Page MenuHomePhabricator
Create Task
Maniphest T113223

Varnish not letting through RESTBase back-end service responses for rest.wm.org
Closed, ResolvedPublic
Actions

Description

RESTBase is currently acting as a proxy for the Mobile-Content-Service. This works fine when a client issues requests against https://{domain}/api/rest_v1/, but when https://rest.wikimedia.org/{domain}/v1/ is used, a 503 is received.

$ curl https://en.wikipedia.org/api/rest_v1/page/mobile-html/Foobar -v
> GET /api/rest_v1/page/mobile-html/Foobar HTTP/1.1
> User-Agent: curl/7.35.0
> Host: en.wikipedia.org
> Accept: */*
> 
< HTTP/1.1 200 OK
< Server: nginx/1.9.4
< Date: Mon, 21 Sep 2015 11:22:25 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< access-control-allow-origin: *
< access-control-allow-headers: Accept, X-Requested-With, Content-Type
< x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
< x-frame-options: SAMEORIGIN
< content-security-policy: default-src 'self'; object-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< x-content-security-policy: default-src 'self'; object-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< x-webkit-csp: default-src 'self'; object-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< vary: Accept-Encoding
< cache-control: private, max-age=0, s-maxage=0, must-revalidate
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET
< Access-Control-Allow-Headers: accept, content-type
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: default-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< X-Content-Security-Policy: default-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< X-WebKit-CSP: default-src 'none'; media-src *; img-src *; style-src *; frame-ancestors 'self'
< X-Request-Id: 0908603d-6053-11e5-9d2c-b6c4e9e9329d
< X-Varnish: 615462701, 4132442282, 1437068073
< Via: 1.1 varnish, 1.1 varnish, 1.1 varnish
< Age: 0
< X-Cache: cp1065 miss (0), cp3030 miss (0), cp3013 frontend miss (0)
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
$ curl http://rest.wikimedia.org/en.wikipedia.org/v1/page/mobile-html/Foobar -v
> GET /en.wikipedia.org/v1/page/mobile-html/Foobar HTTP/1.1
> User-Agent: curl/7.35.0
> Host: rest.wikimedia.org
> Accept: */*
> 
< HTTP/1.1 503 Service Unavailable
< Proxy-Connection: Keep-Alive
< Connection: Keep-Alive
< Content-Length: 419
< Via: 1.1 varnish, 1.1 ISAROVINJ
< Age: 0
< Date: Mon, 21 Sep 2015 11:23:47 GMT
< Content-Type: text/html; charset=utf-8
< Server: Varnish
< Retry-After: 5
< Accept-Ranges: bytes
< X-Varnish: 1072778244
< X-Cache: cp1058 frontend miss (0)

The obvious blame candidate are CSP headers received by Varnish.

In spite of the fact that we plan to get rid of rest.wm.org, we should ensure equivalent functionality while it's still around.

Event Timeline

mobrovac created this task.Sep 21 2015, 11:26 AM
mobrovac raised the priority of this task from to Needs Triage.
mobrovac updated the task description. (Show Details)
mobrovac added projects: Services, acl*sre-team, RESTBase, Varnish, Mobile-Content-Service.
mobrovac added subscribers: mobrovac, BBlack, Milimetric, bearND.
Restricted Application added subscribers: Matanya, Aklapper. · View Herald TranscriptSep 21 2015, 11:26 AM
mobrovac updated the task description. (Show Details)Sep 21 2015, 11:29 AM
mobrovac set Security to None.
GWicke subscribed.Sep 21 2015, 2:38 PM

Does this still matter?

bearND moved this task from Incoming to Tracking on the Mobile-Content-Service board.Sep 24 2015, 5:03 PM
GWicke triaged this task as Low priority.Oct 5 2015, 9:57 PM
GWicke closed this task as Resolved.Feb 18 2016, 9:47 PM
GWicke claimed this task.

Closing, as all accesses to the mobile content service have been migrated to the main project domains.

Aklapper added a project: Traffic.May 4 2016, 9:14 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL