Mailing List Archive: unset X-Varnish header to the backend server but keep it in the response to client

unset X-Varnish header to the backend server but keep it in the response to client

Nov 8, 2019, 12:37 AM

Post #1 of 3 (592 views)

Dear all,

Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I have
an issue concerning unset a header to a backend but keep it in the resp.

Indeed, I cannot use it in vcl_backend_response because it's unset before
(vcl_pass/vcl_backend_fetch)...

In the documentation (
https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I can
see that "if you do not wish to send the X-Varnish header to the backend
server, you can remove it in vcl_miss or vcl_pass. For that case, you can
use unset bereq.http.x-varnish;." but I cannot use bereq in
vcl_miss/vcl_pass.

Do you have any idea how to keep this header in vcl_backend_response but
without send it to backend?

In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set in
vcl_fetch.

*Vcl code:*

vcl 4.1;
import std;

backend dev {
.host = "127.0.0.1";
.port = "8080";
}

sub vcl_recv {
set req.http.App="App1";
set req.backend_hint = dev;
return (hash);
}

sub vcl_miss {
unset req.http.App;
}

sub vcl_pass {
unset req.http.App;
}

sub vcl_backend_fetch {
unset bereq.http.App;
}

sub vcl_backend_response {
if (bereq.http.App) {
set beresp.http.Debug = "test";
set beresp.ttl = 10s;
set beresp.grace = 10s;
return (deliver); // not applied
}
}

sub vcl_deliver {
set res.http.App;
}

*Goal*:

- Currently: App header in unset for backend & client (unable to use it
in vcl_backend_response)
- Goal: App header can be used for conditions in vcl_backend_response
but not sent to the backend

Best regards,

Re: unset X-Varnish header to the backend server but keep it in the response to client [ In reply to ]

dridi at varni

Nov 8, 2019, 8:25 AM

Post #2 of 3 (589 views)

Permalink

Hi,

Thank you for taking the time to reach out to this list.

On Fri, Nov 8, 2019 at 8:39 AM EC DIGIT FPFIS <digit.fpfis@gmail.com> wrote:
>
> Dear all,
>
> Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I have an issue concerning unset a header to a backend but keep it in the resp.
>
> Indeed, I cannot use it in vcl_backend_response because it's unset before (vcl_pass/vcl_backend_fetch)...
>
> In the documentation (https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I can see that "if you do not wish to send the X-Varnish header to the backend server, you can remove it in vcl_miss or vcl_pass. For that case, you can use unset bereq.http.x-varnish;." but I cannot use bereq in vcl_miss/vcl_pass.

This is a bug in the varnish book, it lives here:

https://github.com/varnish/varnish-book

> Do you have any idea how to keep this header in vcl_backend_response but without send it to backend?
>
> In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set in vcl_fetch.

Nowadays you would do that in vcl_backend_fetch, but the tricky part
is that you no longer have access to the client context. So instead
you need to "pollute" your bereq to find that information or use a
different tool like vmod_var or something similar.

> Vcl code:
>
> vcl 4.1;
> import std;
>
> backend dev {
> .host = "127.0.0.1";
> .port = "8080";
> }
>
> sub vcl_recv {
> set req.http.App="App1";
> set req.backend_hint = dev;
> return (hash);
> }
>
> sub vcl_miss {
> unset req.http.App;
> }
>
> sub vcl_pass {
> unset req.http.App;
> }

Don't do anything in vcl_miss or vcl_pass.

> sub vcl_backend_fetch {
> unset bereq.http.App;
> }

Here you may do something like this:

sub vcl_backend_fetch {
if (bereq.http.App) {
var.set("app", bereq.http.App);
unset bereq.http.App;
}
}

> sub vcl_backend_response {
> if (bereq.http.App) {
> set beresp.http.Debug = "test";
> set beresp.ttl = 10s;
> set beresp.grace = 10s;
> return (deliver); // not applied
> }
> }

And here, something like that:

sub vcl_backend_response {
if (var.get("app")) {
set beresp.ttl = 10s;
set beresp.grace = 10s;
return (deliver);
}
}

> sub vcl_deliver {
> set res.http.App;
> }
>
> Goal:
>
> Currently: App header in unset for backend & client (unable to use it in vcl_backend_response)
> Goal: App header can be used for conditions in vcl_backend_response but not sent to the backend

See https://github.com/varnish/varnish-modules/blob/master/docs/vmod_var.rst

Dridi
_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

Re: unset X-Varnish header to the backend server but keep it in the response to client [ In reply to ]

digit.fpfis at gmail

Nov 10, 2019, 11:07 PM

Post #3 of 3 (588 views)

Permalink

Hello Dridi and thank you for you answer.

I try to use vmod_var but there are another issue. Apparently I need to use
global var to get it between vcl_recv & vcl_backend_response (it's empty if
I try a 'simple' var)

Moreover, the global var are kept for the next requests so I fear that a
conflict can appear between requests.

Best regards,

Le ven. 8 nov. 2019 à 17:26, Dridi Boukelmoune <dridi@varni.sh> a écrit :

> Hi,
>
> Thank you for taking the time to reach out to this list.
>
> On Fri, Nov 8, 2019 at 8:39 AM EC DIGIT FPFIS <digit.fpfis@gmail.com>
> wrote:
> >
> > Dear all,
> >
> > Currently, I migrate a configuration from Varnish 3 to Varnish 6 but I
> have an issue concerning unset a header to a backend but keep it in the
> resp.
> >
> > Indeed, I cannot use it in vcl_backend_response because it's unset
> before (vcl_pass/vcl_backend_fetch)...
> >
> > In the documentation (
> https://book.varnish-software.com/4.0/chapters/VCL_Subroutines.html), I
> can see that "if you do not wish to send the X-Varnish header to the
> backend server, you can remove it in vcl_miss or vcl_pass. For that case,
> you can use unset bereq.http.x-varnish;." but I cannot use bereq in
> vcl_miss/vcl_pass.
>
> This is a bug in the varnish book, it lives here:
>
> https://github.com/varnish/varnish-book
>
> > Do you have any idea how to keep this header in vcl_backend_response but
> without send it to backend?
> >
> > In Varnish 3, I used it in vcl_miss/vcl_pass and the unset bereq was set
> in vcl_fetch.
>
> Nowadays you would do that in vcl_backend_fetch, but the tricky part
> is that you no longer have access to the client context. So instead
> you need to "pollute" your bereq to find that information or use a
> different tool like vmod_var or something similar.
>
> > Vcl code:
> >
> > vcl 4.1;
> > import std;
> >
> > backend dev {
> > .host = "127.0.0.1";
> > .port = "8080";
> > }
> >
> > sub vcl_recv {
> > set req.http.App="App1";
> > set req.backend_hint = dev;
> > return (hash);
> > }
> >
> > sub vcl_miss {
> > unset req.http.App;
> > }
> >
> > sub vcl_pass {
> > unset req.http.App;
> > }
>
> Don't do anything in vcl_miss or vcl_pass.
>
> > sub vcl_backend_fetch {
> > unset bereq.http.App;
> > }
>
> Here you may do something like this:
>
> sub vcl_backend_fetch {
> if (bereq.http.App) {
> var.set("app", bereq.http.App);
> unset bereq.http.App;
> }
> }
>
> > sub vcl_backend_response {
> > if (bereq.http.App) {
> > set beresp.http.Debug = "test";
> > set beresp.ttl = 10s;
> > set beresp.grace = 10s;
> > return (deliver); // not applied
> > }
> > }
>
> And here, something like that:
>
> sub vcl_backend_response {
> if (var.get("app")) {
> set beresp.ttl = 10s;
> set beresp.grace = 10s;
> return (deliver);
> }
> }
>
> > sub vcl_deliver {
> > set res.http.App;
> > }
> >
> > Goal:
> >
> > Currently: App header in unset for backend & client (unable to use it in
> vcl_backend_response)
> > Goal: App header can be used for conditions in vcl_backend_response but
> not sent to the backend
>
> See
> https://github.com/varnish/varnish-modules/blob/master/docs/vmod_var.rst
>
> Dridi
>