You know you can DoS sites with Cache MISS via switching up URL params and arguements.

Examples :

HIT :
index.php?var1=one&var2=two
MISS :
index.php?var2=two&var1=one

MISS :
index.php?random=1
index.php?random=2
index.php?random=3
etc etc

Inserting random arguements to URL's will cause cache misses and changing the order of existing valid URL arguements will also cause misses.

Cherian Thomas Wrote:
-------------------------------------------------------
> Thanks for this Michael.
>
>
>
> This is so surprising. If someone decides to Dos and crawls the
> website
> with a rogue header, this will essentially bypass the cache and put a
> strain on the website. In fact, I was hit by a dos attack that’s when
> I
> started looking at logs and realized the large number of MISSes.
>
>
>
> Can someone please help?
>
>
> - Cherian
>
> On Sat, May 12, 2018 at 12:01 PM, Friscia, Michael
> <michael.friscia@yale.edu
> > wrote:
>
> > I'm not sure if this will help, but I ignore/hide a lot, this is in
> my
> > config
> >
> >
> > proxy_ignore_headers X-Accel-Expires Expires Cache-Control
> Set-Cookie;
> > proxy_hide_header X-Accel-Expires;
> > proxy_hide_header Pragma;
> > proxy_hide_header Server;
> > proxy_hide_header Request-Context;
> > proxy_hide_header X-Powered-By;
> > proxy_hide_header X-AspNet-Version;
> > proxy_hide_header X-AspNetMvc-Version;
> >
> >
> > I have not experienced the problem you mention, I just thought I
> would
> > offer my config.
> >
> >
> > ___________________________________________
> >
> > Michael Friscia
> >
> > Office of Communications
> >
> > Yale School of Medicine
> >
> > (203) 737-7932 – office
> >
> > (203) 931-5381 – mobile
> >
> > http://web.yale.edu
> >
> <https://mailtrack.io/trace/link/8357a0bdd8c40c2ff5b7d91c7797cbc7a8535
> ffb?url=http%3A%2F%2Fweb.yale.edu%2F&userId=74734&signature=d652edf1f4
> f21323>
> >
> >
> > ------------------------------
> > *From:* nginx <nginx-bounces@nginx.org> on behalf of Quintin Par <
> > quintinpar@gmail.com>
> > *Sent:* Saturday, May 12, 2018 1:32 PM
> > *To:* nginx@nginx.org
> > *Subject:* Re: Debugging Nginx Cache Misses: Hitting high number of
> MISS
> > despite high proxy valid
> >
> >
> > That’s the tricky part. These MISSes are intermittent. Whenever I
> run curl
> > I get HITs but I end up seeing a lot of MISS in the logs.
> >
> >
> >
> > How do I log these MiSSes with the reason? I want to know what
> headers
> > ended up bypassing the cache.
> >
> >
> >
> > Here’s my caching config
> >
> >
> >
> > proxy_pass http://127.0.0.1:8000
> >
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__127.0.0.1-3A8000&
> d=DwMFaQ&c=cjytLXgP8ixuoHflwc-poQ&r=wvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_
> lS023SJrs&m=F-qGMOyS74uE8JM-dOLmNH92bQ1xQ-7Rj1d6k-_WST4&s=NHvlb1WColNw
> TWBF36P1whJdu5iWHK9_50IDHugaEdQ&e=>
> > ;
> >
> > proxy_set_header X-Real-IP $remote_addr;
> >
> > proxy_set_header X-Forwarded-For
> > $proxy_add_x_forwarded_for;
> >
> > proxy_set_header X-Forwarded-Proto https;
> >
> > proxy_set_header X-Forwarded-Port 443;
> >
> >
> >
> > # If logged in, don't cache.
> >
> > if ($http_cookie ~*
> "comment_author_|wordpress_(?!test_cookie)|wp-postpass_"
> > ) {
> >
> > set $do_not_cache 1;
> >
