[MediaWiki-commits] [Gerrit] V4 XFF Fixup 1/3 - change (operations/puppet)

Tue, 17 May 2016 11:52:12 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/289256

Change subject: V4 XFF Fixup 1/3
......................................................................

V4 XFF Fixup 1/3

This separates XFF-setting from common_recv_early, and omits it on
Varnish4 (which does XFF-setting before vcl_recv inside varnish
code itself).

Change-Id: Ib00294c93367532672dd7a333f2738015400ab63
---
M modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
M modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
M modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
3 files changed, 13 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/56/289256/1

diff --git a/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb 
b/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
index 5515694..c3da042 100644
--- a/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-backend.vcl.erb
@@ -18,6 +18,9 @@
                <%= error_synth(403, "Access denied") -%>
        }
 
+<% if not @varnish_version4 -%>
+       call wm_common_recv_set_xff;
+<% end -%>
        call wm_common_recv_early;
 
 <% if @cache_route == 'direct' -%>
diff --git a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb 
b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
index 48604aa..0ddf287 100644
--- a/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-common.inc.vcl.erb
@@ -241,9 +241,8 @@
        }
 }
 
-sub wm_common_recv_early {
-       unset req.http.X-CDIS; // clear internal cache-disposition header
-
+<% if not @varnish_version4 -%>
+sub wm_common_recv_set_xff {
        // XFF-appending is non-idempotent for restart purposes..
        if (req.restarts == 0) {
                // All layers need to update XFF with client.ip hop-by-hop so 
that it
@@ -254,6 +253,11 @@
                        set req.http.X-Forwarded-For = client.ip;
                }
        }
+}
+<% end -%>
+
+sub wm_common_recv_early {
+       unset req.http.X-CDIS; // clear internal cache-disposition header
 
        // To pass this check, the method must be in allowed_methods (even 
OPTIONS must be there to be supported),
        // Additionally, if OPTIONS is allowed, it must be accompanied by 
Origin:
diff --git a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb 
b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
index 5693874..4910265 100644
--- a/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
+++ b/modules/varnish/templates/vcl/wikimedia-frontend.vcl.erb
@@ -241,6 +241,9 @@
                call recv_fe_ip_processing;
        }
 
+<% if not @varnish_version4 -%>
+       call wm_common_recv_set_xff;
+<% end -%>
        call wm_common_recv_early;
 
 <% if @varnish_version4 -%>

-- 
To view, visit https://gerrit.wikimedia.org/r/289256
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib00294c93367532672dd7a333f2738015400ab63
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to