I know, it just seems too obvious to be worth mentioning, but if I have learned anything from scanning through access log files from a website with 3-digit million requests a day, it is that there is nothing that won’t be thrown your way. So better be safe than sorry and make sure only valid requests are forwarded to your already overwhelmed application servers.
sub vcl_recv {
if (req.request !~ "(?i)^(HEAD|GET|POST)$") {
error 405 "Method Not Allowed";
}
}
Pingback: Varnish is smarter than you | ops42