you need to understand what is going on why the backend is replying with 403, then we can fix the vcl.
-- Guillaume Quintard On Thu, Dec 19, 2019 at 1:18 PM Varun Nath <[email protected]> wrote: > Thank You. Could you please confirm whether the VCL config I have shared > if fine? > > On Thu, Dec 19, 2019 at 5:46 PM Guillaume Quintard < > [email protected]> wrote: > >> check the backend transaction, and understand why your origin is sending >> back a 403. This is due to your backend configuration and I can't help you >> with that. >> >> -- >> Guillaume Quintard >> >> >> On Thu, Dec 19, 2019 at 1:03 PM Varun Nath <[email protected]> wrote: >> >>> This is the VCL file am using: >>> >>> Note: Host is not a valid one >>> >>> vcl 4.0; >>> import std; >>> import directors; >>> >>> # Default backend definition. Set this to point to your content server. >>> backend default { >>> .host = "remote.host.com"; >>> .port = "80"; >>> } >>> >>> sub vcl_init { >>> new vdir = directors.round_robin(); >>> vdir.add_backend(default); >>> } >>> >>> sub vcl_recv { >>> unset req.http.proxy; >>> unset req.http.cookie; >>> set req.http.x-host = "http://remote.host.com";; >>> set req.http.x-clientip = client.ip; >>> set req.http.x-serverip = server.ip; >>> set req.http.x-localip = local.ip; >>> set req.http.x-remoteip = remote.ip; >>> unset req.http.X-Forwarded-For; >>> set req.http.x-forwarded-for = client.ip; >>> return(pass); >>> } >>> >>> sub vcl_backend_response { >>> # Happens after we have read the response headers from the backend. >>> # >>> # Here you clean the response headers, removing silly Set-Cookie >>> headers >>> # and other mistakes your backend does. >>> } >>> >>> sub vcl_deliver { >>> # Happens when we have all the pieces we need, and are about to send >>> the >>> # response to the client. >>> } >>> >>> Please let me know if I need to add something more to make the remote >>> host caching from localhost varnish >>> >>> On Thu, Dec 19, 2019 at 5:05 PM Varun Nath <[email protected]> >>> wrote: >>> >>>> Hello, >>>> I got some response via CURL. But getting 403 Forbidden message. Log is >>>> as below: >>>> * BerespStatus 403* >>>> * BerespReason Forbidden* >>>> Also tried setting >>>> >>>> *remove req.http.X-Forwarded-For;set req.http.x-forwarded-for = >>>> client.ip;* >>>> But didnt work. >>>> Could you please share your thoughts? >>>> >>>> On Thu, Dec 19, 2019 at 3:00 PM Varun Nath <[email protected]> >>>> wrote: >>>> >>>>> Thank You so much for your support. Will try this and let you know >>>>> >>>>> On Thu, Dec 19, 2019 at 2:49 PM Guillaume Quintard < >>>>> [email protected]> wrote: >>>>> >>>>>> The backend portion of the vcl only handles the TCP part of the >>>>>> equation. If your backend expect a specific host, you need to either have >>>>>> the client give it, or have varnish override it. >>>>>> >>>>>> Try curl -I localhost/your/file -H "host: whatever.your.host.is.com" >>>>>> >>>>>> On Thu, Dec 19, 2019, 09:02 Varun Nath <[email protected]> wrote: >>>>>> >>>>>>> Yes, I tried with http://locahost, but that is expected, right? >>>>>>> since the backend server is configured in VCL file. Sorry if I am wrong >>>>>>> >>>>>>> On Thu, Dec 19, 2019 at 2:29 PM Guillaume Quintard < >>>>>>> [email protected]> wrote: >>>>>>> >>>>>>>> Note: please keep the mailing list CC'd >>>>>>>> >>>>>>>> Check the host header you are sending to the backend. Usually, a >>>>>>>> 404 arises because the URL and/or the host wrong. >>>>>>>> >>>>>>>> I'm thinking you possibly tested varnish requesting something like >>>>>>>> http://localhost/your/test/file, but your backend isn't configured >>>>>>>> to reply to the "localhost" host >>>>>>>> >>>>>>>> On Thu, Dec 19, 2019, 08:55 Varun Nath <[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>>> Thanks again for the quick response. >>>>>>>>> I have checked the log and getting the expected IP address in >>>>>>>>> *BackendStart >>>>>>>>> *parameter. Sorry I didnt get what you mean by you need to >>>>>>>>> change *the host header before sending the request to the >>>>>>>>> backend. *Could you please elaborate a little bit? >>>>>>>>> >>>>>>>>> On Thu, Dec 19, 2019 at 2:20 PM Guillaume Quintard < >>>>>>>>> [email protected]> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> Use varnishlog -b (with possibly -d) to see the backend >>>>>>>>>> transactions and see what IP is being used (is it the right one). It >>>>>>>>>> could >>>>>>>>>> also be that you need to change the host header before sending the >>>>>>>>>> request >>>>>>>>>> to the backend. >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Dec 19, 2019, 08:39 Varun Nath <[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>>> Hello, >>>>>>>>>>> I need to connect to a remote host from local VCL config file. I >>>>>>>>>>> have added the backend config as below >>>>>>>>>>> >>>>>>>>>>> backend default { >>>>>>>>>>> .host = "remote.host.com"; >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> But am getting Page not available message. Do I miss something? >>>>>>>>>>> Thanks in advance >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> VARUN NATH A V >>>>>>>>>>> _______________________________________________ >>>>>>>>>>> varnish-misc mailing list >>>>>>>>>>> [email protected] >>>>>>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> VARUN NATH A V >>>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> VARUN NATH A V >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> VARUN NATH A V >>>>> >>>> >>>> >>>> -- >>>> VARUN NATH A V >>>> >>> >>> >>> -- >>> VARUN NATH A V >>> >> > > -- > VARUN NATH A V >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
