From numard at gmail.com Sun Sep 1 11:39:22 2013 From: numard at gmail.com (Norberto Meijome) Date: Sun, 1 Sep 2013 21:39:22 +1000 Subject: Rewrite With Varnish In-Reply-To: <52225A74.5010308@felsing.net> References: <52225A74.5010308@felsing.net> Message-ID: Hi, varnish does not, AFAIK, support SSL , so reading fields from a cert seems to me as not doable. On 01/09/2013 7:52 AM, "Christian Felsing" wrote: > Hello, > > is there a rewrite method in Varnish which has same effect like following > rule in Apache 2.4? > > RewriteRule ^/(.*)$ > http://plone:8080/VirtualHostBase/https/plone.example.net:443/cms/VirtualHostRoot/$1 > [L,P,E=remoteUser:%{LA-U:SSL_CLIENT_S_DN_CN}] > > This rule reads CN from a client certificate and set remoteUser to CN. > > best regards > Christian > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jonathan.huot at thomsonreuters.com Mon Sep 2 16:03:16 2013 From: jonathan.huot at thomsonreuters.com (jonathan.huot at thomsonreuters.com) Date: Mon, 2 Sep 2013 16:03:16 +0000 Subject: Varnish round-robin loadbalancing with Virtualhost (Namebased) In-Reply-To: References:

<5D103CE839D50E4CBC62C9FD7B83287C274738FF@EXCN013.encara.local.ads> Message-ID: <8E656B642592B942AE317E2AFAE0ABA14B1DCDD8@UK2P-ERFMMBX10.ERF.thomson.com> It's maybe possible to do it in VMOD, if you're not scared by developing in C. You need to recreate the round-robin behavior by implementing yourself this feature.. and then let the VMOD selecting the right backend for you. Jonathan Huot Phone: +33(0)1.47.62.78.65 From: varnish-misc-bounces+jonathan.huot=thomsonreuters.com at varnish-cache.org [mailto:varnish-misc-bounces+jonathan.huot=thomsonreuters.com at varnish-cache.org] On Behalf Of Tharanga Abeyseela Sent: Friday, 30 August 2013 02:56 PM To: MAGNIEN, Thierry Cc: Varnish misc Subject: Re: Varnish round-robin loadbalancing with Virtualhost (Namebased) That is my requirement !!!. i'm using the same IP address for both hosts, and need to do the load-balancing between two servers. thats what i wanted to know, Actually i'm playing with different varnish configs :) on my virtual box., thought to give this config a try....but that didnt work. it is working perfectly with different IP's, or IP based Vhosts. Thanks Thierry for the response. cheers, Tharanga On Fri, Aug 30, 2013 at 10:46 PM, MAGNIEN, Thierry > wrote: Hi, I think I understood the point : - you have 2 backends hosted under the same IP address : www.backend1.com and www.backend2.com - your varnish server gets requests (for example) for www.frontend.com - you want requests to be load-balanced between your 2 backends BUT this would need the bereq.host to be rewritten to either www.backend1.com or www.backend2.com - BUT you can't do this in your VCL because you don't know which backend will be selected. In fact, this would need the director to rewrite the host header once the real backend has been selected, which I don't think is possible. Anyway, I still wonder why the hell you need varnish for this, where a HAProxy would certainly do the trick ;-) Regards, Thierry De : varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] De la part de Per Buer Envoy? : vendredi 30 ao?t 2013 13:36 ? : Tharanga Abeyseela Cc : Varnish misc Objet : Re: Varnish round-robin loadbalancing with Virtualhost (Namebased) Hi Tharanga, You seem not to understand. Varnish will just pass the host header in the request to the backend you specify. Looking at the VCL you provided you put both the backends into one director. This is probably not what you want to do. Try removing the director. Name the directors xxx and yyy and have the VCL look like. sub vcl_recv { if (req.http.host ~ "xxx.com") { req.backend = xxx; } else if (.. } Also the next bit doesn't make sense: if (req.request) { return(pass); } } On Fri, Aug 30, 2013 at 10:42 AM, Tharanga Abeyseela > wrote: Hi, Actually i tried that link, still it is not working. it should work for a ip based virtual host, but namebased virtual host is not working. becuase main request coming to varnish/80 and varnish should redirect the traffic to the backend server based on my round-robin director. when you resolve dns for those two hosts (xxx.com and yyy.com) it reuturns the same IP. that is 192.168.0.100. But there should be a way to send the host-header to apache. Not sure how it works here. But when i use different server (192,168.0.200/ zzz.com) it works without any issue, it roundrobin the traffic. This is an issue with namebased virtualhost. varnish recevie the traffic (cluster.com is my varnish server), then it use it vcl to redirect based on my round-robin setting. but how it can send the traffic to the correct virtualhost. because it gets only the same IP address from the DNS. I managed to change the default behaviour by forcefully setting the host-header as follows to my other virtualhost(yyy..com) set.req.host="yyy.com" ; then all request went to yyy.com instead of xxx.com. but what i want is a round-robin fashio...to send traffic. first req to xxx.com/ 2nd req to yyy.com and so on.. I was trying to find some resourses on the net, stackoverflow etc..but no luck yet. Thanks again for your help Cheers, Tharanga On Fri, Aug 30, 2013 at 5:05 PM, Per Buer > wrote: Hi Tharanga, You seem to be a bit confused about how the directors and backends work in Varnish. Please read this: https://www.varnish-cache.org/docs/trunk/users-guide/vcl-backends.html#backends-and-virtual-hosts-in-varnish Note that the .host property of the backend has NOTHING to do with the virtual host. On Fri, Aug 30, 2013 at 2:02 AM, Tharanga Abeyseela > wrote: Hi Per, Thanks for the reply. Actually my set up looks like this. cluster.com - 192.168.0.200 (varnish/port 80) xxx.com - 192.168.0.100 (apache,namebased vhost/8080 - backendname - website) yyy.com - 192.168.0.100 (apache,namebased vhost/8080 -backendname - api) cluster.com is the varnish server and front-end connections coming to this and rewrite to other defined back-ends (round-robin based balancing) backend website { .host = "xxx.com"; .port = "8080"; } backend api { .host = "yyy.com"; .port = "8080"; } director clust round-robin { { .backend = api; } { .backend = website; } } sub vcl_recv { set req.backend = clust; if (req.request) { return(pass); } } when i hit the cluster.com , it is always going to xxx.com, but what i need to do is first request go to xxx.com second request yyy.com and so on...when i add another server (different host/different IP say 192.168.0.111/zzz.com, and a different backend) , it goes like this first request - xxx.com second request - xxxx.com third request - zzz.com but i can change the default behavior by setting up set req.host = yyy.com and then it will goes to first request - yyy.com second request - yyy.com third request - zzz.com this is something to do with the host-header forwarding to the correct back-end. how should i add that functionality to the vcl_recv ? appreciate your help on this, this is working perfectly with other servers (different servers, not with namebased vhosts) cheers, Tharanga On Thu, Aug 29, 2013 at 11:58 PM, Per Buer > wrote: Hi mate, On Thu, Aug 29, 2013 at 3:17 PM, Tharanga Abeyseela > wrote: (..) But how should i send host-headers to varnish to redirect to the correct server, This is always going to xxx.com. You don't. :-) You need to dispatch the request to the right backend in vcl_recv and have the backend handle that host. You could start rewriting the host in vcl_recv, but I would advise against it. So, if you have two vhosts handled by "website" you just set that as the backend in vcl_recv. -- Per Buer CTO | Varnish Software AS Phone: +47 958 39 117 | Skype: per.buer We Make Websites Fly! Winner of the Red Herring Top 100 Europe Award 2013 -- Per Buer CTO | Varnish Software AS Phone: +47 958 39 117 | Skype: per.buer We Make Websites Fly! Winner of the Red Herring Top 100 Europe Award 2013 -- Per Buer CTO | Varnish Software AS Phone: +47 958 39 117 | Skype: per.buer We Make Websites Fly! Winner of the Red Herring Top 100 Europe Award 2013 This email was sent to you by Thomson Reuters, the global news and information company. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Thomson Reuters. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rob at bigfish.co.uk Mon Sep 2 18:27:49 2013 From: rob at bigfish.co.uk (Rob Miller) Date: Mon, 02 Sep 2013 19:27:49 +0100 Subject: varnisher, a purging tool Message-ID: <0E15878C-DCC3-43EE-9251-5EB5A1622F80@bigfish.co.uk> Hi guys, A couple of years back I posted a link here to a rough-and-ready Ruby script for purging pages and resources within pages without having to dip into varnishadm, and it seemed to be fairly well-received. Well, I spent some time recently cleaning it up, fixing a few bugs, and adding a few features, and would appreciate some feedback and real-world testing before I go all 1.0 with it. It came about because we'd always make changes to an individual page on a website that included changes to stylesheets and images within that page, and would end up with either overly aggressive bans (banning the whole domain, for example) or inconsistently cached content (where a page was purged but, say, the stylesheet on it wasn't, so content appeared weird). With it you can: * Purge a single URL * Purge an HTML page along with all of the resources on that page (e.g. JS files, CSS files, images) * Purge an entire domain, and optionally reindex it afterwards * Spider a domain to keep your cache warm Installation instructions and source code are here (its only requirement is Ruby 1.9.3 or above): https://github.com/robmiller/varnisher Naturally it relies on you having some appropriate VCL in your config and that your IP is in your ACL, if you have one. Anyway, I hope that firstly it works and that secondly it's useful to someone else; it's been useful to us in the past couple of years! I'd also appreciate any feedback on what's changed in the last two years of Varnish that could make what it does simpler/better ??especially on when it comes to the recommended VCL. (It's probably best to post bug reports etc. as issues on GitHub, rather than to the list; I wouldn't want to contribute to noisy inboxes for people.) Kind regards, Rob -- Rob Miller Head of Digital big fish? 11 Chelsea Wharf 15 Lots Road London SW10 0QJ Office number: +44 (0)20 7795 0075 www.bigfish.co.uk -------------- next part -------------- An HTML attachment was scrubbed... URL: From jennings at internetseer.com Tue Sep 3 16:10:02 2013 From: jennings at internetseer.com (Jeff Jennings) Date: Tue, 3 Sep 2013 12:10:02 -0400 Subject: installed on centos 5.9 and got this error... Message-ID: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> Should I compile instead of installing from rpm? Sep 3 16:05:48 mysite varnishd[29000]: Platform: Linux,2.6.18-348.12.1.el5,x86_64,-smalloc,-smalloc,-hcritbit Sep 3 16:05:48 mysite varnishd[29000]: Child start failed: could not open sockets ??? Thanks Jeff -------------- next part -------------- An HTML attachment was scrubbed... URL: From pprocacci at datapipe.com Tue Sep 3 16:52:55 2013 From: pprocacci at datapipe.com (Paul A. Procacci) Date: Tue, 3 Sep 2013 11:52:55 -0500 Subject: installed on centos 5.9 and got this error... In-Reply-To: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> References: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> Message-ID: <20130903165255.GP58277@nat.myhome> On Tue, Sep 03, 2013 at 12:10:02PM -0400, Jeff Jennings wrote: > Should I compile instead of installing from rpm? > > > > Sep 3 16:05:48 mysite varnishd[29000]: Platform: > Linux,2.6.18-348.12.1.el5,x86_64,-smalloc,-smalloc,-hcritbit > > Sep 3 16:05:48 mysite varnishd[29000]: Child start failed: could not > open sockets > Can you strace the process and see what sockets it's referring to? ________________________________ This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. From zulkar at yandex.ru Tue Sep 3 17:24:08 2013 From: zulkar at yandex.ru (Alexandr Bubenchikov) Date: Tue, 03 Sep 2013 21:24:08 +0400 Subject: Saintmode troublelist - cannot add object Message-ID: <125081378229048@web4h.yandex.ru> Hi guys. First of all sorry for my poor english. I don't know what mailing list is the best for this question, I believe this is correct one :) I want to put backend to saintmode, depending on response body. I've created topic in varnish forum - https://www.varnish-cache.org/forum/topic/1182, there is my configuration std.syslog shows, that set beresp.saintmode being called, but varnish still consider server healthy and I can see requests to "sick" server. I've put some logs into cache_backend.c, in function vbe_Healthy if (sp->objcore == NULL) { VSL(SLT_Debug, 0, "========= objcore is null, returning 1"); return (1); } currently URL is not being added to blacklist because sp->objcore pointer is null (line 281 in 3.0.4 release) I can't see this line in trunk version (as I understood saint mode will be moved to vmods). I can't understand what objcore is, and why is it null. Is it something wrong in my varnish config, or backend response should have some required fields? I couldn't find any information in varnish documentation. Thanks, Alexander. From james at ifixit.com Tue Sep 3 20:13:02 2013 From: james at ifixit.com (James Pearson) Date: Tue, 03 Sep 2013 13:13:02 -0700 Subject: installed on centos 5.9 and got this error... In-Reply-To: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> References: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> Message-ID: <1378239086-sup-9579@geror.local> Excerpts from Jeff Jennings's message of 2013-09-03 09:10:02 -0700: > Should I compile instead of installing from rpm? > > Sep 3 16:05:48 mysite varnishd[29000]: Platform: > Linux,2.6.18-348.12.1.el5,x86_64,-smalloc,-smalloc,-hcritbit > > Sep 3 16:05:48 mysite varnishd[29000]: Child start failed: could not > open sockets You're running service(8) as root? You aren't having Varnish listen on a port something else is already listening on? - P From pprocacci at datapipe.com Tue Sep 3 23:12:19 2013 From: pprocacci at datapipe.com (Paul A. Procacci) Date: Tue, 3 Sep 2013 18:12:19 -0500 Subject: installed on centos 5.9 and got this error... In-Reply-To: <1378239086-sup-9579@geror.local> References: <1EB03B824DDD9C4D84B976527234AEFCF117A1@mymail.minddrivers.com> <1378239086-sup-9579@geror.local> Message-ID: <20130903231219.GD1183@nat.myhome> On Tue, Sep 03, 2013 at 01:13:02PM -0700, James Pearson wrote: > Excerpts from Jeff Jennings's message of 2013-09-03 09:10:02 -0700: > > Should I compile instead of installing from rpm? > > > > Sep 3 16:05:48 mysite varnishd[29000]: Platform: > > Linux,2.6.18-348.12.1.el5,x86_64,-smalloc,-smalloc,-hcritbit > > > > Sep 3 16:05:48 mysite varnishd[29000]: Child start failed: could not > > open sockets > > You're running service(8) as root? You aren't having Varnish listen on a port > something else is already listening on? > - P > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc Have been talking this this individual off list. It was in fact apache already being bound to port 80 that was preventing varnish from starting. ~Ciao ________________________________ This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. From Travis.Crowder at penton.com Fri Sep 6 14:30:06 2013 From: Travis.Crowder at penton.com (Crowder, Travis) Date: Fri, 6 Sep 2013 14:30:06 +0000 Subject: req.url value replacement issue Message-ID: I was working to replace a value in req.url in vcl_recv and I was having some issues getting a new value into req.url. I tried replacing it with nothing via set req.url = "" and I also tried using regsub. It turns out that if you try to set req.url to an empty value, nothing happens. I ended up having to use set req.url = "/"; Is this expected and documented behavior? -Travis -------------- next part -------------- An HTML attachment was scrubbed... URL: From pprocacci at datapipe.com Fri Sep 6 15:39:03 2013 From: pprocacci at datapipe.com (Paul A. Procacci) Date: Fri, 6 Sep 2013 10:39:03 -0500 Subject: req.url value replacement issue In-Reply-To: References: Message-ID: <20130906153903.GC62921@nat.myhome> Travis, You have to have a request. An empty request isn't a valid request. As for it being documented, it's documented in the rfc's but I'm not sure varnish documentation includes this at all. ~Paul On Fri, Sep 06, 2013 at 02:30:06PM +0000, Crowder, Travis wrote: > I was working to replace a value in req.url in vcl_recv and I was having some issues getting a new value into req.url. I tried replacing it with nothing via set req.url = "" and I also tried using regsub. It turns out that if you try to set req.url to an empty value, nothing happens. I ended up having to use set req.url = "/"; > > Is this expected and documented behavior? > > -Travis > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc ________________________________ This message may contain confidential or privileged information. If you are not the intended recipient, please advise us immediately and delete this message. See http://www.datapipe.com/legal/email_disclaimer/ for further information on confidentiality and the risks of non-secure electronic communication. If you cannot access these links, please notify us by reply message and we will send the contents to you. From yao.yang at autonavi.com Mon Sep 9 04:01:01 2013 From: yao.yang at autonavi.com (=?gb2312?B?0e7Sog==?=) Date: Mon, 9 Sep 2013 04:01:01 +0000 Subject: varnish reload error Message-ID: Hi? When I reload my conf file?the error reporting as follow: [error.png] The varnish version is 3.0.3, and I used tar package installed. Can anybody explain why this happened? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.gif Type: image/gif Size: 1089 bytes Desc: image001.gif URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 4080 bytes Desc: image002.png URL: From aashisn at hotmail.com Mon Sep 9 10:21:25 2013 From: aashisn at hotmail.com (Ashish Nepal) Date: Mon, 9 Sep 2013 10:21:25 +0000 Subject: varnishadm backend.list refs In-Reply-To: <8E656B642592B942AE317E2AFAE0ABA14B1DCDD8@UK2P-ERFMMBX10.ERF.thomson.com> References: , , , , , , <5D103CE839D50E4CBC62C9FD7B83287C274738FF@EXCN013.encara.local.ads>, , <8E656B642592B942AE317E2AFAE0ABA14B1DCDD8@UK2P-ERFMMBX10.ERF.thomson.com> Message-ID: What is Refs on varnishadm backend.list command? is this number of connection established? [root at varnishbox ~]# varnishadm backend.listBackend name Refs Admin Probeweb1(12.12.12.12,,80) 2 probe Healthy 5/5web2(12.12.12.12,,80) 2 probe Healthy 5/5web3(12.12.12.12,,80) 1 sick Healthy 5/5web4(12.12.12.12,,80) 3 probe Healthy 5/5sec_honey(127.0.1.2,,3) 1 probe Healthy (no probe) -------------- next part -------------- An HTML attachment was scrubbed... URL: From straightflush at gmail.com Mon Sep 9 12:43:26 2013 From: straightflush at gmail.com (AD) Date: Mon, 9 Sep 2013 08:43:26 -0400 Subject: ICP Emulation In-Reply-To: References:

