BBlack has uploaded a new change for review.
https://gerrit.wikimedia.org/r/259974
Change subject: Text VCL: explicit pass for Debug/SecAudit headers
......................................................................
Text VCL: explicit pass for Debug/SecAudit headers
There is no need for the vcl_hash() + hit-for-pass complexity here
when a simple explicit pass will do.
Change-Id: I55da7d17916f090847ee5de0cafd6339d3dfc154
---
M modules/varnish/templates/vcl/wikimedia.vcl.erb
M templates/varnish/text-backend.inc.vcl.erb
M templates/varnish/text-common.inc.vcl.erb
M templates/varnish/text-frontend.inc.vcl.erb
4 files changed, 8 insertions(+), 13 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/74/259974/1
diff --git a/modules/varnish/templates/vcl/wikimedia.vcl.erb
b/modules/varnish/templates/vcl/wikimedia.vcl.erb
index 1855293..6f58f67 100644
--- a/modules/varnish/templates/vcl/wikimedia.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia.vcl.erb
@@ -745,16 +745,5 @@
/* Function vcl_error in <%= @vcl %>.inc.vcl will be appended here */
}
-sub vcl_hash {
- if (req.http.X-Wikimedia-Debug) {
- hash_data(req.http.X-Wikimedia-Debug);
- }
- if (req.http.X-Wikimedia-Security-Audit) {
- hash_data(req.http.X-Wikimedia-Security-Audit);
- }
- /* Function vcl_hash in <%= @vcl %>.inc.vcl will be appended here */
-}
-
-
/* Include the VCL file for this role */
include "<%= @vcl %>.inc.vcl";
diff --git a/templates/varnish/text-backend.inc.vcl.erb
b/templates/varnish/text-backend.inc.vcl.erb
index b37217e..c0d4ac7 100644
--- a/templates/varnish/text-backend.inc.vcl.erb
+++ b/templates/varnish/text-backend.inc.vcl.erb
@@ -34,6 +34,10 @@
return (pass);
}
+ if (req.http.X-Wikimedia-Debug == "1" ||
req.http.X-Wikimedia-Security-Audit == "1") {
+ return (pass);
+ }
+
call evaluate_cookie;
call pass_authorization;
return (lookup);
diff --git a/templates/varnish/text-common.inc.vcl.erb
b/templates/varnish/text-common.inc.vcl.erb
index 792b5c8..66945da 100644
--- a/templates/varnish/text-common.inc.vcl.erb
+++ b/templates/varnish/text-common.inc.vcl.erb
@@ -113,8 +113,6 @@
&& beresp.status < 500
&& (!beresp.http.X-Cache || beresp.http.X-Cache !~ "
hit\(")
)
- || req.http.X-Wikimedia-Debug == "1"
- || req.http.X-Wikimedia-Security-Audit == "1"
) {
set req.http.X-CDIS = req.http.X-CDIS + "+chfp"; //
+created-hit-for-pass
set beresp.ttl = 601s;
diff --git a/templates/varnish/text-frontend.inc.vcl.erb
b/templates/varnish/text-frontend.inc.vcl.erb
index acbf29c..8b263a2 100644
--- a/templates/varnish/text-frontend.inc.vcl.erb
+++ b/templates/varnish/text-frontend.inc.vcl.erb
@@ -131,6 +131,10 @@
return (pass);
}
+ if (req.http.X-Wikimedia-Debug == "1" ||
req.http.X-Wikimedia-Security-Audit == "1") {
+ return (pass);
+ }
+
call evaluate_cookie;
call pass_authorization;
return (lookup);
--
To view, visit https://gerrit.wikimedia.org/r/259974
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I55da7d17916f090847ee5de0cafd6339d3dfc154
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
