Varnish 403 Error – error on page

You have installed varnish into your web server and being happy with it for a few days and suddenly one day you found out that your page is showing an error page with the text "error" on it. And that kept you wonder why is varnish showing error page and after restarting your varnish it is still showing error.

A quick investigation on the http header sent over from the server shows that varnish is serving 403 error page to our visitors! Why?!

Why Varnish serving 403 error page

There are plenty of reasons why varnish is serving a 403 error page but most likely that your backend is only returning 403 once, but then Varnish is caching it for future requests. Some times it happens so we have to explicitly ask Varnish 3.0 to not cache any error pages. On vcl_fetch section, you might want to add the following to prevent it from caching all error page on varnish 3.0.


if (beresp.status >= 400) {
return (hit_for_pass);
}

But if this is not the case, there is also possbility that 403 points at your backend telling varnish it is forbidden. If varnish is giving you that error then it is working and the backend is giving it 403. Most likely this is caused by the backend apps use some sort of rate limiting per ipĀ as by default when you add varnish to an existing setup the ip that gets passed to the backend is the varnish ip not the source ip. In that case you should update the X forwarded by adding the below code to vlc_recv section,

  remove req.http.X-Forwarded-For;
  set req.http.X-Forwarded-For = client.ip;

The above code ensure the correct client ip is being passed into varnish and prevent itself from throwing 403 error!