Varnish 403 Debugging¶
Too many headers from CSP module / Cache headers¶
Varnish has a set maximum length value for headers accepted, this can be easily overloaded by Magento cache tags or
CSP allow headers. Varnish will output an error message in
varnishlog complaining that the headers are too long/large.
To fix this issue, ensure that your Magento cache tags are not ridiculously large and check your application code.
If the issue is CSP headers, this will also show in the logs at the point the error is encountered. Unfortunately CSP is required for security, so the only way to resolve this is to update Varnish start up config.
You can edit SystemD configuration directly by running.
# As root systemctl edit varnish.service --full
This will show the full configuration for the service that SystemD will use in full.
-p http_resp_hdr_len=64000 to the end of the
The full line will look like this.
ExecStart=/usr/sbin/varnishd -a 127.0.0.1:8000 -T 127.0.0.1:6082 -P /run/varnishd.pid -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256M -p http_resp_hdr_len=64000
Do not use this to fix massive header counts for badly configured cache tags, this approach is only really applicable CSP header count/length issues.
Once the SystemD service is updated, be sure to run
systemctl daemon-reload and restart Varnish.
If you use Docker or Ansible to provision a container, ensure you update your setup permanently.