[MediaWiki-commits] [Gerrit] operations/puppet[production]: varnish: add explicit guards around upload-specific VCL

Thu, 01 Jun 2017 06:08:28 -0700 

Ema has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/356583 )

Change subject: varnish: add explicit guards around upload-specific VCL
......................................................................

varnish: add explicit guards around upload-specific VCL

The conditional around CORS and commons redirect code in
cluster_fe_err_synth is not strictly necessary as we are only returning
synth 666/667 in cluster_fe_recv for upload. However, it seems like a
good idea, if anything to avoid confusion.

In upload-backend instead, the X-MediaWiki-Original code is definitely
upload-only. Note that we need to use bereq.http.Host there instead of
req.http.Host given that req is not available in vcl_backend_response.

Bug: T164608
Change-Id: I66db324fe507e98096b89e0731404fb5ca389436
---
M modules/varnish/templates/upload-backend.inc.vcl.erb
M modules/varnish/templates/upload-frontend.inc.vcl.erb
2 files changed, 26 insertions(+), 24 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/83/356583/1

diff --git a/modules/varnish/templates/upload-backend.inc.vcl.erb 
b/modules/varnish/templates/upload-backend.inc.vcl.erb
index fa0b8a8..d40235a 100644
--- a/modules/varnish/templates/upload-backend.inc.vcl.erb
+++ b/modules/varnish/templates/upload-backend.inc.vcl.erb
@@ -71,9 +71,11 @@
                set beresp.http.X-Content-Range = beresp.http.Content-Range;
        }
 
-       // Derive the corresponding original URL and store it with the object
-       if (!beresp.http.X-MediaWiki-Original && bereq.url ~ 
"^/+[^/]+/[^/]+/thumb/[^/]+/[^/]+/[^/]+/[0-9]+px-") {
-               set beresp.http.X-MediaWiki-Original = regsub(bereq.url, 
"^(/+[^/]+/[^/]+/)thumb/([^/]+/[^/]+/[^/]+).*$", "\1\2");
+       if (bereq.http.host == "<%= @vcl_config.fetch('upload_domain') %>") {
+               // Derive the corresponding original URL and store it with the 
object
+               if (!beresp.http.X-MediaWiki-Original && bereq.url ~ 
"^/+[^/]+/[^/]+/thumb/[^/]+/[^/]+/[^/]+/[0-9]+px-") {
+                       set beresp.http.X-MediaWiki-Original = 
regsub(bereq.url, "^(/+[^/]+/[^/]+/)thumb/([^/]+/[^/]+/[^/]+).*$", "\1\2");
+               }
        }
 
        call upload_common_backend_response;
diff --git a/modules/varnish/templates/upload-frontend.inc.vcl.erb 
b/modules/varnish/templates/upload-frontend.inc.vcl.erb
index d3b2e14..819e008 100644
--- a/modules/varnish/templates/upload-frontend.inc.vcl.erb
+++ b/modules/varnish/templates/upload-frontend.inc.vcl.erb
@@ -9,9 +9,7 @@
                if (req.method == "OPTIONS" && req.http.Origin) {
                        return (synth(667, "OK"));
                }
-       }
 
-       if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") {
                // Homepage redirect to commons
                if (req.url == "/") {
                        return (synth(666, "Moved Permanently"));
@@ -147,27 +145,29 @@
 }
 
 sub cluster_fe_err_synth {
-       // Handle CORS preflight requests
-       if (resp.status == 667) {
-               set resp.status = 200;
-               set resp.http.Connection = "keep-alive";
-               set resp.http.Content-Length = "0";
+       if (req.http.host == "<%= @vcl_config.fetch('upload_domain') %>") {
+               // Handle CORS preflight requests
+               if (resp.status == 667) {
+                       set resp.status = 200;
+                       set resp.http.Connection = "keep-alive";
+                       set resp.http.Content-Length = "0";
 
-               // allow Range requests, used by ogv.js
-               set resp.http.Access-Control-Allow-Origin = "*";
-               set resp.http.Access-Control-Allow-Headers = "Range";
-               set resp.http.Access-Control-Allow-Methods = "GET, HEAD, 
OPTIONS";
-               set resp.http.Access-Control-Max-Age = "86400";
+                       // allow Range requests, used by ogv.js
+                       set resp.http.Access-Control-Allow-Origin = "*";
+                       set resp.http.Access-Control-Allow-Headers = "Range";
+                       set resp.http.Access-Control-Allow-Methods = "GET, 
HEAD, OPTIONS";
+                       set resp.http.Access-Control-Max-Age = "86400";
 
-               return (deliver);
-       }
+                       return (deliver);
+               }
 
-       // Homepage redirect to commons
-       if (resp.status == 666) {
-               set resp.status = 301;
-               set resp.http.Location = "https://commons.wikimedia.org/";;
-               set resp.http.Connection = "keep-alive";
-               set resp.http.Content-Length = "0";
-               return (deliver);
+               // Homepage redirect to commons
+               if (resp.status == 666) {
+                       set resp.status = 301;
+                       set resp.http.Location = 
"https://commons.wikimedia.org/";;
+                       set resp.http.Connection = "keep-alive";
+                       set resp.http.Content-Length = "0";
+                       return (deliver);
+               }
        }
 }

-- 
To view, visit https://gerrit.wikimedia.org/r/356583
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I66db324fe507e98096b89e0731404fb5ca389436
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ema <e...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to