Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
H
homepage
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
homepage
Commits
f51fad75
Commit
f51fad75
authored
Jan 11, 2022
by
Martin Blix Grydeland
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Update workaround with suggestions from @nigoroll
parent
f816c487
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
9 additions
and
13 deletions
+9
-13
VSV00008.rst
R1/source/security/VSV00008.rst
+9
-13
No files found.
R1/source/security/VSV00008.rst
View file @
f51fad75
...
...
@@ -44,24 +44,20 @@ Mitigation
If upgrading Varnish is not possible, it is possible to mitigate the
problem by ensuring that the Varnish Server does not allow connection
reuse on HTTP/1 client connections. Be advised that this comes with a
performance penalty, and should for this reason only be considered as a
temporary workaround in environments where this performance penalty is
acceptable. To deploy the workaround, put the following VCL configuration
towards the top of the VCL configuration::
sub vcl_synth {
if (req.proto != "HTTP/2.0") {
set resp.http.Connection = "close";
}
}
reuse on HTTP/1 client connections once a request body has been seen on
the connection. To deploy the workaround, put the following VCL
configuration towards the top of the VCL configuration::
sub vcl_deliver {
if (req.proto != "HTTP/2.0") {
sub vsv8 {
if ((req.http.Content-Length || req.http.Transfer-Encoding) &&
req.proto != "HTTP/2.0") {
set resp.http.Connection = "close";
}
}
sub vcl_synth { call vsv8; }
sub vcl_deliver { call vsv8; }
Credits
-------
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment