Skye Poier Nott <[EMAIL PROTECTED]> writes: > I'm getting a lot of lines line this from varnishncsa: > > 10.151.1.1 - - [25/Nov/2008:19:11:14 +0000] "GET http:// > vectordevhttp://vectordev/devsite/diagrams/tn-rev1.png HTTP/1.1" 200 > 60834 "-" "curl/7.16.3 (amd64-portbld-freebsd6.3) libcurl/7.16.3 > OpenSSL/0.9.7e zlib/1.2.3" > > Notice the duplicated http://vectordevhttp://vectordev part after GET.
Varnish (and varnishncsa) expect the request URI to be an absolute path, not an absolute URI as in this case. I don't know of any other user agent that behaves like this, and RFC2616 indicates that HTTP/1.1 user agents should not use an absolute URI as the request URI unless talking to a proxy. However, it also indicates that this might change in future protocol versions, and that servers should support absolute URIs in the interest of forward compatibility. The simplest solution is to strip off everything but the path and query string. A more advanced solution would be to validate it against the Host header, and reject the request if they don't match; however, validation could get tricky if the host part includes a user and / or password, or a port number. (Note that I've argued for URI parsing and validation from the start...) DES -- Dag-Erling Smørgrav - [EMAIL PROTECTED] _______________________________________________ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc