Problems compiling on varnish 3

Question

Problems compiling on varnish 3

intelbg opened this issue 9 years ago · 5 comments

I can't compile vsf on varnish 3 with a lot of probes. Here are ll my steps and the error I see:

2 yum install docutils pcre-devel gcc* git nano -y
3 wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz
4 rm varnish-3.0.3.tar.gz
5 cd /usr/local/src
7 wget http://repo.varnish-cache.org/source/varnish-3.0.3.tar.gz
8 tar xvvf varnish-3.0.3.tar.gz
12 cd varnish-3.0.3/
13 ./configure
14 make
15 make install
16 varnishd -V
17 cd -
18 git clone https://github.com/comotion/VSF.git
19 cd VSF/
20 git clone https://github.com/fastly/libvmod-urlcode.git
21 git clone https://github.com/nand2/libvmod-throttle.git
22 git clone https://github.com/xcir/libvmod-parsereq.git
23 git clone https://github.com/varnish/libvmod-shield.git
24 for mod in parsereq urlcode shield throttle; do cd libvmod-$mod; ./autogen.sh && VARNISHSRC=/usr/local/src/varnish-3.0.3 VMODDIR=/usr/lib64/varnish/vmods ./configure && make -j3; make install; cd -; done

make[1]: Entering directory /usr/local/src/VSF/libvmod-urlcode/src' make[1]: *** No rule to make target@VMODTOOL@', needed by vcc_if.c'. Stop. make[1]: Leaving directory/usr/local/src/VSF/libvmod-urlcode/src'
make: *** [install-recursive] Error 1

Then I installed varnish-libs and varnish-libs-devel from here:

https://repo.varnish-cache.org/redhat/varnish-3.0/el6/x86_64/varnish/

BUT I see again the error for VMODTOOLS and can't fix this - why?

Answer 1 · 2015-05-12T18:50:29.000Z

The instructions for libvmod-urlcode are wrong now since master is for V4.
Use git clone -b varnish-3 https://github.com/fastly/libvmod-urlcode.git

Answer 2 · 2015-05-12T19:11:48.000Z

Actually, where are you getting those instructions from?
Everything you need is available when you clone VSF if you used --recursive.

Answer 3 · 2015-05-13T09:55:50.000Z

Yes, following your steps I think it's installed ok now. Can you finally tell me how to test it with some pattern for xss for example that vsf prevents?

Thank you.

Answer 4 · 2015-05-13T11:25:48.000Z

Also, as VSF use vmod shield how can I limit the concurent connections from one IP address - I can't find such an information? I woul be very thankfull if you tell me how this works as I flood my varnish server but i can't see very protection from this vmod.

Answer 5 · 2015-05-13T13:25:10.000Z

For XSS patterns blocked by VSF, you can run GETs which mach the VSF rules.

To limit connections you need to configure libvmod-throttle. We do not do this presently because it would be tough to distinguish between good and bad traffic, however it is simple enough to configure by following the vmod-throttle readme at https://github.com/nand2/libvmod-throttle .