Pinned Service Shielding resulting in cache errors

AnthonyNiximacco · August 21, 2024, 10:26pm

Hi there, I’m seeing some weirdness in my configuration for my service.

I have a pinned service map that has a domain configured map.foo.com in the service. Everything works until I start trying multiple different domains. I’m seeing that the first domain that’s loaded is the one that’s cached, and all the other sites get that cached content.

I’ve pinpointed it to being an issue with caching and my VCL snippet used from the documentation (and modified with my changes for my service). How can I make sure the cache isn’t causing a bleedover between my sites?

Here’s my vcl_pass / vcl_miss snippet for reference:

##################################
# Add Host Overriding and shielding fix


if (req.backend.is_shield) {
  set bereq.http.host = "map.foo.com";
  set bereq.http.host_preserve = fastly_info.host_header;
}

if (req.backend.is_origin) {
  declare local var.existing_host STRING;
  set var.existing_host = header.get(req, "host_preserve");
  set bereq.http.host = if (
    var.existing_host,
    var.existing_host,
    fastly_info.host_header
  );

  # If the host is in the dictionary, we replace it.
  if (table.contains(hosts, var.existing_host)) {
    set bereq.http.host = table.lookup(hosts, var.existing_host);
    set bereq.http.x-forwarded-host = var.existing_host;
  }
}

# End Host Overriding

Thank you in advance!

aspires · August 22, 2024, 5:01pm

Hey @AnthonyNiximacco – a few of us put our heads together on this. We definitely have some work to do to make the Shielding experience more intuitive for customers also using the Service Pin function.

What the team spotted was: you need to add the logic for resetting the Host header to vcl_recv, and make sure that it conditionally runs on the Shield server.

AnthonyNiximacco · August 22, 2024, 8:23pm

Perfect! Ended up working when I reset the Host header in vcl_recv. Thank you!

AnthonyNiximacco · August 23, 2024, 5:58pm

Actually, I don’t know that I’ve done this. What would resetting the host header in vcl_recv look like? I tried moving my code that I had resetting the host header to the recv section, but it caused the same issues. I realized the “solution” that caused my problems to be resolved was a change to my vcl_hash block that added the host_preserve header to the hash.

aspires · August 26, 2024, 6:44pm

If that didn’t work, it may make sense to move this into a support ticket for deeper diving. I can convert this threat to a ticket if you’d like.

Topic		Replies	Views
VCL error caching General	6	806	August 3, 2023
Cache warming on different POPs General	1	172	April 30, 2024
Only send requests from 1 IP address to second host General	2	759	May 12, 2023
Disable Hit for Cache not working General	2	340	October 30, 2023
Nothing is being cached General	4	662	October 13, 2023

Pinned Service Shielding resulting in cache errors

Related topics