Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security issue with default Varnish configuration #3

Closed
madalinoprea opened this issue Sep 21, 2011 · 1 comment
Closed

Security issue with default Varnish configuration #3

madalinoprea opened this issue Sep 21, 2011 · 1 comment

Comments

@madalinoprea
Copy link

Hi Fabrizio,

Default Varnish configuration allows any client to purge the entire Varnish cache. This might not be desirable, maybe would be better to bypass cache only for this request.

{{{
curl -v -H "Cache-Control:no-cache" http://varnish.demo.aoemedia.de/*
}}}

After you run this, check X-Cache header for these pages http://varnish.demo.aoemedia.de/electronics.html and http://varnish.demo.aoemedia.de/

Cheers,
Mario
@fbrnc
Copy link
Owner

fbrnc commented Oct 5, 2011

Hi Mario,

thank you for you feedback and sorry for the late response.

You're perfectly right! The bundled vcl file was more a template for copying that I provided. Of course on a production environment you would not want everyone to purge your cache. If added a acl that of course needs to be adapted to the specific IP addresses.

Bye, and have a nice day...

Fabrizio

@fbrnc fbrnc closed this as completed Oct 5, 2011
tmotyl pushed a commit to macopedia/Aoe_Static that referenced this issue May 8, 2015
Merge pull request fbrnc#3 from AOEmedia/MAGE-471
74bed35 
MAGE-471: added slightly modified changes again
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fbrnc @madalinoprea