Bereq.first_byte_timeout for specific path

Hello guys, before opening a ticket, i just need a tiny help in check where i am doing this wrong.

I have a fastly service with several backends.

For a specific path i change the timeout values as following :

sub vcl_recv {
  #FASTLY recv
    if (req.http.Host == "dataservice-preprod.company.com"
      && req.url ~ "^/slow/request") {

      set req.http.X-Long-Timeout = "true";
      set req.http.Fastly-No-Shield = "1";
      set req.backend = F_dataservice;

      return(pass); 
    }

    # some other domain matching to route to specific backends.
  }

sub vcl_pass {
  #FASTLY pass 

    if (req.http.X-Long-Timeout == "true") {
      set bereq.first_byte_timeout    = 600s;
      set bereq.between_bytes_timeout = 600s;
      set req.http.X-Passed = "true";
    }
  }


sub vcl_miss {
  #FASTLY miss

    if (req.http.X-Long-Timeout == "true") {
      set bereq.first_byte_timeout    = 600s;
      set bereq.between_bytes_timeout = 600s;
      set req.http.X-Missed = "true";
    }
  }


sub vcl_deliver {
  #FASTLY deliver
    if (req.http.X-Long-Timeout == “true”) {
      set resp.http.X-Slow-Endpoint = “true”;
      set resp.http.X-Missed = req.http.X-Missed;
      set resp.http.X-Passed = req.http.X-Passed;
    }
  }

When making a request to the matching path, i can see the header X-Passed in the response headers, so my guess is the timeouts are configured.

However they all end up with the default 15s timeout.

I thought about creating a new backend with its own timeouts (with the same origin), where i would route these specific requests, but seem a bit overkill

What is done wrong ?

There is also a strange behavior.
If i set both timeouts to 10 minutes, 600 seconds.

The request will always timeout at exactly 130s.

Im basically unable to have a query that takes a long time to answer, meaning above 130s.

Of course i escalated the behavior to the dev team regarding the long duration of this call, but optimizing this is let’s say …. another long story, and possible/feasible at the moment.

Hey @keisari-ch based on your reporting, there may be some deeper configuration issues in play – filing a ticket with support.fastly.com will allow our teams to take a more comprehensive look in a private conversation.

Hello @aspires, thank for the answer.

I actually created a ticket after realizing that’s actually ongoing when ngwaf is enabled.
As the agent is making the request to the backend, i assume the VCL timeouts, or the host configured timeouts are ignored.

Hope there’s a feedback from CSOC, because that’s the second severe limitation we’re facing after the one i mentioned at Self Signed certificates in backend and NG-WAF - General - Fastly Community