Hello all - I'm running with an (almost) vanilla default.vcl. My backends are returning cachable responses, with a single Vary: header - let's call it X-Auth.
When a client requests an object which we already have cached, but with a different value in its X-Auth header, I quite rightly see a cache miss and a backend response. If this response is a 401 with no cache-control header (as it entirely valid in my setup), then this appears to force the previously cached response to be inaccessible - even to requests with its original X-Auth header set correctly. What I believe is happening is that the resulting hit-for-pass object that gets generated and cached seems to ignore the Vary header's presence. All subsequent requests for that Host & URI combination get hit-for-pass'ed, regardless of the previously valid object sitting in the cache for the Host & URI & Vary-header-pointer combination. More procedurally, I seem to be seeing this: ------------------------------------------- Client A: GET /resource Host: api X-Auth: Key1 Backend: 200 Here is some content #123 Vary: X-Auth Varnish: I'll cache "#123" with key(path:/resource & host:api & X-Auth:Key1) Client B Get /resource Host: api X-Auth: BadKey Backend 401 Wrong key, sorry Vary: X-Auth Varnish: 401 and non-cachable content observed I'll create a hit-for-pass for key path:/resource & host:api Client A: GET /resource Host: api X-Auth: Key1 Varnish: I have a hit-for-pass for path:/resource & host:api I won't check the cache for any matching content, but go straight to the backend ------------------------------------------- I'm wondering if there's a trick I'm missing to fix this behaviour? I've generally found the stock default.vcl to do very sane things, so I'm a little confused as to why this is the default behaviour. I (believe) I can fix this by hard-coding the X-Auth header as a component of the cache lookup key in vcl_hash(), but that would seem to negate the entire point of using the Vary header! [ I'm running 3.0.5 as it's the version shipped with the current Ubuntu LTS, and am not looking to upgrade as part of fixing this. Unless it turns out that my fix, above, doesn't work and there's no other way to do so :-) ] Many thanks for any help, Jonathan _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
