsmuth, Falk) Date: Wed, 18 Dec 2013 10:52:59 +0000 Subject: ban with regex via curl In-Reply-To: <2F19C2F4E6DF434497B1373D67FFD1564286042C@KMail1.kupper-computer.local> References: <2F19C2F4E6DF434497B1373D67FFD1564286042C@KMail1.kupper-computer.local> Message-ID: <2F19C2F4E6DF434497B1373D67FFD15642860453@KMail1.kupper-computer.local> Hello list, I try to implement banning via HTTP with the template from the docu: sub vcl_fetch { set beresp.http.x-url = req.url; } sub vcl_deliver { unset resp.http.x-url; # Optional } sub vcl_recv { if (req.request == "PURGE") { if (client.ip !~ purge) { error 401 "Not allowed"; } ban("obj.http.x-url ~ " + req.url); # Assumes req.url is a regex. This might be a bit too simple } } How can I use regex in an curl - request with Varnish 3.0.5? Thanks Falk From falk.wachsmuth at kupper-computer.com Thu Dec 19 12:04:17 2013 From: falk.wachsmuth at kupper-computer.com (Wachsmuth, Falk) Date: Thu, 19 Dec 2013 12:04:17 +0000 Subject: ban with regex via curl In-Reply-To: <2F19C2F4E6DF434497B1373D67FFD15642860453@KMail1.kupper-computer.local> References: <2F19C2F4E6DF434497B1373D67FFD1564286042C@KMail1.kupper-computer.local> <2F19C2F4E6DF434497B1373D67FFD15642860453@KMail1.kupper-computer.local> Message-ID: <2F19C2F4E6DF434497B1373D67FFD156428605B6@KMail1.kupper-computer.local> I've solved this ... my Problem was the not correctly handled HTTP-Header "BAN" in my vcl_recv section ... I thought my mistake was the curl request. From tousif1988 at gmail.com Wed Dec 25 18:09:33 2013 From: tousif1988 at gmail.com (tousif baig) Date: Wed, 25 Dec 2013 23:39:33 +0530 Subject: Looking for expert / freelance help In-Reply-To: <1B19A034-4D0E-46DF-8311-691CD8A38F36@babyonline.com.sg> References: <1B19A034-4D0E-46DF-8311-691CD8A38F36@babyonline.com.sg> Message-ID: Hey, If you are still looking for help, lemme know. On Mon, Dec 2, 2013 at 11:08 AM, Alex Soo wrote: > Hi, > > I am looking for help in optimizing our website using varnish. > > Current setup :- > OS - OSX > Web Server - Nginx > Web site - Magento > Varnish > > Any freelance interested or any body knows where can I go for expert help? > > Thanks > Alex Soo > > Smart LittleOne (S) Pte Ltd > 126 Joo Seng Road > #01-09 Gold Pine Industrial Building > Singapore 368355 > > Tel : 6415 0373 > > www.babyonline.com.sg > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From luky-37 at hotmail.com Mon Dec 30 23:29:56 2013 From: luky-37 at hotmail.com (Lukas Tribus) Date: Tue, 31 Dec 2013 00:29:56 +0100 Subject: Help with IP Detection when using SSL In-Reply-To: <529F1764.9040001@oncommerce.co.uk> References: <529F1764.9040001@oncommerce.co.uk> Message-ID: Hi, > I am having problems with detecting the genuine IP address of users > connecting to the system. The $_SERVER["REMOTE_ADDR"] shows the IP > address of the load balancer/cache and not of the user visiting the > site. Your description suggests that varnish doesn't see the actual content, because its only relaying encrypted traffic towards your backends, but that doesn't make any sense. I suspect that your design is different, please elaborate. > I have a nginx / varnish which acts as a load balancer and cache What does "I have a nginx / varnish" mean? Either one or the other, if they are both in use, please explain what *the individual instance does*. Is nginx acting as load balancer, with varnish between your apache backend and the nginx frontend acting as cache? > Unfortunately due to strict security requirements we are not able to > offload SSL onto the load balancer/cache it has to go to apache. So you don't need varnish at all, given that SSL is terminated on your final backend and varnish can not magically cache the encrypted payload. > Has anyone got any ideas on how we could detect the IP address, when > using SSL? I don't understand your configuration, but usually this kind of problem can be workaround'ed: a) using a frontent proxy in transparent mode as your default gateway ?? (haproxy can do this) b) using a proprietary protocol, like HAProxy's PROXY protocol. Patch ?? is available for varnish [1], nginx [2]; Amazon ELB supports it ?? already [3]. The former is complicated and messy. The latter requires software support. Regards, Lukas [1] http://comments.gmane.org/gmane.comp.web.haproxy/14599 [2] http://trac.nginx.org/nginx/ticket/355 [3] http://aws.typepad.com/aws/2013/07/elastic-load-balancing-adds-support-for-proxy-protocol.html -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_senor_pinchy.png Type: image/png Size: 4332 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature2_12.jpg Type: image/jpeg Size: 1244 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_oncommerce_logo.png Type: image/png Size: 5758 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_twitter.png Type: image/png Size: 3575 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_facebook.png Type: image/png Size: 2802 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_footer_google.png Type: image/png Size: 2856 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_onbuy.png Type: image/png Size: 5216 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_onrecycle_logo.png Type: image/png Size: 6416 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature2_13.jpg Type: image/jpeg Size: 1298 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: onbay_email_centerprise_logo.png Type: image/png Size: 9852 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: spacer.gif Type: image/gif Size: 13126 bytes Desc: not available URL: