https://bugzilla.wikimedia.org/show_bug.cgi?id=31053
Asher Feldman <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |[email protected] Resolution| |FIXED --- Comment #7 from Asher Feldman <[email protected]> 2011-10-26 01:01:15 UTC --- The base of the 403 behavior is the same via varnish to en.m.wikipedia.org as it with the squids via en.wikipedia.org. If something is in cache, it doesn't need a useragent. If something isn't in cache and goes back to the apaches, you get a 403. Mobile, or non-mobile, squid or varnish. The problem behavior though was due to a combination of varnish caching the 403 response and the way we vary on device type using our internal x-device header. No user-agent results in x-device mapping to the default which is 'html'. We vary on that, and any browser that also maps to the default device type is liable to get a cached 403 for that url. We could set x-device to "empty" if there isn't a UA, which would result in cached 403's for non-UA requests, but ensure that reqs with a UA don't cache hit on that. Squid just doesn't cached that error, so I've made varnish replicate that, resolving the issue. Verification: meh:~ asher$ telnet en.m.wikipedia.org 80 Trying 208.80.154.236... Connected to m.wikimedia.org. Escape character is '^]'. GET /wiki/CatsfdsfDfa HTTP/1.1 Host: en.m.wikipedia.org HTTP/1.1 403 Forbidden Server: Apache X-Powered-By: PHP/5.3.2-2wm1 X-Content-Type-Options: nosniff Vary: Accept-Encoding X-Vary-Options: Accept-Encoding;list-contains=gzip Content-Type: text/html Accept-Ranges: bytes X-Varnish: 358175687 Age: 0 Via: 1.1 varnish X-Cache: miss (0) Cache-Control: private, s-maxage=0, max-age=0, must-revalidate X-Device: html Content-Length: 120 Accept-Ranges: bytes Date: Wed, 26 Oct 2011 00:55:48 GMT X-Varnish: 1320645677 Age: 0 Via: 1.1 varnish Connection: keep-alive X-Cache-frontend: miss (0) Scripts should use an informative User-Agent string with contact information, or they may be IP-blocked without notice. Same request, with a garbage UA that also maps to X-Device: html meh:~ asher$ telnet en.m.wikipedia.org 80 Trying 208.80.154.236... Connected to m.wikimedia.org. Escape character is '^]'. GET /wiki/CatsfdsfDfa HTTP/1.1 Host: en.m.wikipedia.org User-Agent: bogus HTTP/1.1 404 Not Found Server: Apache X-Powered-By: PHP/5.3.2-2wm1 X-Content-Type-Options: nosniff Content-language: en Vary: Accept-Encoding,Cookie,X-Device X-Vary-Options: Accept-Encoding;list-contains=gzip,Cookie;string-contains=enwikiToken;string-contains=enwikiLoggedOut;string-contains=enwiki_session;string-contains=centralauth_Token;string-contains=centralauth_Session;string-contains=centralauth_LoggedOut,X-Device; Content-Type: text/html; charset=UTF-8 Accept-Ranges: bytes ... -- Configure bugmail: https://bugzilla.wikimedia.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
