Problems with varnish and apache (trying to improve OpenCart) - apache

I'm trying to give my webshop a boost with warnish.
Setup varnish port 80, backend is 127.0.0.1 apache2.
Apache Benchmark gives awefull resulst, like 1-2 request/sec !
On the very first displayed file; header.tpl I have :
<?php
cache_control( "public, s-max-age=6000");
expires( to_gmt( time() + 6000 ) );
?>
Below is the response header:
HTTP/1.1 200 OK
Content-Length: 151613
Expires: Tue, 26 Feb 2013 20:04:07
Cache-Control: public, s-max-age=6000
Pragma: no-cache
Set-Cookie: PHPSESSID=i9h5ldj8k4fking69d03jr5244; path=/, language=en; expires=Thu, 28-Mar-2013 18:24:06 GMT; path=/; domain=www.domain.com, currency=CHF; expires=Thu, 28-Mar-2013 18:24:06 GMT; path=/; domain=www.domain.com
Content-Type: text/html; charset=utf-8
Accept-Ranges: bytes
Date: Tue, 26 Feb 2013 18:24:07 GMT
X-Varnish: 186646239
Age: 0
Via: 1.1 varnish
Connection: close
X-Cache: MISS
Must be missing something obvious but to me varnish just doesn't cache; what am i doing wrong ?

PHP most likely has session.cache-limiter set to nocache (the default).
This would send a Pragma: no-cache (and as far as I understand an Expire header set to the current time) to Varnish and thus disabling caching.

Varnish will ignore the « Pragma : no-cache » by default, unless it is instruction to handle the directive (https://varnish-cache.org/docs/4.0/users-guide/increasing-your-hitrate.html).
Your cache-control seems to be configuring properly and should be cached for 6000 second.
The next things that you need to take into consideration are the cookie. Looking in your header, you have a PHP session Cookie:
Set-Cookie: PHPSESSID=i9h5ldj8k4fking69d03jr5244;
Varnish will not cache the cookie unless you remove it the request in your vcl file. Ex :
sub vcl_recv {
set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID =[^;]+(; )?", "");
}

Related

Jmeter not showing up proper response instead giving details of server and connection details

I am using Jmeter 5.4.1 version, my API is of oauth1.0 type. When I ran my api through postman , it gave my proper json response for example an proper id, but the same api when ran through jmeter gives 200 response code but giving details of server and connection in response body and not the reponse that is expected(a proper id).
Below is the response :
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 12 May 2021 12:33:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=eqvp0l22u2jo30moqn194meugp; expires=Wed, 12-May-2021 13:33:10 GMT; Max-Age=3600; path=/; domain=dev.moorup.no; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
enter image description here
You're looking at Response Headers tab of the View Results Tree listener therefore you're seeing the HTTP Response Headers
Just switch to Response Body tab and you will be able to see "raw" HTML Response and several options of rendering it:
Also be aware that it is possible to convert your Postman scripts to JMeter, for OAuth you will still have to do some correlation, but for the main logic record and replay should work more or less fine

RestSharp Issue With 402 Response

I'm using RestSharp to interface with the Auth0 and Sisense APIs. Everything's working fine except when deleting a user in Auth0. I send the delete request as a DELETE and Auth0 successfully deletes the user.
Here is the response I'm getting from Auth0:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:35:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: nginx
ot-tracer-spanid: 21cd87957d9bac76
ot-tracer-traceid: 25a636cb6e5fd4ca
ot-tracer-sampled: true
x-ratelimit-limit: 50
x-ratelimit-remaining: 49
x-ratelimit-reset: 1582130129
vary: origin,accept-encoding
cache-control: no-cache
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
And here's what I'm getting in the RestSharp response:
System.Runtime.Serialization.SerializationException: Invalid JSON string
at RestSharp.RestClientExtensions.ThrowIfError(IRestResponse response)
at RestSharp.RestClientExtensions.DeleteAsync[T](IRestClient client, IRestRequest request)
I'm making a call to a Sisense web service and RestSharp is handling the 402 just fine. Here's the Sisense response:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:32:14 GMT
Connection: keep-alive
Set-Cookie: sisense-cookieCORS=***************************; Path=/; SameSite=None; Secure
Set-Cookie: sisense-cookie=***************************; Path=/
X-UA-Compatible: IE=Edge
x-xss-protection: 1; mode=block
x-frame-options: ALLOW-FROM https://****************************************************
content-security-policy: frame-ancestors ****************************************************
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: -1
Pragma: no-cache
The main difference between the two is the Content-Type directive present in Auth0. Is that what's causing the problem? Is there a workaround?