> > }
> >
> > proxy_cache_key "$scheme://$host$request_uri$
> > do_not_cache";
> >
> > proxy_cache staticfilecache;
> >
> > add_header Cache-Control public;
> >
> > proxy_cache_valid 200 120d;
> >
> > proxy_hide_header "Set-Cookie";
> >
> > proxy_ignore_headers "Set-Cookie";
> >
> > proxy_ignore_headers "Cache-Control";
> >
> > proxy_hide_header "Cache-Control";
> >
> > proxy_pass_header X-Accel-Expires;
> >
> >
> >
> > proxy_set_header Accept-Encoding "";
> >
> > proxy_ignore_headers Expires;
> >
> > add_header X-Cache-Status $upstream_cache_status;
> >
> > proxy_cache_use_stale timeout;
> >
> > proxy_cache_bypass $arg_nocache $do_not_cache;
> > - Quintin
> >
> >
> > On Sat, May 12, 2018 at 10:29 AM Lucas Rolff <lucas@lucasrolff.com>
> wrote:
> >
> > It can be as simple as doing a curl to your “origin” url (the one
> you
> > proxy_pass to) for the files you see that gets a lot of MISS’s – if
> there’s
> > odd headers such as cookies etc, then you’ll most likely experience
> a bad
> > cache if your nginx is configured to not ignore those headers.
> >
> >
> >
> > *From: *nginx <nginx-bounces@nginx.org> on behalf of Quintin Par <
> > quintinpar@gmail.com>
> > *Reply-To: *"nginx@nginx.org" <nginx@nginx.org>
> > *Date: *Saturday, 12 May 2018 at 18.26
> > *To: *"nginx@nginx.org" <nginx@nginx.org>
> > *Subject: *Debugging Nginx Cache Misses: Hitting high number of MISS
> > despite high proxy valid
> >
> >
> >
> > [image:
> >
> https://mailtrack.io/trace/mail/86a613eb1ce46a4e7fa6f9eb96989cddae6398
> 00.png?u=74734]
> >
> > My proxy cache path is set to a very high size
> >
> >
> >
> > proxy_cache_path /var/lib/nginx/cache levels=1:2
> > keys_zone=staticfilecache:180m max_size=700m;
> >
> > and the size used is only
> >
> >
> >
> > sudo du -sh *
> >
> > 14M cache
> >
> > 4.0K proxy
> >
> > Proxy cache valid is set to
> >
> >
> >
> > proxy_cache_valid 200 120d;
> >
> > I track HIT and MISS via
> >
> >
> >
> > add_header X-Cache-Status $upstream_cache_status;
> >
> > Despite these settings I am seeing a lot of MISSes. And this is for
> pages
> > I intentionally ran a cache warmer an hour ago.
> >
> >
> >
> > How do I debug why these MISSes are happening? How do I find out if
> the
> > miss was due to eviction, expiration, some rogue header etc? Does
> Nginx
> > provide commands for this?
> >
> >
> >
> > - Quintin
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> <https://mailtrack.io/trace/link/122c3dbd333c388f47f5c2776af9ebc3fc75a
> e10?url=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttp-
> 3A__mailman.nginx.org_mailman_listinfo_nginx%26d%3DDwMFaQ%26c%3DcjytLX
> gP8ixuoHflwc-poQ%26r%3DwvXEDjvtDPcv7AlldT5UvDx32KXBEM6um_lS023SJrs%26m
> %3DF-qGMOyS74uE8JM-dOLmNH92bQ1xQ-7Rj1d6k-_WST4%26s%3DD3LnZhfobOtlEStCv
> CDrcwmHydEHaGRFC4gnWvRT5Uk%26e%3D&userId=74734&signature=56c7a7ad18b2c
> 057>
> >
> >
> > _______________________________________________
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> <https://mailtrack.io/trace/link/92c2700d67bd6891ca1606e2df4e0f11c6d82
> 260?url=http%3A%2F%2Fmailman.nginx.org%2Fmailman%2Flistinfo%2Fnginx&us
> erId=74734&signature=3763121afa828bb7>
> >
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

http://www.networkflare.com/