Message-ID: did you ever sort this out ? On Fri, Aug 30, 2013 at 9:50 AM, AD wrote: > I think you need to set each varnish server as a backend, and then hash > the URL to a backend (that is a varnish server). If the backend matches > the current varnish server serving the request then you use the real > backend (origin). I am not sure the details of the setup, but Artur from > Fastly said they do something similar in their setup maybe one of the > Fastly guys or someone else can comment on how this is done ? > > Curious myself as to how to make this work > > > > > On Wed, Aug 21, 2013 at 12:07 PM, wrote: > >> An older blog post on the Varnish site says this: >> >> "... you can emulate ICP-like behaviour by writing VCL code to check your >> neighouring cache for the request that you are looking for. Setups like >> these have been discussed on varnish-miscseveral times and implementing it should be fairly simple." >> >> I must be searching the wrong terms, because I can't find any >> descriptions of this. >> >> It looks to me like the setup would be little more than setting the peer >> as a backend and then setting req.hash_ignore_busy on one of the servers to >> avoid race conditions, as described on the wiki. Is there anything I'm >> missing, or does someone have a reference on how to set this up? Any help >> is appreciated. >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From james at ifixit.com Mon Sep 9 17:48:31 2013 From: james at ifixit.com (James Pearson) Date: Mon, 09 Sep 2013 10:48:31 -0700 Subject: varnish reload error In-Reply-To: References: Message-ID: <1378748771-sup-4601@geror.local> Excerpts from ??'s message of 2013-09-08 21:01:01 -0700: > > Hi? > When I reload my conf file?the error reporting as follow: > > [error.png] In the future, can you please copy+paste the text of the error (or put it in a pastebin, if it's long) instead of attaching an image? That makes it easier to look at, as well as search for. > The varnish version is 3.0.3, and I used tar package installed. > Can anybody explain why this happened? My initial guess is that setuid() is failing because you're not starting Varnish as root. How are you starting Varnish? - P From bstillwell at photobucket.com Mon Sep 9 22:27:52 2013 From: bstillwell at photobucket.com (Bryan Stillwell) Date: Mon, 9 Sep 2013 16:27:52 -0600 Subject: High read IOPS with file backend (re-visited) Message-ID: Last month I reported an issue I was seeing where varnish was producing a lot more read IOPS than I was expecting: https://www.varnish-cache.org/lists/pipermail/varnish-misc/2013-August/023275.html There were big jumps in read IOPS around the time objects started expiring and also when the cache filled up, but they were pretty high before those jumps as well. I was wondering if anyone has an idea of what might be causing so many more reads compared to what nginx needs (for example nginx needed just 200 read IOPS with a full cache, but varnish needed 5,700 read IOPS to handle 337 requests/sec)? Thanks, Bryan From smwood4 at gmail.com Tue Sep 10 18:20:24 2013 From: smwood4 at gmail.com (Stephen Wood) Date: Tue, 10 Sep 2013 11:20:24 -0700 Subject: Force a backend health probe? Message-ID: Is it possible to force a backend-end health probe or force mark a backend as healthy? For example, you have a group of machines and their health probe is set to something like 60 seconds, which is preferable for every-day use. However, when starting the varnish machine for the first time I would like these backends to be marked healthy as quick as possible. Any ideas how this can be done without just changing the VCL for period of time? -- Stephen Wood www.heystephenwood.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi.boukelmoune at zenika.com Tue Sep 10 20:43:31 2013 From: dridi.boukelmoune at zenika.com (Dridi Boukelmoune) Date: Tue, 10 Sep 2013 22:43:31 +0200 Subject: Force a backend health probe? In-Reply-To: References: Message-ID: Hi, >From the man vcl: .window How many of the latest polls we examine to determine backend health. Defaults to 8. .threshold How many of the polls in .window must have succeeded for us to consider the backend healthy. Defaults to 3. .initial How many of the probes are considered good when Varnish starts. Defaults to the same amount as the threshold. On Tue, Sep 10, 2013 at 8:20 PM, Stephen Wood wrote: > Is it possible to force a backend-end health probe or force mark a backend > as healthy? > > For example, you have a group of machines and their health probe is set to > something like 60 seconds, which is preferable for every-day use. However, > when starting the varnish machine for the first time I would like these > backends to be marked healthy as quick as possible. > > Any ideas how this can be done without just changing the VCL for period of > time? What are the "threshold" and "initial" values of your probes ? > -- > Stephen Wood > www.heystephenwood.com > Dridi > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc From smwood4 at gmail.com Tue Sep 10 20:46:58 2013 From: smwood4 at gmail.com (Stephen Wood) Date: Tue, 10 Sep 2013 13:46:58 -0700 Subject: Force a backend health probe? In-Reply-To: References: Message-ID: Thanks for the breakdown. I think "initial" was the configuration change I was looking for. If I set this to 0 will the backends be