<div dir="ltr"><img width="0" height="0" class="mailtrack-img" alt="" style="display:flex" src="https://mailtrack.io/trace/mail/830e676b314f1b30986adfc1c7df5f967b9aa282.png?u=74734"><div>


















<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif">Thanks all for the response. Michael, I am going to add those header ignores. <span></span></p>

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span> </span></p>

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif">Still puzzled by the large number of MISSEs and I’ve no clue why they are happening. Leads appreciated. <span></span></p>

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span> </span></p>

<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:12pt;font-family:Calibri,sans-serif"><span> </span></p>





</div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;color:#000000"><br></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature">- Quintin</div></div>
<br><div class="gmail_quote">On Sun, May 13, 2018 at 6:12 PM, c0nw0nk <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org" target="_blank">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You know you can DoS sites with Cache MISS via switching up URL params and<br>
arguements.<br>
<br>
Examples :<br>
<br>
HIT :<br>
index.php?var1=one&var2=two<br>
MISS :<br>
index.php?var2=two&var1=one<br>
<br>
MISS :<br>
index.php?random=1<br>
index.php?random=2<br>
index.php?random=3<br>
etc etc<br>
<br>
Inserting random arguements to URL's will cause cache misses and changing<br>
the order of existing valid URL arguements will also cause misses.<br>
<br>
Cherian Thomas Wrote:<br>
------------------------------<wbr>-------------------------<br>
<div><div class="h5">> Thanks for this Michael.<br>
> <br>
> <br>
> <br>
> This is so surprising. If someone decides to Dos and crawls the<br>
> website<br>
> with a rogue header, this will essentially bypass the cache and put a<br>
> strain on the website. In fact, I was hit by a dos attack that’s when<br>
> I<br>
> started looking at logs and realized the large number of MISSes.<br>
> <br>
> <br>
> <br>
> Can someone please help?<br>
> <br>
> <br>
> - Cherian<br>
> <br>
> On Sat, May 12, 2018 at 12:01 PM, Friscia, Michael<br>
> <<a href="mailto:michael.friscia@yale.edu">michael.friscia@yale.edu</a><br>
> > wrote:<br>
> <br>
> > I'm not sure if this will help, but I ignore/hide a lot, this is in<br>
> my<br>
> > config<br>
> ><br>
> ><br>
> > proxy_ignore_headers X-Accel-Expires Expires Cache-Control<br>
> Set-Cookie;<br>
> > proxy_hide_header X-Accel-Expires;<br>
> > proxy_hide_header Pragma;<br>
> > proxy_hide_header Server;<br>
> > proxy_hide_header Request-Context;<br>
> > proxy_hide_header X-Powered-By;<br>
> > proxy_hide_header X-AspNet-Version;<br>
> > proxy_hide_header X-AspNetMvc-Version;<br>
> ><br>
> ><br>
> > I have not experienced the problem you mention, I just thought I<br>
> would<br>
> > offer my config.<br>
> ><br>
> ><br>
> > ______________________________<wbr>_____________<br>
> ><br>
> > Michael Friscia<br>
> ><br>
> > Office of Communications<br>
> ><br>
> > Yale School of Medicine<br>
> ><br>
> > (203) 737-7932 – office<br>
> ><br>
> > (203) 931-5381 – mobile<br>
> ><br>
> > <a href="https://mailtrack.io/trace/link/a61adbc81bbb4743e50220408108f7e1b8f3af40?url=http%3A%2F%2Fweb.yale.edu&userId=74734&signature=0767ce63378dc575" rel="noreferrer" target="_blank">http://web.yale.edu</a><br>
