View Issue Details

IDProjectCategoryView StatusLast Update
0006215OXID eShop (all versions)4.08. Cachepublic2015-08-17 11:06
ReporterSvenDeichmann 
PrioritynormalSeverityfeatureReproducibilityalways
Status acknowledgedResolutionopen 
Product Version4.9.4 / 5.2.4 
Target VersionFixed in Version 
Summary0006215: "Test Reverse Proxy's availability" in admin backend does not check for the same as the actual caching mechanism
DescriptionAs also stated in the documentation the button only fetches the start page und searches it for a 'X-Varnish' header.
That is fine to check for a varnish in default configuration, but it does not really tell anything about the correct functionality of the ESI implementation and it is limited to varnish as caching proxy.
The production code checks
strpos($_SERVER["HTTP_SURROGATE_CAPABILITY"], 'varnish=ESI') !== false;
instead.
Steps To Reproduce- set up a shop and varnish and enable reverse proxy caching with default config
- check caching is working
- add remove resp.http.X-Varnish; to your varnish so this header is removed
- click the button "Test Reverse Proxy's availability" in admin backend
- verify it says "failed"
- verify caching still works fine
Additional InformationIt might be considered a security risk that Varnish tells that it is a varnish (see https://linax.wordpress.com/2011/01/27/varnish-cache-security-removing-default-headers/) so it might very well not tell anyone it is a varnish, but still provides nice caching functionality.
TagsNo tags attached.
ThemeAll
BrowserAll
PHP VersionAll
MySQL VersionAll

Activities

SvenDeichmann

2015-08-12 09:41

reporter   ~0011165

proposal: use the same method for the button as for activating ESI support