assumed to be healthy until they hear back from their first health check? On Tue, Sep 10, 2013 at 1:43 PM, Dridi Boukelmoune < dridi.boukelmoune at zenika.com> wrote: > Hi, > > From the man vcl: > > .window > How many of the latest polls we examine to determine backend > health. Defaults to 8. > > .threshold > How many of the polls in .window must have succeeded for us to > consider the backend healthy. Defaults to 3. > > .initial > How many of the probes are considered good when Varnish starts. > Defaults to the same amount as the threshold. > > > On Tue, Sep 10, 2013 at 8:20 PM, Stephen Wood wrote: > > Is it possible to force a backend-end health probe or force mark a > backend > > as healthy? > > > > For example, you have a group of machines and their health probe is set > to > > something like 60 seconds, which is preferable for every-day use. > However, > > when starting the varnish machine for the first time I would like these > > backends to be marked healthy as quick as possible. > > > > Any ideas how this can be done without just changing the VCL for period > of > > time? > > What are the "threshold" and "initial" values of your probes ? > > > -- > > Stephen Wood > > www.heystephenwood.com > > > > Dridi > > > _______________________________________________ > > varnish-misc mailing list > > varnish-misc at varnish-cache.org > > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- Stephen Wood www.heystephenwood.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi.boukelmoune at zenika.com Tue Sep 10 20:57:31 2013 From: dridi.boukelmoune at zenika.com (Dridi Boukelmoune) Date: Tue, 10 Sep 2013 22:57:31 +0200 Subject: Force a backend health probe? In-Reply-To: References: Message-ID: On Tue, Sep 10, 2013 at 10:46 PM, Stephen Wood wrote: > Thanks for the breakdown. I think "initial" was the configuration change I > was looking for. If I set this to 0 will the backends be assumed to be > healthy until they hear back from their first health check? I don't know, but from the man I understand that a probe should by default start as healthy. Btw I'm assuming varnish 3.0.4. What I'd do is simply test the probes with a terminal running something like "watch -n1 varnishadm debug.health" (I don't know the syntax by heart) and watch how it behaves at startup. Dridi > On Tue, Sep 10, 2013 at 1:43 PM, Dridi Boukelmoune > wrote: >> >> Hi, >> >> From the man vcl: >> >> .window >> How many of the latest polls we examine to determine backend >> health. Defaults to 8. >> >> .threshold >> How many of the polls in .window must have succeeded for us to >> consider the backend healthy. Defaults to 3. >> >> .initial >> How many of the probes are considered good when Varnish starts. >> Defaults to the same amount as the threshold. >> >> >> On Tue, Sep 10, 2013 at 8:20 PM, Stephen Wood wrote: >> > Is it possible to force a backend-end health probe or force mark a >> > backend >> > as healthy? >> > >> > For example, you have a group of machines and their health probe is set >> > to >> > something like 60 seconds, which is preferable for every-day use. >> > However, >> > when starting the varnish machine for the first time I would like these >> > backends to be marked healthy as quick as possible. >> > >> > Any ideas how this can be done without just changing the VCL for period >> > of >> > time? >> >> What are the "threshold" and "initial" values of your probes ? >> >> > -- >> > Stephen Wood >> > www.heystephenwood.com >> > >> >> Dridi >> >> > _______________________________________________ >> > varnish-misc mailing list >> > varnish-misc at varnish-cache.org >> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > > > -- > Stephen Wood > www.heystephenwood.com From iphrankie at gmail.com Thu Sep 12 19:12:14 2013 From: iphrankie at gmail.com (iPhrankie) Date: Thu, 12 Sep 2013 12:12:14 -0700 Subject: Bypass Cache for Particular Visitor IP Address Message-ID: Hello Everyone, We're using Varnish 3.0.3 behind a load balancer. We would like to bypass the Varnish cache for a particular visitor IP address. After doing research, I found the following solution. We?re using the following in order for the acl to match the "http.x-forwarded-for" string. This code is working and within varnishlog I see ?6 VCL_acl c MATCH passem 7x.xxx.xxx.xxx?. However, even though it is matching the acl, the cache is still not being bypassed. I have a feeling it has to do with the ?sub vcl_recv? or the ?return (pass)?. I also tried using ?set req.hash_always_miss = true;? instead of ?return (pass)?, but this also didn?t work. I would really greatly appreciate the help getting this to work. Many thanks. C{ #include #include #include #include }C acl passem { "7x.xxx.xxx.xxx"; } sub vcl_recv { C{ struct sockaddr_storage *client_ip_ss = VRT_r_client_ip(sp); struct sockaddr_in *client_ip_si = (struct sockaddr_in *) client_ip_ss; struct in_addr *client_ip_ia = &(client_ip_si->sin_addr); char *xff_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:"); if (xff_ip != NULL) { inet_pton(AF_INET, xff_ip, client_ip_ia); } }C if (!(client.ip ~ passem)) { return (pass); } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From smwood4 at gmail.com Fri Sep 13 06:04:25 2013 From: smwood4 at gmail.com (Stephen Wood) Date: Thu, 12 Sep 2013 23:04:25 -0700 Subject: Bypass Cache for Particular Visitor IP Address In-Reply-To: References: Message-ID: How do the logs describe the request? Hit/Miss/Pass? How are you sure that the content is being served out of the cache? Also, you might want to consider using ipcastto set the client.ip from the x-forwarded-for headers. It's a lot cleaner than using the inline C. We use it to do what you're describing. On Thu, Sep 12, 2013 at 12:12 PM, iPhrankie wrote: > Hello Everyone, > > We're using Varnish 3.0.3 behind a load balancer. We would like to bypass > the Varnish cache for a particular visitor IP address. > > After doing research, I found the following solution. We?re using the > following in order for the acl to match the "http.x-forwarded-for" string. > This code is working and within varnishlog I see ?6 VCL_acl c MATCH > passem 7x.xxx.xxx.xxx?. However, even though it is matching the acl, the > cache is still not being bypassed. > > I have a feeling it has to do with the ?sub vcl_recv? or the ?return > (pass)?. I also tried using ?set req.hash_always_miss = true;? instead of > ?return (pass)?, but this also didn?t work. > > I would really greatly appreciate the help getting this to work. Many > thanks. > > > C{ > > #include > > #include > > #include > > #include > > }C > > acl passem { "7x.xxx.xxx.xxx"; } > > sub vcl_recv { > > C{ > > struct sockaddr_storage *client_ip_ss = VRT_r_client_ip(sp); > > struct sockaddr_in *client_ip_si = (struct sockaddr_in *) > client_ip_ss; > > struct in_addr *client_ip_ia = &(client_ip_si->sin_addr); > > char *xff_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:"); > > > > if (xff_ip != NULL) { > > inet_pton(AF_INET, xff_ip, client_ip_ia); > > } > > }C > > if (!(client.ip ~ passem)) { > > return (pass); > > } > > } > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- Stephen Wood www.heystephenwood.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From thierry.magnien at sfr.com Fri Sep 13 07:06:12 2013 From: thierry.magnien at sfr.com (MAGNIEN, Thierry) Date: Fri, 13 Sep 2013 07:06:12 +0000 Subject: Bypass Cache for Particular Visitor IP Address In-Reply-To: References:

Message-ID: <5D103CE839D50E4CBC62C9FD7B83287C27486B26@EXCN015.encara.local.ads> Hi, If I'm not misreading?: if (!(client.ip ~ passem)) { return (pass); } means exactly the opposite of what you need : if NOT (client.ip matches passem) then PASS. Just remove the "!" and it should work ;-) Regards, Thierry De?: varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] De la part de Stephen Wood Envoy??: vendredi 13 septembre 2013 08:04 ??: iPhrankie Cc?: varnish-misc at varnish-cache.org Objet?: Re: Bypass Cache for Particular Visitor IP Address How do the logs describe the request? Hit/Miss/Pass? How are you sure that the content is being served out of the cache? Also, you might want to consider using?ipcast to set the client.ip from the x-forwarded-for headers. It's a lot cleaner than using the inline C. We use it to do what you're describing. On Thu, Sep 12, 2013 at 12:12 PM, iPhrankie wrote: Hello Everyone, We're using Varnish 3.0.3 behind a load balancer. We would like to bypass the Varnish cache for a particular visitor IP address. After doing research, I found the following solution. We're using the following in order for the acl to match the "http.x-forwarded-for" string. This code is working and within varnishlog I see "6 VCL_acl c MATCH passem 7x.xxx.xxx.xxx". However, even though it is matching the acl, the cache is still not being bypassed. I have a feeling it has to do with the "sub vcl_recv" or the "return (pass)". I also tried using "set req.hash_always_miss = true;" instead of "return (pass)", but this also didn't work. I would really greatly appreciate the help getting this to work. Many thanks. ??? C{ ??? #include ??? #include ??? #include ??? #include ??? }C ??? acl passem { "7x.xxx.xxx.xxx"; } ??? sub vcl_recv { ??? C{ ??? struct sockaddr_storage *client_ip_ss = VRT_r_client_ip(sp); ??? struct sockaddr_in *client_ip_si = (struct sockaddr_in *) client_ip_ss; ? ??struct in_addr *client_ip_ia = &(client_ip_si->sin_addr); ??? char *xff_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:"); ? ??? if (xff_ip != NULL) { ??? inet_pton(AF_INET, xff_ip, client_ip_ia); ??? } ??? }C ??? if (!(client.ip ~ passem)) { ??? return (pass); ??????????? } ??? } ? _______________________________________________ varnish-misc mailing list varnish-misc at varnish-cache.org https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc -- Stephen Wood www.heystephenwood.com From lohmann.andre at gmail.com Mon Sep 16 12:10:19 2013 From: lohmann.andre at gmail.com (Andre Lohmann) Date: Mon, 16 Sep 2013 14:10:19 +0200 Subject: Caching large Files with Varnish 3.0.4 Message-ID: Hi, we have that Problem of very large Files (Videos in our case) that we want to be cached on some frontend machines on varnish (some requests hit the server as range reauests too). I know there is one possible solution of prewarming these files, but since we have some new and very high frequented files and some archived and lesser frequended ones, prewarming is no a valid solution for us. I tried to understand how this could be solved with do_stream. But if I got it right, when the File is not in cache, the first request onto this file will be streamed and the second request will blocked until the File is fully cached. Whatif the first client reuqest turns into a range request before the file is fully cached? I also found some notes to 3.0.2s (very old) which mentioned of 3.0.2s as having full streaming capabilities (what ever that means). Will there be any solution for the caching of large files on demand in the future, or is there anything I missed, that is allready working well? kind regards -- Andre Lohmann Alte G?rtnerei 20a 24232 Sch?nkirchen Tel.: +49 (0) 431 260 93 833 mobil: +49 (0) 176 55 910 913 mail: lohmann.andre at gmail.com LinkedIn: http://de.linkedin.com/pub/andre-lohmann/26/a60/a92 Xing: http://www.xing.com/profile/Andre_Lohmann -------------- next part -------------- An HTML attachment was scrubbed... URL: From jledford at biltmore.com Tue Sep 17 20:35:31 2013 From: jledford at biltmore.com (Jason Ledford) Date: Tue, 17 Sep 2013 16:35:31 -0400 Subject: Not always forwarding client ip Message-ID: <435CB3214F92FD4E8E5CEEB86A20440242907A664C@MAILBOX.tbcnet.biltmore.com> I have a new setup of varnish and apache and the apache logs are not consistently getting the x-forwarded-for client ip. It does get them so I feel like its working, but its not all the time. I have googled around and believe its setup correct. Varnish has the following defined in the set req.http.X-Forwarded-For = client.ip; and apache is setup with a custom log file: LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" varnishcombined In my logs some entries have my ip and some just