Ema has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/358057 )
Change subject: [WIP] VCL: switch to resp.reason testing
......................................................................
[WIP] VCL: switch to resp.reason testing
Change-Id: I4d38748d3a00fa4870d6ea7a2352c91fb9528ea5
---
M modules/varnish/templates/misc-frontend.inc.vcl.erb
M modules/varnish/templates/text-frontend.inc.vcl.erb
M modules/varnish/templates/upload-frontend.inc.vcl.erb
M modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
4 files changed, 17 insertions(+), 30 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/57/358057/1
diff --git a/modules/varnish/templates/misc-frontend.inc.vcl.erb
b/modules/varnish/templates/misc-frontend.inc.vcl.erb
index 7b98338..7b32a74 100644
--- a/modules/varnish/templates/misc-frontend.inc.vcl.erb
+++ b/modules/varnish/templates/misc-frontend.inc.vcl.erb
@@ -15,7 +15,7 @@
// re-use the TLS-redirector code and send them to the wikimedia site.
if (req.http.Host == "wmfusercontent.org") {
set req.http.Location = "https://www.wikimedia.org";;
- return (synth(751, "TLS Redirect"));
+ return (synth(301, "TLS Redirect"));
}
call misc_recv_pass;
diff --git a/modules/varnish/templates/text-frontend.inc.vcl.erb
b/modules/varnish/templates/text-frontend.inc.vcl.erb
index 6629921..b17414c 100644
--- a/modules/varnish/templates/text-frontend.inc.vcl.erb
+++ b/modules/varnish/templates/text-frontend.inc.vcl.erb
@@ -42,7 +42,7 @@
} else {
set req.http.Location = "http://"; +
req.http.MobileHost + req.url;
}
- return (synth(666, "Found"));
+ return (synth(302, "Mobile Redirect"));
}
unset req.http.MobileHost;
}
@@ -147,7 +147,7 @@
sub cluster_fe_recv {
// Experiment on dealing with a buggy UA that's spamming requests in
T141786
if (req.http.User-Agent ~ "Windows NT .*Chrome/41\.0\.2272\.76" &&
req.url == "/" && req.http.X-Connection-Properties ~ "SSL=TLSv1.1;
C=ECDHE-ECDSA-AES128-SHA;") {
- return (synth(741, "Buggy request, please report at
https://phabricator.wikimedia.org/T141786";));
+ return (synth(401, "Buggy request, please report at
https://phabricator.wikimedia.org/T141786";));
}
call mobile_redirect;
@@ -189,7 +189,7 @@
|| (req.http.X-Connection-Properties ~ "C=DES-CBC3-SHA;"
&& req.url ~ "^/wiki/" && req.url !~ ":" && req.method == "GET"
&& std.random(0,100) < 1.0)) {
- return (synth(787, "Browser Connection Security Warning"));
+ return (synth(418, "Browser Connection Security Warning"));
}
call text_common_recv;
@@ -204,7 +204,7 @@
sub cluster_fe_ratelimit {
if (req.http.User-Agent ~ "^wikiScrape/[0-9]+\.[0-9]+\.[0-9]+$") {
if (vsthrottle.is_denied(req.http.X-Client-IP, 25, 5s)) {
- return (synth(742, "Too Many Requests"));
+ return (synth(429, "Too Many Requests"));
}
}
}
@@ -298,24 +298,16 @@
sub cluster_fe_err_synth {
// Support mobile redirects
- if (resp.status == 666) {
+ if (resp.reason == "Mobile Redirect") {
+ set resp.reason = "Found";
set resp.http.Location = req.http.Location;
- set resp.status = 302;
set resp.http.Connection = "keep-alive";
set resp.http.Content-Length = "0"; // BZ #62245
- return (deliver);
}
// Chrome/41-on-Windows: T141786
- if (resp.status == 741) {
- set resp.status = 401;
+ if (resp.reason == "Buggy request, please report at
https://phabricator.wikimedia.org/T141786";) {
set resp.http.WWW-Authenticate = {"Basic realm="Buggy request,
please report at https://phabricator.wikimedia.org/T141786""};
- return (deliver);
- }
-
- // Clients performing too many requests
- if (resp.status == 742) {
- set resp.status = 429;
return (deliver);
}
@@ -325,8 +317,7 @@
// confusing to extract from stats because they have other legitimate
// causes. We could also invent a new unique from unused 4xx space,
// but I don't think it would be any better than 418 in practice.
- if (resp.status == 787) {
- set resp.status = 418;
+ if (resp.reason == "Browser Connection Security Warning") {
set resp.http.Connection = "keep-alive";
set resp.http.Cache-Control = "max-age=0, must-revalidate,
no-cache, no-store";
set resp.http.Content-Type = "text/html; charset=utf-8";
diff --git a/modules/varnish/templates/upload-frontend.inc.vcl.erb
b/modules/varnish/templates/upload-frontend.inc.vcl.erb
index 80e3407..f973e3c 100644
--- a/modules/varnish/templates/upload-frontend.inc.vcl.erb
+++ b/modules/varnish/templates/upload-frontend.inc.vcl.erb
@@ -7,12 +7,12 @@
if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") {
// CORS preflight requests
if (req.method == "OPTIONS" && req.http.Origin) {
- return (synth(667, "OK"));
+ return (synth(200, "CORS Preflight"));
}
// Homepage redirect to commons
if (req.url == "/") {
- return (synth(666, "Moved Permanently"));
+ return (synth(301, "Commons Redirect"));
}
}
@@ -147,8 +147,8 @@
sub cluster_fe_err_synth {
if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") {
// Handle CORS preflight requests
- if (resp.status == 667) {
- set resp.status = 200;
+ if (resp.reason == "CORS Preflight") {
+ set resp.reason = "OK";
set resp.http.Connection = "keep-alive";
set resp.http.Content-Length = "0";
@@ -157,17 +157,14 @@
set resp.http.Access-Control-Allow-Headers = "Range";
set resp.http.Access-Control-Allow-Methods = "GET,
HEAD, OPTIONS";
set resp.http.Access-Control-Max-Age = "86400";
-
- return (deliver);
}
// Homepage redirect to commons
- if (resp.status == 666) {
- set resp.status = 301;
+ if (resp.reason == "Commons Redirect") {
+ set resp.reason = "Moved Permanently";
set resp.http.Location =
"https://commons.wikimedia.org/";;
set resp.http.Connection = "keep-alive";
set resp.http.Content-Length = "0";
- return (deliver);
}
}
}
diff --git a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
index c8f5a4f..a386448 100644
--- a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
@@ -26,7 +26,7 @@
}
else {
set req.http.Location = "https://"; +
req.http.Host + req.url;
- return (synth(751, "TLS Redirect"));
+ return (synth(301, "TLS Redirect"));
}
}
}
@@ -38,9 +38,8 @@
// *** HTTPS error code - implements 301 response for recv code
sub https_error_redirect {
- if (resp.status == 751) {
+ if (resp.reason == "TLS Redirect") {
set resp.http.Location = req.http.Location;
- set resp.status = 301;
set resp.http.Content-Length = "0"; // T64245
return(deliver);
}
--
To view, visit https://gerrit.wikimedia.org/r/358057
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I4d38748d3a00fa4870d6ea7a2352c91fb9528ea5
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
