Adding your origin's name to Fastly-Debug-Path


#1

Hi all,

Sharing this because I found it incredibly useful while attempting to understand/debug shielding and auto-loadbalancing.

I followed the basic outline of Capturing the Origin Information under the Performance Tuning guide to Tracking your origin’s name, IP, and port.

But I changed the Destination and Source as follows:

Destination: http.Fastly-Debug-Path
Source: "(B " regsub(beresp.backend.name,"^.*--F_","F_") " " now.sec ") " if(beresp.http.Fastly-Debug-Path, beresp.http.Fastly-Debug-Path, "")

This has the net effect of adding the following to vcl_fetch:

  # Header rewrite Fastly-Debug add the backend : 10
  
      
        set beresp.http.Fastly-Debug-Path = "(B " regsub(beresp.backend.name,"^.*--F_","F_") " " now.sec ") " if(beresp.http.Fastly-Debug-Path, beresp.http.Fastly-Debug-Path, "");

Which with Fastly-Debug enabled, will add the selected backend (minus the Fastly service key) to the Fastly-Debug-Path in vcl_fetch, ultimately showing up as something like this:

  Fastly-Debug-Path: (D cache-den6027-DEN 1468527301) (B fastlyshield--shield_cache_akl6420_AKL 1468527301) (F cache-den6024-DEN 1468527301) (D cache-akl6420-AKL 1468527301) (B F_wwworigin1 1468527301) (F cache-akl6421-AKL 1468527301)

#2

Thanks for sharing! I was considering for a moment to make it a default in our VCL, but then realized that it might leak too much data to potential attackers. In your case it should be fine, but lots of people have their full Hostname in the name, and that would be unwise to make available to the world. :blush:


#3

No worries!

I guess it’s worth knowing that there are good reasons (like this) to use shortened slightly obfuscated backend names.