@justin i would recommend to use a unix domain socket (uds) for that reason:

varnishd -a tls=/path/to/socket,PROXY,mode=666

mode=666 is failsafe and not the most secure option

https://varnish-cache.org/docs/trunk/reference/varnishd.html#basic-options #varnishcache :varnishcache:

A new #FOSS module for #VarnishCache has become usable: #VMOD zipflow lets you generate ZIP files on the fly.

https://git.sr.ht/~slink/libvmod-zipflow

Thank you to @madler for this zipflow code!

#varnish #opensource

@krinkle we do have a proper #FOSS persistent storage engine for #varnishcache now: SLASH/ fellow https://gitlab.com/uplex/varnish/slash/-/blob/master/README.rst

Another week, another new #vmod for #varnishcache

Today: #iconv character encoding conversions for #vcl

https://gitlab.com/uplex/varnish/libvmod-iconv

JSON formatting in pure VCL is a PITA.

Just released: A #JSON formatter for #VCL which sucks less.

https://gitlab.com/uplex/varnish/libvmod-j #varnishcache #vmod #FOSS #opensource

Example from the README:

@bagder iirc it was two years ago that someone promised to implement http3 for #varnishcache "this year". they even had the features planned in a public repo.
we are all doing it wrong. #vaporware is the solution.

VSV00012 Base64 decoding vulnerability in vmod-digest

A base64 decoding vulnerability has been discovered in vmod-digest, which is often used with #varnishcache .

My personal recommendation is to migrate to vmod-blob, as shown in the advisory.

https://varnish-cache.org/security/VSV00012.html

@selea layer4 (syn flood, file descriptor exhaustion): mostly a non issue nowadays because ram is cheap enough.
tls: rate limiting works (eg with #haproxy ) or techniques along the #fail2ban idea : if an ip hits you too hard, filter it efficiently in the kernel
http: here my best recommendations are all based around #varnishcache because i work on it, but alternatives do exist. i will focus on what i know to be most helpful. 🧵

.foreach() for regular expression matches has come to #opensource Varnish HTTP Cache.

Our #pcre2 #regex module https://gitlab.com/uplex/varnish/libvmod-re for #varnishcache now also supports iterating over matches on strings and HTTP bodies

@GossiTheDog telefonica using cloudflare? not even telcos know how to cache properly? we have #varnishcache - you can do it!

This month, SLASH/fellow https://gitlab.com/uplex/varnish/slash, our advanced, high performance,
eventually persistent, always consistent #opensource storage engine for #varnishcache has received bug fixes and relevant performance improvements:
- reduced memory footprint
- improve cache lookup performance
- made memory allocation priorities more fine grained
- reduced overhead for concurrent access to disk objects
- improved disk space allocation

Please try it out, all feedback is welcome!

vmod_dynamic for #varnishcache just got better *again*.

I have finally implemented some improvements which I had on my mind for ages.

- lookups got more efficient with rbtrees
- reduced lock contention
- implemented detailed backend.list output
- added "keep" parameter to avoid re-creating backends temporarily vanishing from DNS
- lots of refactoring

https://github.com/nigoroll/libvmod-dynamic/commit/ad2285bb5915ceee6949f02bdca15333bdd159d5

@ezhes_ @retr0id @mjg59 the reverse+forward DNS check works. we use this with #varnishcache to authenticate google and others who offer the same properly configured DNS
https://github.com/kenshaw/libvmod-dns#string-valid_hoststring-name-enum-any-all-checkany

vmod_dynamic just got better.

Our #varnishcache module for dynamic backends based on DNS A/AAAA and SRV records has finally gained support for the director reference counting which got added to varnish 7.3.

https://github.com/nigoroll/libvmod-dynamic/commit/41f20790aedfc6d8f5cae4b3b8ffb82cd9b302c0

@kly at least regarding #varnishcache i have not given up.

@carlosabalde is there a project to replace varnishsentry for #varnishcache ?

Our #opensource parallel #ESI (pESI) module https://gitlab.com/uplex/varnish/libvdp-pesi for #varnishcache received some <3 and has now 0 open bugs, better performance, cleaner code and, drumroll please, even a CHANGES.rst https://gitlab.com/uplex/varnish/libvdp-pesi/-/blob/master/CHANGES.rst

Lesser known #varnishcache feature of the day: Some of the built-in #VCL types have methods, too:

BACKEND
.resolve()
STORAGE
.free_space
.used_space
.happy
STRING
.upper()
.lower()

https://github.com/varnishcache/varnish-cache/issues/3935#issuecomment-1582500300

regsub() on bodies has finally arrived for #opensource Varnish HTTP Cache.

Our #pcre2 #regex module https://gitlab.com/uplex/varnish/libvmod-re for #varnishcache now also supports substitutions on bodies. Similar to the recently announced .match_body() method, this feature supports matches across storage segments while avoiding to make copies using PCRE2's partial match feature.

Another big think you to Philip Hazel and Zoltan Herczeg for their great work on the essential regular expression library.

asking for a client: any #backenddev with #opensource #varnishcache knowledge interested in a #job in #berlin ?
pm me
boosts welcome