Mailing List Archive

On Wed, Jul 5, 2017 at 10:04 AM, Quintin Par <quintinpar@gmail.com> wrote:
>
> Nginx has a nifty command for invalidating a specific cache
>
> proxy_cache_bypass $http_cachepurge;
>
> curl -I myapp.example.com/api/ping -H "cachepurge: true"
>
> Is there something equivalent in varnish?

Hi,

I'm not familiar with this nginx feature, but there is a hash_always_miss
feature in Varnish that allows you to bypass a cache hit.

You can probably do something like this in vcl_recv{}, I haven't tried:

set req.hash_always_miss = req.http.cachepurge == "true";

However, this opens a DoS vector so you probably want to restrict this
using an ACL or other means.

Dridi

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Does hash_always_miss invalidate the cache?

- Quintin

On Wed, Jul 5, 2017 at 1:21 AM, Dridi Boukelmoune <dridi@varni.sh> wrote:

> On Wed, Jul 5, 2017 at 10:04 AM, Quintin Par <quintinpar@gmail.com> wrote:
> >
> > Nginx has a nifty command for invalidating a specific cache
> >
> > proxy_cache_bypass $http_cachepurge;
> >
> > curl -I myapp.example.com/api/ping
> <https://mailtrack.io/trace/link/034cd6cb88d2124e6aa40aa6bf29bd014db03eb8?url=http%3A%2F%2Fmyapp.example.com%2Fapi%2Fping&userId=74734&signature=64a0a6061bf36017>
> -H "cachepurge: true"
> >
> > Is there something equivalent in varnish?
>
> Hi,
>
> I'm not familiar with this nginx feature, but there is a hash_always_miss
> feature in Varnish that allows you to bypass a cache hit.
>
> You can probably do something like this in vcl_recv{}, I haven't tried:
>
> set req.hash_always_miss = req.http.cachepurge == "true";
>
> However, this opens a DoS vector so you probably want to restrict this
> using an ACL or other means.
>
> Dridi
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> <https://mailtrack.io/trace/link/f72e9c877fe9a482b98f0606a6b12e974cf3ebef?url=https%3A%2F%2Fwww.varnish-cache.org%2Flists%2Fmailman%2Flistinfo%2Fvarnish-misc&userId=74734&signature=db96c78a1ed9472f>
>

On Wed, Jul 5, 2017 at 10:38 AM, Quintin Par <quintinpar@gmail.com> wrote:
>
> Does hash_always_miss invalidate the cache?

Not as such, it will fetch a new copy regardless and once cached it
will shadow the previous one (that will eventually go away).

There are other means of invalidation in VCL: ban and purge. I picked
hash_always_miss because that's how I interpreted nginx's
proxy_cache_bypass. But I didn't check the nginx documentation, pure
speculation.

Dridi

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

From what I understand,
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass
is saying that your code is equivalent to:

sub vcl_recv {
if (req.http.cachepurge) {
return (pass);
}
}

I don't see a thing about purging, only bypassing the cache.

--
Guillaume Quintard

On Wed, Jul 5, 2017 at 10:46 AM, Dridi Boukelmoune <dridi@varni.sh> wrote:

> On Wed, Jul 5, 2017 at 10:38 AM, Quintin Par <quintinpar@gmail.com> wrote:
> >
> > Does hash_always_miss invalidate the cache?
>
> Not as such, it will fetch a new copy regardless and once cached it
> will shadow the previous one (that will eventually go away).
>
> There are other means of invalidation in VCL: ban and purge. I picked
> hash_always_miss because that's how I interpreted nginx's
> proxy_cache_bypass. But I didn't check the nginx documentation, pure
> speculation.
>
> Dridi
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Guillaume,

The documentation isn’t the most update but the code invalidates (reaches)
the cache.

https://stackoverflow.com/a/23774285/113247
<https://mailtrack.io/trace/link/b6613e86bd25e6dca1bf0e44d70b310d355207a0?url=https%3A%2F%2Fstackoverflow.com%2Fa%2F23774285%2F113247&userId=74734&signature=12371bb8a9614048>
this can shed light. Please guide me if this isn’t exactly the behavior to

set req.hash_always_miss = req.http.secretheader == "true";



> Not as such, it will fetch a new copy regardless and once cached it
> will shadow the previous one (that will eventually go away).
>
> Dridi,

How can two copies of the same cache key exist (assuming the URL is the key
here)? Won’t that create conflicts?


> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> <https://mailtrack.io/trace/link/08d6a4ec73e8d8d57e35f0e764c576e39774dfe0?url=https%3A%2F%2Fwww.varnish-cache.org%2Flists%2Fmailman%2Flistinfo%2Fvarnish-misc&userId=74734&signature=30faa7489d5ddc18>
>

> How can two copies of the same cache key exist (assuming the URL is the key here)? Won’t that create conflicts?

The new copy will prevail, while the older one may still be in use
(large objects or slow clients...)

Dridi

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Ok, then Dridi's answer is correct.

Not a problem to have more than one object under the same hash, it's
notably possible using Vary header (different variant of the same object)

--
Guillaume Quintard

On Wed, Jul 5, 2017 at 6:34 PM, Quintin Par <quintinpar@gmail.com> wrote:

> Guillaume,
>
> The documentation isn’t the most update but the code invalidates (reaches)
> the cache.
>
> https://stackoverflow.com/a/23774285/113247
> <https://mailtrack.io/trace/link/b6613e86bd25e6dca1bf0e44d70b310d355207a0?url=https%3A%2F%2Fstackoverflow.com%2Fa%2F23774285%2F113247&userId=74734&signature=12371bb8a9614048>
> this can shed light. Please guide me if this isn’t exactly the behavior to
>
> set req.hash_always_miss = req.http.secretheader == "true";
>
>
>
>> Not as such, it will fetch a new copy regardless and once cached it
>> will shadow the previous one (that will eventually go away).
>>
>> Dridi,
>
> How can two copies of the same cache key exist (assuming the URL is the
> key here)? Won’t that create conflicts?
>
>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> <https://mailtrack.io/trace/link/08d6a4ec73e8d8d57e35f0e764c576e39774dfe0?url=https%3A%2F%2Fwww.varnish-cache.org%2Flists%2Fmailman%2Flistinfo%2Fvarnish-misc&userId=74734&signature=30faa7489d5ddc18>
>>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>