Submit your Linux news story here.

How to avoid a Varnish cache poisoning attack on Linux or Unix

Varnish is a free and open source HTTP web caching software. This tutorial provides some insights into Varnish cache poisoning and invalidation to avoid attacks on Linux or Unix-based system.

I like to emphasize the word “policy”, and make the backends responsible for providing useful information (but that’s a topic for another blog post). When the backend tells you all you need to know, it allows you to not have to handle specific cases in your VCL. This way you can keep a minimal cache policy in Varnish, containing only value-added features, such as robust invalidation schemes, or cache poisoning mitigation.

Comments on this entry are closed.