> ><br>
</div></div>> <<a href="https://mailtrack.io/trace/link/661443b9951f60c19cd0ed2ec67ca9c38485a127?url=https%3A%2F%2Fmailtrack.io%2Ftrace%2Flink%2F8357a0bdd8c40c2ff5b7d91c7797cbc7a8535&userId=74734&signature=fd94611bb5198158" rel="noreferrer" target="_blank">https://mailtrack.io/trace/<wbr>link/<wbr>8357a0bdd8c40c2ff5b7d91c7797cb<wbr>c7a8535</a><br>
> ffb?url=http%3A%2F%<a href="https://mailtrack.io/trace/link/8d2b22d027b9e7af0a2468545c2e35529237af19?url=http%3A%2F%2F2Fweb.yale.edu&userId=74734&signature=5ab2d28a496b50f6" rel="noreferrer" target="_blank">2Fweb.yale.<wbr>edu</a>%2F&userId=74734&signature=<wbr>d652edf1f4<br>
> f21323><br>
> ><br>
> ><br>
> > ------------------------------<br>
> > *From:* nginx <<a href="mailto:nginx-bounces@nginx.org">nginx-bounces@nginx.org</a>> on behalf of Quintin Par <<br>
> > <a href="mailto:quintinpar@gmail.com">quintinpar@gmail.com</a>><br>
> > *Sent:* Saturday, May 12, 2018 1:32 PM<br>
> > *To:* <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
> > *Subject:* Re: Debugging Nginx Cache Misses: Hitting high number of<br>
<span class="">> MISS<br>
> > despite high proxy valid<br>
> ><br>
> ><br>
</span><span class="">> > That’s the tricky part. These MISSes are intermittent. Whenever I<br>
> run curl<br>
> > I get HITs but I end up seeing a lot of MISS in the logs.<br>
> ><br>
> ><br>
> ><br>
> > How do I log these MiSSes with the reason? I want to know what<br>
> headers<br>
> > ended up bypassing the cache.<br>
> ><br>
> ><br>
> ><br>
> > Here’s my caching config<br>
> ><br>
> ><br>
> ><br>
> >             proxy_pass <a href="https://mailtrack.io/trace/link/071291057b0a07a97c3170df6ceb9706ad0e553d?url=http%3A%2F%2F127.0.0.1%3A8000&userId=74734&signature=21d883fe1973c407" rel="noreferrer" target="_blank">http://127.0.0.1:8000</a><br>
> ><br>
</span>> <<a href="https://mailtrack.io/trace/link/6864e1b6645eae9d83bd78154bd244cbd3132407?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-3A__127.0.0.1-3A8000%26&userId=74734&signature=05baa72c55f6e580" rel="noreferrer" target="_blank">https://urldefense.<wbr>proofpoint.com/v2/url?u=http-<wbr>3A__127.0.0.1-3A8000&</a><br>
> d=DwMFaQ&c=cjytLXgP8ixuoHflwc-<wbr>poQ&r=<wbr>wvXEDjvtDPcv7AlldT5UvDx32KXBEM<wbr>6um_<br>
> lS023SJrs&m=F-qGMOyS74uE8JM-<wbr>dOLmNH92bQ1xQ-7Rj1d6k-_WST4&s=<wbr>NHvlb1WColNw<br>
> TWBF36P1whJdu5iWHK9_<wbr>50IDHugaEdQ&e=><br>
<div><div class="h5">> > ;<br>
> ><br>
> >                 proxy_set_header X-Real-IP  $remote_addr;<br>
> ><br>
> >                 proxy_set_header X-Forwarded-For<br>
> > $proxy_add_x_forwarded_for;<br>
> ><br>
> >                 proxy_set_header X-Forwarded-Proto https;<br>
> ><br>
> >                 proxy_set_header X-Forwarded-Port 443;<br>
> ><br>
> ><br>
> ><br>
> >                 # If logged in, don't cache.<br>
> ><br>
> >                 if ($http_cookie ~*<br>
> "comment_author_|wordpress_(?!<wbr>test_cookie)|wp-postpass_"<br>
> > ) {<br>
> ><br>
> >                   set $do_not_cache 1;<br>
> ><br>
> >                 }<br>
> ><br>
> >                 proxy_cache_key "$scheme://$host$request_uri$<br>
> > do_not_cache";<br>
> ><br>
> >                 proxy_cache staticfilecache;<br>
> ><br>
> >                 add_header Cache-Control public;<br>
> ><br>
> >                 proxy_cache_valid       200 120d;<br>
