kangle反代cloudflare cf作为源站时,vary模块不起效果,需要额外增加一个Origin值,删除Access header头部
kangle反代cloudflare cf作为源站时,vary模块不起效果,需要额外增加一个Origin值,删除Access header头部测试版本:3.5.21.16
例子:https://uc.itzmx.com/data/avatar/000/00/00/01_avatar_middle.jpg
https://user-images.githubusercontent.com/6442439/275932624-b8c52eca-976b-46f7-853b-379a6845dfa5.png
源站响应,Vary: Accept, Accept-Encoding
需求,在反代上对其额外增加一个Origin值
直接尝试vary模块没用
手动add_header没用
删除remove_header后在add_header也没用
replace_header后也没用
同时切换了大小写测试均无效
最终发现,在目标源站是cf的时候,vary默认的Accept-Encoding也不起效果。
测试方法
curl -v -H "Host: www.test.com" -H "Accept-Encoding: a" http://95.179.224.232/data/avatar/000/00/00/01_avatar_middle.jpg -O
curl -v -H "Host: www.test.com" -H "Accept-Encoding: b" http://95.179.224.232/data/avatar/000/00/00/01_avatar_middle.jpg -O
curl -v -H "Host: www.test.com" -H "Origin: a" http://95.179.224.232/data/avatar/000/00/00/01_avatar_middle.jpg -O
curl -v -H "Host: www.test.com" -H "Origin: b" http://95.179.224.232/data/avatar/000/00/00/01_avatar_middle.jpg -O
输出,是不是cf的某个头有问题?或者还有一种可能,因为源站已经有了vary,所以导致反代机器上无法设置该值吗?
< HTTP/1.1 200 OK
< vary: origin
< Date: Tue, 17 Oct 2023 17:49:55 GMT
< Content-Type: image/webp
< Strict-Transport-Security: max-age=31104000
< Last-Modified: Mon, 17 Nov 2014 00:44:55 GMT
< X-Cache: MISS from kangle web server dedi
< X-Cache: MISS from zhezhi-ru
< Cache-Control: max-age=31536000
< CF-Cache-Status: HIT
< Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=t%2F4L4z3WxxuGdWLtUQnsF8Bx5DE5dYABAMnaKWQ3B%2B%2Bq2m5a2KFOOmsVZw2RaRsHz7qDtUR4FRlw3x%2F16byDmMklOiEbZeK5fWRAQ6Vc8ad3hLmh8OsysBB1K%2F3Qu7VeeJyZ"}],"group":"cf-nel","max_age":604800}
< NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< Server: cloudflare
< CF-RAY: 817a6187ebe83691-LHR
< Age: 7
< X-Cache: HIT from kangle web server for sakura ca
< Content-Length: 4154
< Vary: Accept-Encoding, Accept
总结
我这试了下不起效果,需要源站加,因为源站已经输出一个数值了,在CDN上改头部后vary依旧不生效。。。需要重新改底层代码然后编译,整起来会比较麻烦,直接源站Access-Control-Allow-Origin改成*
或者源站vary对mp4和m4s增加一个Origin这样解决问题快一点,或者源站不要输出vary让cdn来输出也可以
还有个解决办法就是,部署一台中间源反代节点,中间源禁用缓存功能,只用来做头部修改操作,这时候边缘节点可以判断中间源=源站以便获得vary缓存
假如能操作源站,或者cf,直接在源站改就好了,cf如图所示删掉原来的域名方式,直接用*值代替
页:
[1]