Improve varnish config, add support for URIBAN by regex#495
Conversation
|
The CircleCI failure does not seem related to this PR. |
|
|
||
| if (req.url ~ "\.(png|gif|jpg|tif|tiff|ico|webp|swf|css|js|pdf|doc|xls|ppt|zip)(\?.*)?$") { | ||
| // Forcing a lookup with static file requests | ||
| if (req.url ~ "\.(png|gif|jpg|svg|tif|tiff|ico|webp|swf|css|js|pdf|doc|xls|ppt|zip|woff|eot|ttf|bmp|bz2)$") { |
There was a problem hiding this comment.
Sort the extensions alphabetically?
There was a problem hiding this comment.
Done in 9e62b7f.
Also noticed that the Accept-Encoding block tried to skip compressing already compressed files, but as there is significant overlap with the static files handling and the block was after the static files block, it was actually not doing anything for many types of static files. 6859a11 moves it to before the static files block.
| if (req.method == "URIBAN") { | ||
| # Admin port is only exposed to internal network | ||
| if (!client.ip ~ purge) { | ||
| return (synth(403, "Not allowed.")); |
There was a problem hiding this comment.
Consider "IP not allowed".
Reasoning: suppose someone gets the error, and has no clue of this code here, it could be a guesswork why the error.
There was a problem hiding this comment.
AFAIK, the message set here is only logged in varnishlog, not transmitted via HTTP.
| if (req.url ~ "\.(png|gif|jpg|tif|tiff|ico|webp|swf|css|js|pdf|doc|xls|ppt|zip)(\?.*)?$") { | ||
| // Forcing a lookup with static file requests | ||
| if (req.http.Accept-Encoding) { | ||
| if (req.url ~ "\.(bz2|eot|gif|gz|ico|jpg|mp3|ogg|pdf|png|svg|swf|tbz|tgz|tif|tiff|ttf|webp|woff|zip)(\?.*)?$") { |
There was a problem hiding this comment.
Can we use non-capturing regex: (?:...)?
There was a problem hiding this comment.
Varnish uses PCRE so it would probably work, I will try it out.
| } | ||
|
|
||
| if (req.url ~ "\.(bmp|bz2|css|doc|eot|gif|ico|jpg|js|pdf|png|ppt|svg|swf|tif|tiff|ttf|webp|woff|xls|zip)$") { | ||
| # Static file request do not vary on cookies |
There was a problem hiding this comment.
Good point. I like this.
| return (hash); | ||
| } | ||
| elseif (req.http.Cookie ~ "(SESS[a-z0-9]+|SSESS[a-z0-9]+)") { | ||
| if (req.http.Cookie ~ "(SESS[a-z0-9]+|SSESS[a-z0-9]+)") { |
There was a problem hiding this comment.
simplify?
``"S?SESS[a-z0-9]+="`
|
I reviewed it to my capacity, but I didn't have the full understanding of it, but I have it roughly, so I could not really review the algorithmic aspect. I did not test it, but reviewed it visually. |
There was a problem hiding this comment.
Pull Request Overview
This PR improves Varnish caching configuration by fixing static file caching issues and enhancing URIBAN functionality with regex pattern support. The changes address cookie-based cache variations for static files and add more flexible cache invalidation capabilities.
Key changes:
- Fixed static file cache variation issue by removing cookies from static file requests
- Enhanced URIBAN method to support regex-based cache invalidation via
x-url-invalidate-patternheader - Moved BAN/URIBAN handling to occur before method validation checks
Reviewed Changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| frontend/templates/varnish-configmap-vcl.yaml | Moved BAN/URIBAN logic earlier in request processing, added regex URIBAN support, improved regex patterns |
| drupal/templates/varnish-configmap-vcl.yaml | Split BAN/URIBAN into separate handlers, added regex URIBAN support, fixed static file cookie handling, reorganized request processing flow |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| # If x-url-invalidate-pattern header is present, | ||
| # use it to match URLs in stored objects. (ban by regex pattern) | ||
| if (req.http.x-url-invalidate-pattern) { | ||
| ban("obj.http.x-url ~ " + req.http.x-url-invalidate-pattern); |
There was a problem hiding this comment.
The ban statements reference obj.http.x-url but there's no evidence that this header is set during cache storage. The original code used req.url for URIBAN matching. If x-url is not properly set on cached objects, these ban statements will not match any cached entries.
There was a problem hiding this comment.
obj.http.x-url is stored in the cached objects here
| return (hash); | ||
| } | ||
| elseif (req.http.Cookie ~ "(SESS[a-z0-9]+|SSESS[a-z0-9]+)") { | ||
| if (req.http.Cookie ~ "S?SESS[a-z0-9]+=") { |
There was a problem hiding this comment.
The regex pattern S?SESS[a-z0-9]+= is incorrect. The S? makes the 'S' optional, which would match both 'SESS' and 'ESS' patterns. Based on the original code that checked for (SESS[a-z0-9]+|SSESS[a-z0-9]+), this should be (S?SESS[a-z0-9]+=) or (?:S?SESS[a-z0-9]+=) to properly match both SESS and SSESS cookies.
| if (req.http.Cookie ~ "S?SESS[a-z0-9]+=") { | |
| if (req.http.Cookie ~ "(S?SESS[a-z0-9]+=)") { |
There was a problem hiding this comment.
That's not true, the pattern is correct. This can be verified using regexr.com:
Changes
Notes
x-url-invalidate-pattern: ^/sites/default/files/foo/bar\.pdfwill purge the cache from entries matching the pattern