> ><br>
> >                 proxy_hide_header "Set-Cookie";<br>
> ><br>
> >                 proxy_ignore_headers  "Set-Cookie";<br>
> ><br>
> >                 proxy_ignore_headers  "Cache-Control";<br>
> ><br>
> >                 proxy_hide_header "Cache-Control";<br>
> ><br>
> >                 proxy_pass_header X-Accel-Expires;<br>
> ><br>
> ><br>
> ><br>
> >                 proxy_set_header Accept-Encoding "";<br>
> ><br>
> >                 proxy_ignore_headers Expires;<br>
> ><br>
> >                 add_header X-Cache-Status $upstream_cache_status;<br>
> ><br>
> >                 proxy_cache_use_stale   timeout;<br>
> ><br>
> >                 proxy_cache_bypass $arg_nocache $do_not_cache;<br>
> > - Quintin<br>
> ><br>
> ><br>
> > On Sat, May 12, 2018 at 10:29 AM Lucas Rolff <<a href="mailto:lucas@lucasrolff.com">lucas@lucasrolff.com</a>><br>
> wrote:<br>
> ><br>
> > It can be as simple as doing a curl to your “origin” url (the one<br>
> you<br>
> > proxy_pass to) for the files you see that gets a lot of MISS’s – if<br>
> there’s<br>
> > odd headers such as cookies etc, then you’ll most likely experience<br>
> a bad<br>
> > cache if your nginx is configured to not ignore those headers.<br>
> ><br>
> ><br>
> ><br>
</div></div>> > *From: *nginx <<a href="mailto:nginx-bounces@nginx.org">nginx-bounces@nginx.org</a>> on behalf of Quintin Par <<br>
> > <a href="mailto:quintinpar@gmail.com">quintinpar@gmail.com</a>><br>
> > *Reply-To: *"<a href="mailto:nginx@nginx.org">nginx@nginx.org</a>" <<a href="mailto:nginx@nginx.org">nginx@nginx.org</a>><br>
> > *Date: *Saturday, 12 May 2018 at 18.26<br>
> > *To: *"<a href="mailto:nginx@nginx.org">nginx@nginx.org</a>" <<a href="mailto:nginx@nginx.org">nginx@nginx.org</a>><br>
> > *Subject: *Debugging Nginx Cache Misses: Hitting high number of MISS<br>
<div><div class="h5">> > despite high proxy valid<br>
> ><br>
> ><br>
> ><br>
> > [image:<br>
> ><br>
> <a href="https://mailtrack.io/trace/mail/86a613eb1ce46a4e7fa6f9eb96989cddae6398" rel="noreferrer" target="_blank">https://mailtrack.io/trace/<wbr>mail/<wbr>86a613eb1ce46a4e7fa6f9eb96989c<wbr>ddae6398</a><br>
> 00.png?u=74734]<br>
> ><br>
> > My proxy cache path is set to a very high size<br>
> ><br>
> ><br>
> ><br>
> > proxy_cache_path  /var/lib/nginx/cache  levels=1:2<br>
> >  keys_zone=staticfilecache:180m  max_size=700m;<br>
> ><br>
> > and the size used is only<br>
> ><br>
> ><br>
> ><br>
> > sudo du -sh *<br>
> ><br>
> > 14M cache<br>
> ><br>
> > 4.0K    proxy<br>
> ><br>
> > Proxy cache valid is set to<br>
> ><br>
> ><br>
> ><br>
> > proxy_cache_valid 200 120d;<br>
> ><br>
> > I track HIT and MISS via<br>
> ><br>
> ><br>
> ><br>
> > add_header X-Cache-Status $upstream_cache_status;<br>
> ><br>
> > Despite these settings I am seeing a lot of MISSes. And this is for<br>
> pages<br>
> > I intentionally ran a cache warmer an hour ago.<br>
> ><br>
> ><br>
> ><br>
> > How do I debug why these MISSes are happening? How do I find out if<br>
> the<br>
> > miss was due to eviction, expiration, some rogue header etc? Does<br>
> Nginx<br>
> > provide commands for this?<br>
> ><br>
> ><br>
> ><br>
> > - Quintin<br>
> > ______________________________<wbr>_________________<br>
> > nginx mailing list<br>
> > <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
> > <a href="https://mailtrack.io/trace/link/956685bf1c269e5b5e505d57769f24a31e3e2442?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&userId=74734&signature=61a29f8655dde16e" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
> ><br>
</div></div>> <<a href="https://mailtrack.io/trace/link/0f96ef0fff2b29b47c79cd24c346157878aaf2e5?url=https%3A%2F%2Fmailtrack.io%2Ftrace%2Flink%2F122c3dbd333c388f47f5c2776af9ebc3fc75a&userId=74734&signature=0b1e1864a472eee2" rel="noreferrer" target="_blank">https://mailtrack.io/trace/<wbr>link/<wbr>122c3dbd333c388f47f5c2776af9eb<wbr>c3fc75a</a><br>
> e10?url=https%3A%2F%<a href="https://mailtrack.io/trace/link/5a068de37a59a883da6fd59fdd4026a152a7fc91?url=http%3A%2F%2F2Furldefense.proofpoint.com&userId=74734&signature=ca8f6ddc8276a370" rel="noreferrer" target="_blank">2Furldefen<wbr>se.proofpoint.com</a>%2Fv2%2Furl%<wbr>3Fu%3Dhttp-<br>
> 3A__mailman.nginx.org_mailman_<wbr>listinfo_nginx%26d%3DDwMFaQ%<wbr>26c%3DcjytLX<br>
> gP8ixuoHflwc-poQ%26r%<wbr>3DwvXEDjvtDPcv7AlldT5UvDx32KXB<wbr>EM6um_lS023SJrs%26m<br>
> %3DF-qGMOyS74uE8JM-<wbr>dOLmNH92bQ1xQ-7Rj1d6k-_WST4%<wbr>26s%3DD3LnZhfobOtlEStCv<br>
> CDrcwmHydEHaGRFC4gnWvRT5Uk%<wbr>26e%3D&userId=74734&signature=<wbr>56c7a7ad18b2c<br>
> 057><br>
<span class="">> ><br>
> ><br>
> > ______________________________<wbr>_________________<br>
> > nginx mailing list<br>
> > <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
> > <a href="https://mailtrack.io/trace/link/f500ef35fc0275c82402a7af89180ae2c67cea6a?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&userId=74734&signature=aa7675f47e061eec" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
> ><br>
</span>> <<a href="https://mailtrack.io/trace/link/d6afed06499ad18204cf041056d4781772869d72?url=https%3A%2F%2Fmailtrack.io%2Ftrace%2Flink%2F92c2700d67bd6891ca1606e2df4e0f11c6d82&userId=74734&signature=59dcf4fe89ac3c3c" rel="noreferrer" target="_blank">https://mailtrack.io/trace/<wbr>link/<wbr>92c2700d67bd6891ca1606e2df4e0f<wbr>11c6d82</a><br>
> 260?url=http%3A%2F%<a href="https://mailtrack.io/trace/link/3ec600220aa90db4d165256c22910f3c97fa118d?url=http%3A%2F%2F2Fmailman.nginx.org&userId=74734&signature=c116773b55639f01" rel="noreferrer" target="_blank">2Fmailman.<wbr>nginx.org</a>%2Fmailman%<wbr>2Flistinfo%2Fnginx&us<br>
> erId=74734&signature=<wbr>3763121afa828bb7><br>
<span class="">> ><br>
> ______________________________<wbr>_________________<br>
> nginx mailing list<br>
> <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
> <a href="https://mailtrack.io/trace/link/8e6777181b5012ff78b980aafec44306b2954bae?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&userId=74734&signature=2adebca7901eccce" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
<br>
</span>Posted at Nginx Forum: <a href="https://mailtrack.io/trace/link/89e8f350a5c632ccafaadd90a9a8114ecac2e688?url=https%3A%2F%2Fforum.nginx.org%2Fread.php%3F2%2C279764%2C279771%23msg-279771&userId=74734&signature=3a01022d1b56bd07" rel="noreferrer" target="_blank">https://forum.nginx.org/read.<wbr>php?2,279764,279771#msg-279771</a><br>
<div class="HOEnZb"><div class="h5"><br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="https://mailtrack.io/trace/link/8e6777181b5012ff78b980aafec44306b2954bae?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&userId=74734&signature=2adebca7901eccce" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a></div></div></blockquote></div><br></div>