Guillaume Quintard

Recent Posts

The best way to completely purge a Varnish cache

It's cargo-cult fighting time! Today, we are going to look at a ban expression that you probably have used, and maybe even have recommended (gasp!) to your fellow Varnish users:

req.url ~ /

We'll discuss why we use it, why it's good but mostly bad, and how to fix it. Hopefully, along the way, we'll shed some light on some Varnish internals that you can use in other situations.

Read More

6/18/20 4:08 PM
by Guillaume Quintard

Web Application Firewall in the Varnish mainline

As you probably know, Varnish has always been a very secure piece of software but so far, that safety only applied to itself and therefore, a malicious request could still go through it and hurt your backend. But as a reverse-proxy (load-balancer, origin shield, etc.), Varnish is going to see everything the backend receives and sends, so there's a great opportunity here to sanitize the traffic before it reaches it.

Read More

7/24/19 3:00 PM
by Guillaume Quintard

novcl: an alternative to VCL

If you've read a few of my blog posts, you probably already know I love the VCL (Varnish Configuration Language) idea, big time. Being able to change the processing logic via code opens a world of possibilities and makes pretty much all other tools feel constrained in their configurations. But...

But, well, VCL is code, and code is scary to a lot of users, and I can understand when you begin with Varnish and only have very limited configuration needs, VCL can feel complicated and some would prefer a simple, declarative language. The good news is that it's totally possible, let's see how we can help!

Read More

2/6/19 1:30 PM
by Guillaume Quintard

Howto: Respond to probes

Two years ago, I wrote an article about how probes work in Varnish (it's a great article - fun, informative... go read it), it covers a lot of ground, but still, it misses one important spot. More precisely, it only focused on how Varnish uses probes to know whether a backend is worth contacting, so today, we are going to look at the other side of the story: how do we tell the rest of the system that Varnish is up and ready to work?

Also, we'll see how to handle maintenance: if you need to get your Varnish node offline, it's annoying to log into all the load balancers to re-configure them; it's easier to just tell Varnish to fail incoming probes until said load balancers take the node out of their pool, and then you can wait for the active connections to end (does it ring a bell?) and then stop Varnish.

Hop on! We'll have a look at different ways of doing it - good and (mostly) bad, to try and understand how to do it and be warned of the various pitfalls to avoid.

Read More

10/23/18 1:30 PM
by Guillaume Quintard

 -  All posts  - 

Varnish Software Blog

The Varnish blog is where our team writes about all things related to Varnish Cache and Varnish Software...or simply vents.



Posts by Topic

see all