Mailing List Archive

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+--------------------
Reporter: gquintard | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
-----------------------+--------------------

Comment (by Dridi):

Regardless of PROXY protocol, if we have a trusted HTTPS or TLS proxy in
front of Varnish, shouldn't we treat the https scheme as a hint to the web
application that the end-user connected through a secure channel?

I think it's the same intent as putting an X-Forwarded-Proto:https header
field.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:1>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+--------------------
Reporter: gquintard | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
-----------------------+--------------------

Comment (by gquintard):

My main concern about this one is that we won't hash the correct string
because varnish can't split it correctly, leading to duplication. But it
also screws up logs tht use requrl.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+--------------------
Reporter: gquintard | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
-----------------------+--------------------

Comment (by fgsch):

This is specially an issue when you have both http and https traffic going
to the same instance.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:3>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+--------------------
Reporter: gquintard | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
-----------------------+--------------------

Comment (by gquintard):

FYI, I checked nginx and HAProxy and they have two diametrically opposed
behaviors:
- HAProxy doesn't touch the request line, at all, and just blast it to the
backend
- NGINX on the other hand will deconstruct any url with scheme as long as
it finds "://", and will send only the path in the request line

And Varnish stands in the middle :-)

@phk: we talked about a enable_https flag, should we consider an
enable_all flags to have the nginx behavior? (I'm guessing no, but who
knows?)

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:4>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+--------------------
Reporter: gquintard | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution:
Keywords: |
-----------------------+--------------------

Comment (by gquintard):

New patch, using a parameter for conditional activation.

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:5>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs

#1847: HTTP1_DissectRequest doesn't handle https
-----------------------+---------------------
Reporter: gquintard | Owner:
Type: defect | Status: closed
Priority: normal | Milestone:
Component: varnishd | Version: trunk
Severity: normal | Resolution: fixed
Keywords: |
-----------------------+---------------------
Changes (by gquintard):

* status: new => closed
* resolution: => fixed


Comment:

Fixed by e96478c2aea2a5c6f2e3efaff94508c3f0d43d87

--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1847#comment:6>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

_______________________________________________
varnish-bugs mailing list
varnish-bugs@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs