csandanov
commented
5 years ago Should be normally fixed in https://github.com/wodby/varnish/commit/e5c91ebe153f2e2deddf9843eec93672b55d6cc3 where we've changed the order of includes
Closed davidwhthomas closed 5 years ago
csandanov
commented
5 years ago Should be normally fixed in https://github.com/wodby/varnish/commit/e5c91ebe153f2e2deddf9843eec93672b55d6cc3 where we've changed the order of includes
davidwhthomas
commented
5 years ago Thanks for checking, it's a little different this case, because the URL may be excluded from Varnish by the env variable config but the cookies are therefore stripped without the early return in preset.vcl
csandanov
commented
5 years ago Which one cookie strip statement are you referring to? The one in drupal.vcl? POST request should never reach vcl_recv in this file because it will hit a return(pass) in the vcl_recv.vcl that included first.
Did you actually test it with the latest version? Could you please tell me how I can reproduce it?
This is how I tested it ($VARNISH_CONFIG_PRESET=drupal):
curl -X POST -d "param1=test" -b "mycookie=test123" localhost:6081And as you can see there's only one RECV and it returns pass. And the cookie is still there:
* << BeReq >> 32771
- Begin bereq 32770 pass
- Timestamp Start: 1552377267.494212 0.000000 0.000000
- BereqMethod POST
- BereqURL /
- BereqProtocol HTTP/1.1
- BereqHeader Host: localhost:6081
- BereqHeader User-Agent: curl/7.63.0
- BereqHeader Accept: */*
- BereqHeader Cookie: mycookie=test123
- BereqHeader Content-Length: 11
- BereqHeader Content-Type: application/x-www-form-urlencoded
- BereqHeader X-Forwarded-For: 127.0.0.1
- BereqHeader X-Country-Code: Unknown
- BereqHeader X-VC-Cacheable: NO:Request method:POST
- BereqHeader hash: /#localhost:6081
- BereqHeader X-Varnish: 32771
- VCL_call BACKEND_FETCH
- VCL_return fetch
- BackendOpen 27 boot.backend1 172.18.0.2 80 172.18.0.3 52148
- BackendStart 172.18.0.2 80
- Timestamp Bereq: 1552377267.494548 0.000337 0.000337
- Timestamp Beresp: 1552377267.494725 0.000513 0.000177
- BerespProtocol HTTP/1.1
- BerespStatus 405
- BerespReason Not Allowed
- BerespHeader Server: nginx/1.14.2
- BerespHeader Date: Tue, 12 Mar 2019 07:54:27 GMT
- BerespHeader Content-Type: text/html
- BerespHeader Content-Length: 173
- BerespHeader Connection: keep-alive
- VCL_call BACKEND_RESPONSE
- BerespHeader X-VC-Req-Host: localhost:6081
- BerespHeader X-VC-Req-URL: /
- BerespHeader X-VC-Req-URL-Base: /
- TTL VCL -1 120 0 1552377267 uncacheable
- BerespHeader X-VC-Cacheable: NO:Request method:POST
- TTL VCL -1 120 0 1552377267 uncacheable
- TTL VCL 120 120 0 1552377267 uncacheable
- BerespHeader X-Url: /
- BerespHeader X-Host: localhost:6081
- VCL_return deliver
- Storage malloc Transient
- Fetch_Body 3 length stream
- BackendReuse 27 boot.backend1
- Timestamp BerespBody: 1552377267.494920 0.000708 0.000195
- Length 173
- BereqAcct 309 11 320 157 173 330
- End
* << Request >> 32770
- Begin req 32769 rxreq
- Timestamp Start: 1552377267.494106 0.000000 0.000000
- Timestamp Req: 1552377267.494106 0.000000 0.000000
- ReqStart 127.0.0.1 46462 a0
- ReqMethod POST
- ReqURL /
- ReqProtocol HTTP/1.1
- ReqHeader Host: localhost:6081
- ReqHeader User-Agent: curl/7.63.0
- ReqHeader Accept: */*
- ReqHeader Cookie: mycookie=test123
- ReqHeader Content-Length: 11
- ReqHeader Content-Type: application/x-www-form-urlencoded
- ReqHeader X-Forwarded-For: 127.0.0.1
- VCL_call RECV
- ReqHeader X-Country-Code: Unknown
- ReqHeader X-VC-My-Purge-Key: 64IIFrlsJGYhha2YtudIa9qZcDebAi8Csa9HbljjRgTX1YHI42WlhaS6xHndY4B9
- ReqUnset X-VC-My-Purge-Key: 64IIFrlsJGYhha2YtudIa9qZcDebAi8Csa9HbljjRgTX1YHI42WlhaS6xHndY4B9
- ReqHeader X-VC-Cacheable: NO:Request method:POST
- VCL_return pass
- VCL_call HASH
- ReqHeader hash: /
- ReqUnset hash: /
- ReqHeader hash: /#localhost:6081
- VCL_return lookup
- VCL_call PASS
- VCL_return fetch
- Link bereq 32771 pass
- Storage malloc Transient
- Timestamp ReqBody: 1552377267.494523 0.000417 0.000417
- Timestamp Fetch: 1552377267.494949 0.000844 0.000426
- RespProtocol HTTP/1.1
- RespStatus 405
- RespReason Not Allowed
- RespHeader Server: nginx/1.14.2
- RespHeader Date: Tue, 12 Mar 2019 07:54:27 GMT
- RespHeader Content-Type: text/html
- RespHeader Content-Length: 173
- RespHeader X-VC-Req-Host: localhost:6081
- RespHeader X-VC-Req-URL: /
- RespHeader X-VC-Req-URL-Base: /
- RespHeader X-VC-Cacheable: NO:Request method:POST
- RespHeader X-Url: /
- RespHeader X-Host: localhost:6081
- RespHeader X-Varnish: 32770
- RespHeader Age: 0
- RespHeader Via: 1.1 varnish (Varnish/6.0)
- VCL_call DELIVER
- RespUnset X-VC-Req-Host: localhost:6081
- RespUnset X-VC-Req-URL: /
- RespUnset X-VC-Req-URL-Base: /
- RespUnset Via: 1.1 varnish (Varnish/6.0)
- RespUnset X-Url: /
- RespUnset X-Host: localhost:6081
- RespHeader X-VC-Cache: MISS
- RespUnset X-VC-Cacheable: NO:Request method:POST
- VCL_return deliver
- Timestamp Process: 1552377267.494984 0.000879 0.000035
- RespHeader Connection: keep-alive
- Timestamp Resp: 1552377267.495057 0.000951 0.000073
- ReqAcct 174 11 185 201 173 374
- End
* << Session >> 32769
- Begin sess 0 HTTP/1
- SessOpen 127.0.0.1 46462 a0 127.0.0.1 6081 1552377267.494030 22
- Link req 32770 rxreq
- SessClose REM_CLOSE 0.002
- EndClosing due to no activity from OP. If you have more details on how to reproduce this issue, feel free to open it.
davidwhthomas
commented
5 years ago Hey thanks @csandanov the issue I was having isn't happening anymore. Will reopen if the issue persists, many thanks.
Hi there,
Just noting when stripping cookies in Varnish, and making a POST request that should bypass Varnish, the cookies are still stripped from the POST request.
This pull request adds the return statements earlier to the Drupal
preset.vclto allow bypassing Varnish for POST requests while preserving the cookies there.With thanks for the useful images.