Page MenuHomePhabricator
Create Task
Maniphest T392073

Move method check from varnish to HAProxy
Closed, ResolvedPublic
Actions

Description

The following snippet from wikimedia-frontend.vcl can be moved to HAProxy excluding PURGE method:

// To pass this check, the method must be in allowed_methods (even OPTIONS must be there to be supported),
// Additionally, if OPTIONS is allowed, it must be accompanied by Origin:
if (req.method !~ "<%= @vcl_config.fetch("allowed_methods", "^(GET|HEAD|POST|OPTIONS|PURGE)$") %>"
    || (req.method == "OPTIONS" && !req.http.Origin)) {
    return (synth(405, "Method not allowed"));
}

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
varnish: remove unused allowed_methods /hieradata/role/common/cache/text.yamloperations/puppetproduction+0 -1
cache: remove unused allowed_methods check from varnishoperations/puppetproduction+0 -80
cache,haproxy: allowed methods check and set response headersoperations/puppetproduction+35 -2
Customize query in gerrit

Event Timeline

Fabfur created this task.Apr 16 2025, 11:41 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 16 2025, 11:41 AM
Vgutierrez triaged this task as Medium priority.Apr 16 2025, 12:03 PM

take into account that we set a different list of allowed methods per cluster:

hieradata/role/common/cache/text.yaml:    allowed_methods: '^(GET|HEAD|OPTIONS|PATCH|POST|PURGE|PUT|DELETE)$'
hieradata/role/common/cache/upload.yaml:    allowed_methods: '^(GET|HEAD|OPTIONS|PURGE)$'
gerritbot added a comment.Apr 16 2025, 12:31 PM

Change #1136998 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] cache: copy allowed methods check to haproxy

https://gerrit.wikimedia.org/r/1136998

gerritbot added a project: Patch-For-Review.Apr 16 2025, 12:31 PM
gerritbot added a comment.Apr 29 2025, 8:17 AM

Change #1136998 merged by Fabfur:

[operations/puppet@production] cache,haproxy: allowed methods check and set response headers

https://gerrit.wikimedia.org/r/1136998

Maintenance_bot removed a project: Patch-For-Review.Apr 29 2025, 8:30 AM
Fabfur added a comment.Apr 29 2025, 9:12 AM

Leaving this open as memo to remove Varnish configuration at a later moment

Fabfur changed the task status from Open to In Progress.Apr 29 2025, 9:12 AM
Fabfur lowered the priority of this task from Medium to Low.
Vgutierrez changed the task status from In Progress to Stalled.Apr 29 2025, 9:17 AM
gerritbot added a comment.May 9 2025, 8:51 AM

Change #1143755 had a related patch set uploaded (by Fabfur; author: Fabfur):

[operations/puppet@production] cache: remove unused allowed_methods check from varnish

https://gerrit.wikimedia.org/r/1143755

gerritbot added a project: Patch-For-Review.May 9 2025, 8:51 AM
gerritbot added a comment.May 14 2025, 9:07 AM

Change #1143755 merged by Fabfur:

[operations/puppet@production] cache: remove unused allowed_methods check from varnish

https://gerrit.wikimedia.org/r/1143755

Maintenance_bot removed a project: Patch-For-Review.May 14 2025, 9:31 AM
Fabfur closed this task as Resolved.May 14 2025, 10:30 AM
Stashbot added a comment.Aug 31 2025, 11:09 PM

Mentioned in SAL (#wikimedia-releng) [2025-08-31T23:09:31Z] <Krinkle> Remove unused allowed_methods Hiera key from deployment-cache-text and deployment-cache-upload in Horizon, ref T392073

gerritbot added a comment.Aug 31 2025, 11:25 PM

Change #1183274 had a related patch set uploaded (by Krinkle; author: Krinkle):

[operations/puppet@production] varnish: remove unused allowed_methods /hieradata/role/common/cache/text.yaml

https://gerrit.wikimedia.org/r/1183274

gerritbot added a project: Patch-For-Review.Aug 31 2025, 11:25 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits