Guillaume Quintard

Recent Posts

Hit-for-Miss AND why a NULL TTL is bad for you

Varnish is a caching server, and a great one at that, that much we already know. But what about the content you don't want to cache? For example, those shopping cart requests and other completely uncacheable API calls?

We can of course handle it, but we've got to be wary of the sirens of the cargo cult because you will often see something like this on the internet:

sub vcl_backend_response {
# check if the backend response header named
# "cache-control" contains the word "private"
if (beresp.http.cache-control ~ "private") {
# if so, don't cache by limiting the Time-To-Live
# period to 0 second
set beresp.ttl = 0s;
}
}

This is both pretty intuitive, and also very wrong. In this post, we'll explore why it's a bad idea, how to do better, and along the way, we'll try to shine some light on a couple of lesser known features of Varnish.

Read More

10/15/20 4:12 PM
by Guillaume Quintard

Request coalescing and other reasons to use Varnish as origin shield

The single most frequent question I get from people discovering Varnish is "Do you support request collapsing?". And I must admit, it always catches me off guard, because of course, it has been doing so for years, and it's a caching server, so that's a must-have, right? (Yes, yes it is.)

For this reason, in this post, we are going to review some of the little features we take for granted but that also make Varnish a great origin shield.

 

Read More

7/29/20 11:14 AM
by Guillaume Quintard

The best way to completely purge a Varnish cache


It's cargo-cult fighting time! Today, we are going to look at a ban expression that you probably have used, and maybe even have recommended (gasp!) to your fellow Varnish users:

req.url ~ /

We'll discuss why we use it, why it's good but mostly bad, and how to fix it. Hopefully, along the way, we'll shed some light on some Varnish internals that you can use in other situations.

Read More

6/18/20 4:08 PM
by Guillaume Quintard

Web Application Firewall in the Varnish mainline

As you probably know, Varnish has always been a very secure piece of software but so far, that safety only applied to itself and therefore, a malicious request could still go through it and hurt your backend. But as a reverse-proxy (load-balancer, origin shield, etc.), Varnish is going to see everything the backend receives and sends, so there's a great opportunity here to sanitize the traffic before it reaches it.

Read More

7/24/19 3:00 PM
by Guillaume Quintard

Varnish Software Blog

The Varnish blog is where our team writes about all things related to Varnish Cache and Varnish Software...or simply vents.

 

 
 

Posts by Topic

see all
 

SUBSCRIBE TO OUR BLOG