HHVM + Apache + Varnish + Drupal 404

This seems like quite an odd thing to be happening, but I'm getting 404 responses but the pages are still displaying as expected.
I do have a slightly odd setup on this server, as we're running HHVM for PHP pages and using Varnish as we need to direct some of the pages to our old server.
We're running Drupal on this server and it seems to work fine except the 404 response seems to be stopping the login form from working.
I was going to add some images to show what's going on, but unfortunately don't have enough reputation....
here's the what we get from a GET -Sed request
pete#pete-work ~ $ GET -Sed http://beta.newint.org/user
GET http://beta.newint.org/user
404 Not Found
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 27 May 2015 15:14:23 GMT
Via: 1.1 varnish
Age: 0
Server: Apache
Vary: Accept-Encoding
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Client-Date: Wed, 27 May 2015 15:14:23 GMT
Client-Peer: 178.79.141.247:80
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
ImageToolbar: false
Link: <http://beta.newint.org/user>; rel="canonical",<http://beta.newint.org/user>; rel="shortlink"
Title: User account | Site-Install
X-Generator: Drupal 7 (http://drupal.org)
X-Meta-Charset: utf-8
X-Meta-Generator: Drupal 7 (http://drupal.org)
X-Meta-Viewport: width=device-width, maximum-scale = 1.0
X-Powered-By: HHVM/3.7.0
X-Varnish: 1786764394
And then bypassing varnish and going straight to apache
pete#pete-work ~ $ GET -Sed http://beta.newint.org:8080/user
GET http://beta.newint.org:8080/user
404 Not Found
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 27 May 2015 15:14:31 GMT
Server: Apache
Vary: Accept-Encoding
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Client-Date: Wed, 27 May 2015 15:14:32 GMT
Client-Peer: 178.79.141.247:8080
Client-Response-Num: 1
Client-Transfer-Encoding: chunked
ImageToolbar: false
Link: <http://beta.newint.org:8080/user>; rel="canonical",<http://beta.newint.org:8080/user>; rel="shortlink"
Title: User account | Site-Install
X-Generator: Drupal 7 (http://drupal.org)
X-Meta-Charset: utf-8
X-Meta-Generator: Drupal 7 (http://drupal.org)
X-Meta-Viewport: width=device-width, maximum-scale = 1.0
X-Powered-By: HHVM/3.7.0
Any ideas?
Turns out this was simply due to mod_rewrite not being enabled.

No-cache HTTP header unable to override cache behaviour

I was looking for a solution where I want to disable default behaviour of a browser and found a very nice solution for this: asp.net mvc disable browser cache.
But this solution does not work for me. These are the headers passed:
Cache-Control no-cache, no-store, must-revalidate
Content-Encoding gzip
Content-Length 5026
Content-Type text/html; charset=utf-8
Date Fri, 25 Oct 2013 06:57:47 GMT
Expires -1
Pragma no-cache
Server Microsoft-IIS/8.0
Vary Accept-Encoding
X-AspNet-Version 4.0.30319
X-AspNetMvc-Version 4.0
x-powered-by ASP.NET
It's very clear for browser not to store the page in cache but still if I click on the previous button I am able to see the previous pages after log out.

Duplicate Access-Control-Allow-Origin: * causing COR error?

Calling a rest api from a customer's web api and it's returning duplicate Access-Control-Allow-Origin: * and it causing COR errors.
I've tested locally and the duplicate does cause the error whereas a single Access-Control-Allow-Origin: * works.
Is there a way around this from my side when calling the GET?
HTTP/1.1 200 OK
Date: Wed, 28 Nov 2012 19:40:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
Set-Cookie: TargetToken=AB3Hirk0TNDPCfVY6LZd1Fs1; Expires=Fri, 28-Nov-2014 19:40:10 G11T; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/xml; charset=utf-8
Content-Length: 590
XMLHttpRequest cannot load http://target.com/api/getstuff?stuffid=4.
Origin http://mysite.com is not allowed by
Access-Control-Allow-Origin.
The CORS spec explicitly states that multiple Access-Control-Allow-Origin headers are not allowed: http://www.w3.org/TR/cors/#resource-sharing-check-0
Is there any way to convince the client to fix their server implementation?