have - - - for the ip. Here is an example with personal info stripped 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_js/jquery.cookie.js HTTP/1.1" 200 837 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 200 27355 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" 200 29160 "http://mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" Any help you can offer would be great. Without this I can't limit using an htaccess since its not reliable where the source is coming from. Thanks for your help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi.boukelmoune at zenika.com Wed Sep 18 06:12:08 2013 From: dridi.boukelmoune at zenika.com (Dridi Boukelmoune) Date: Wed, 18 Sep 2013 07:12:08 +0100 Subject: Not always forwarding client ip In-Reply-To: <435CB3214F92FD4E8E5CEEB86A20440242907A664C@MAILBOX.tbcnet.biltmore.com> References: <435CB3214F92FD4E8E5CEEB86A20440242907A664C@MAILBOX.tbcnet.biltmore.com> Message-ID: Hi, Setting req.http.X-Forwarded-For in your VCL doesn't help much. Varnishncsa reads this header from the shared logs, and I believe that changing a header after you've received the request headers (that is to say in your VCL) won't be logged. However, I have this VMOD that does exactly what you want, it can log a header and trick varnishncsa into thinking that it genuinely came from the actual HTTP request: https://github.com/Dridi/libvmod-logger#example Best Regards, Dridi On Tue, Sep 17, 2013 at 9:35 PM, Jason Ledford wrote: > I have a new setup of varnish and apache and the apache logs are not > consistently getting the x-forwarded-for client ip. It does get them so I > feel like its working, but its not all the time. I have googled around and > believe its setup correct. Varnish has the following defined in the > > set req.http.X-Forwarded-For = client.ip; > > > > and apache is setup with a custom log file: > > LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" > \"%{User-Agent}i\"" varnishcombined > > > > In my logs some entries have my ip and some just have - - - for the ip. > Here is an example with personal info stripped > > > > 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_js/jquery.cookie.js > HTTP/1.1" 200 837 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" > 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg > HTTP/1.1" 200 27355 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" > 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" > 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1" > 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg > HTTP/1.1" 200 29160 "http://mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36" > > > > > > Any help you can offer would be great. Without this I can?t limit using an > htaccess since its not reliable where the source is coming from. Thanks for > your help. > > > > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc From mihamina at rktmb.org Wed Sep 18 13:10:55 2013 From: mihamina at rktmb.org (Mihamina Rakotomandimby) Date: Wed, 18 Sep 2013 16:10:55 +0300 Subject: rpm binaries require gcc + cpp Message-ID: <5239A65F.5020600@rktmb.org> Hi all, I'm installing Varnish3 from RPM from the website EL6 repo. I notice gcc et cpp is a dependency. http://postimg.org/image/s9q642ynj/ Just curious why. Woudl you know? -- RMA. -------------- next part -------------- An HTML attachment was scrubbed... URL: From dridi.boukelmoune at zenika.com Wed Sep 18 14:13:24 2013 From: dridi.boukelmoune at zenika.com (Dridi Boukelmoune) Date: Wed, 18 Sep 2013 16:13:24 +0200 Subject: rpm binaries require gcc + cpp In-Reply-To: <5239A65F.5020600@rktmb.org> References: <5239A65F.5020600@rktmb.org> Message-ID: Hi, The VCL (Varnish Configuration Language) is turned into C and then compiled, this is why you need gcc. And gcc needs cpp which I believe is a C preprocessor. Regards, Dridi On Wed, Sep 18, 2013 at 3:10 PM, Mihamina Rakotomandimby wrote: > Hi all, > > I'm installing Varnish3 from RPM from the website EL6 repo. > I notice gcc et cpp is a dependency. > http://postimg.org/image/s9q642ynj/ > Just curious why. Woudl you know? > > -- > RMA. > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc From geoff at uplex.de Wed Sep 18 14:15:03 2013 From: geoff at uplex.de (Geoff Simmons) Date: Wed, 18 Sep 2013 16:15:03 +0200 Subject: rpm binaries require gcc + cpp In-Reply-To: <5239A65F.5020600@rktmb.org> References: <5239A65F.5020600@rktmb.org> Message-ID: <5239B567.7050200@uplex.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 09/18/2013 03:10 PM, Mihamina Rakotomandimby wrote: > > I'm installing Varnish3 from RPM from the website EL6 repo. > I notice gcc et cpp is a dependency. > http://postimg.org/image/s9q642ynj/ > Just curious why. Woudl you know? Varnish translates VCL to C, and then compiles the C source, so it has to be able to call a C compiler. You can pick any compile command you want using the runtime parameter cc_command, but your RPM evidently expects you to have gcc, and oddly has a dependency on a C preprocessor as well. Best, Geoff - -- ** * * UPLEX - Nils Goroll Systemoptimierung Scheffelstra?e 32 22301 Hamburg Tel +49 40 2880 5731 Mob +49 176 636 90917 Fax +49 40 42949753 http://uplex.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJSObVbAAoJEOUwvh9pJNUR2WsQAJ5I/nLiSY9TdOoeYuNKOBb4 naTVeWRWjBLbduBXJbqLuxEYyd2Rme77j2eUUlaVVtkICGqR/JiRNw4YrgXreTlT fKj9SVcmWHLUPIlblHzHaf4Bu20eWxdbNVM4TOZUxjIuDI1SzRFLLtR63OMduvVl SSDe3A0d1lm9jdEAQJRChpRKinmOip2NFsJw4D14ntMzKiFyJUwSHM9TSFLwlXaG aesdemZr1Wa2hLvavgMGVpAtXPnqf//pkRQOX4NVDTObTAnCaLKvTo67RM2Air6Q iELR8HxsYFPl44Y7UyCJgJtK7bZSZsM1DkMeuXSIXEA/8rxxEeuFfHBJkFBQb+sD u02pM25NR8BP00xggxOATpCYeQMuunO0YiT6tGFRc+YHsMakFlZXb2Ow9KgqX0v+ EQjKkXAlQK0iJq/GEtNjpzQKkeB/OE4vojcmJCczYdnNmDHN8TwnsZsYInAMFhmi xw48orlag437xa2BS73dWPzu+Jvc5XTuzw7Qq3kn1JUBhRYSbu6FY4CUxjK/iPSI Ojo18IUkNVTs9VPIrHHdPuX+wCl+g2YvYx3Ewnc/GGld8/982j4Wv5OkYdV2thk8 MB8KmG4Dx0al17ubBv7M4DboWJhZ6R0HnkLLjIzF6MWY3pJUlriHfule9FmSTsub nvFK3vE7lz5JLbalXqRm =y4XH -----END PGP SIGNATURE----- From spaceman at antispaceman.com Fri Sep 20 14:34:59 2013 From: spaceman at antispaceman.com (spaceman) Date: Fri, 20 Sep 2013 15:34:59 +0100 Subject: Ignore Proxy-Revalidate Message-ID: <20130920143459.GA2213@antispaceman.asset.local> Hi, I have set the cache control header proxy-revalidate to prevent caching on other peoples proxies (along with must-revalidate). However I still want it to cache for the max-age lifetime on Varnish. This is for application that is dependent heavily on Javascript and has a quick release cycle therefore I can't have scripts getting stuck in other peoples caches but I still want a fast page load and to allow client side caching. How do I get varnish to ignore the proxy-revalidate and cache for max-age lifetime in VCL? Regards, spaceman -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: Digital signature URL: -------------- next part -------------- !DSPAM:523c5d4847721557110504! From perbu at varnish-software.com Sun Sep 22 12:19:20 2013 From: perbu at varnish-software.com (Per Buer) Date: Sun, 22 Sep 2013 14:19:20 +0200 Subject: Ignore Proxy-Revalidate In-Reply-To: <20130920143459.GA2213@antispaceman.asset.local> References: <20130920143459.GA2213@antispaceman.asset.local> Message-ID: Hi, On Fri, Sep 20, 2013 at 4:34 PM, spaceman wrote: > How do I get varnish to ignore the proxy-revalidate and cache for > max-age lifetime in VCL? > I'm pretty certain varnish ignores proxy-revalidate. Varnish considers itself a webserver and not a proxy, since proxies are typically not under the control of the webmaster. Per. -- *Per Buer* CTO | Varnish Software AS Phone: +47 958 39 117 | Skype: per.buer We Make Websites Fly! Winner of the Red Herring Top 100 Europe Award 2013 -------------- next part -------------- An HTML attachment was scrubbed... URL: From iphrankie at gmail.com Tue Sep 24 01:13:37 2013 From: iphrankie at gmail.com (iPhrankie) Date: Mon, 23 Sep 2013 18:13:37 -0700 Subject: Bypass Cache for Particular Visitor IP Address In-Reply-To: <5D103CE839D50E4CBC62C9FD7B83287C27486B26@EXCN015.encara.local.ads> References:

<5D103CE839D50E4CBC62C9FD7B83287C27486B26@EXCN015.encara.local.ads> Message-ID: Thierry, thank you! This was indeed the problem! Everything is working correctly now. On Fri, Sep 13, 2013 at 12:06 AM, MAGNIEN, Thierry wrote: > Hi, > > If I'm not misreading : > > if (!(client.ip ~ passem)) { > return (pass); > } > > means exactly the opposite of what you need : if NOT (client.ip matches > passem) then PASS. Just remove the "!" and it should work ;-) > > Regards, > Thierry > > > De : varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org[mailto: > varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] De la > part de Stephen Wood > Envoy? : vendredi 13 septembre 2013 08:04 > ? : iPhrankie > Cc : varnish-misc at varnish-cache.org > Objet : Re: Bypass Cache for Particular Visitor IP Address > > How do the logs describe the request? Hit/Miss/Pass? How are you sure that > the content is being served out of the cache? > > Also, you might want to consider using ipcast to set the client.ip from > the x-forwarded-for headers. It's a lot cleaner than using the inline C. We > use it to do what you're describing. > > On Thu, Sep 12, 2013 at 12:12 PM, iPhrankie wrote: > Hello Everyone, > We're using Varnish 3.0.3 behind a load balancer. We would like to bypass > the Varnish cache for a particular visitor IP address. > After doing research, I found the following solution. We're using the > following in order for the acl to match the "http.x-forwarded-for" string. > This code is working and within varnishlog I see "6 VCL_acl c MATCH passem > 7x.xxx.xxx.xxx". However, even though it is matching the acl, the cache is > still not being bypassed. > I have a feeling it has to do with the "sub vcl_recv" or the "return > (pass)". I also tried using "set req.hash_always_miss = true;" instead of > "return (pass)", but this also didn't work. > I would really greatly appreciate the help getting this to work. Many > thanks. > > C{ > #include > #include > #include > #include > }C > acl passem { "7x.xxx.xxx.xxx"; } > sub vcl_recv { > C{ > struct sockaddr_storage *client_ip_ss = VRT_r_client_ip(sp); > struct sockaddr_in *client_ip_si = (struct sockaddr_in *) client_ip_ss; > struct in_addr *client_ip_ia = &(client_ip_si->sin_addr); > char *xff_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:"); > > if (xff_ip != NULL) { > inet_pton(AF_INET, xff_ip, client_ip_ia); > } > }C > if (!(client.ip ~ passem)) { > return (pass); > } > } > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > > > -- > Stephen Wood > www.heystephenwood.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer at ultra-secure.de Sun Sep 29 20:45:51 2013 From: rainer at ultra-secure.de (Rainer Duffner) Date: Sun, 29 Sep 2013 22:45:51 +0200 Subject: Is there a way to invalidate a cached item on multiple varnish servers at once? Message-ID: <316A162B-065D-4C24-9C74-730F3F7ABF67@ultra-secure.de> Hi, suppose you've got a couple of load-balanced varnish-servers, is there a way to have an item removed from the cache on multiple servers at the same time? Seeing that e.g. drupal has no way to specify more than one varnish server, I assume it would have got to be some sort of proxy. Or is this only in the commercial product? Regards, Rainer From james at ifixit.com Mon Sep 30 20:44:34 2013 From: james at ifixit.com (James Pearson) Date: Mon, 30 Sep 2013 13:44:34 -0700 Subject: Is there a way to invalidate a cached item on multiple varnish servers at once? In-Reply-To: <316A162B-065D-4C24-9C74-730F3F7ABF67@ultra-secure.de> References: <316A162B-065D-4C24-9C74-730F3F7ABF67@ultra-secure.de> Message-ID: <1380573765-sup-3917@geror.local> Excerpts from Rainer Duffner's message of 2013-09-29 13:45:51 -0700: > Hi, > > suppose you've got a couple of load-balanced varnish-servers, is there a way to have an item removed from the cache on multiple servers at the same time? How small of a window do you need? I'd probably just fire off a PURGE request to each server, but that'd give a few seconds where some servers would have a cache entry and others would not. - P