Extreme big headers only in large configurable products

We have a magento 2.4.0 store. Most of our products are configurable. And some of them are having a lot of options. We also use swatch options.

We have discovered some links which return:

Error 503 Backend fetch failed

Backend fetch failed

Guru Meditation:

XID: 56884378

Varnish cache server

My Nginx configuration file:

autoindex       off;
    sendfile        on;
    tcp_nodelay     on;
    keepalive_timeout 25;
    client_body_timeout 15;
    client_header_timeout 15;
    send_timeout 15;
    types_hash_max_size 2048;
    server_tokens off;
    client_max_body_size 64M;
    client_body_buffer_size 128k;
    client_header_buffer_size 16k;
    large_client_header_buffers 4 16k;
    fastcgi_read_timeout 300;
    proxy_read_timeout 300;
    fastcgi_buffer_size 256k;
    fastcgi_buffers 16 256k;

    open_file_cache max=50000 inactive=30s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;


    gzip on;
    gzip_vary   on;
    gzip_disable "MSIE [1-6].";
    gzip_static on;
    gzip_min_length   1400;
    gzip_buffers      16 8k;
    gzip_http_version 1.1;
    gzip_comp_level 6;
    gzip_proxied    any;
    gzip_types text/plain text/css text/xml application/javascript  application/x-javascript application/xml application/xml+rss application/ecmascript application/json image/svg+xml ;

My vhost file:

fastcgi_index index.php;
        fastcgi_pass golfcoukbackend;
        fastcgi_buffers 16 256k;
        fastcgi_buffer_size 256k;
        fastcgi_read_timeout 600s;
        fastcgi_connect_timeout 600s;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
        location ~* .(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
           add_header Cache-Control "public";
           add_header X-Frame-Options "SAMEORIGIN";
           expires +1y;
        }
  }

Nginx seems that does not have issue.

Varnish default.vcl file:

# Varnish configuration
vcl 4.0;

import std;
# The minimal Varnish version is 6.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'


backend default {
    .host = "10.2.37.9";
    .port = "8080";
    .first_byte_timeout = 600s;
#    .probe = {
#        .url = "/health_check.php";
#        .timeout = 2s;
#        .interval = 5s;
#        .window = 10;
#        .threshold = 5;
#   }
}


acl purge {
    "127.0.0.1";
    "myip";
    "10.2.37.9";
}

sub vcl_recv {

    # For multiple backends, uncomment the below. Ensure you are using the right
    # selection code depending on the type of loadbalancing being used.
    # set req.backend_hint = prod_web.backend();

    # Remove this if using multiple backends.
    set req.backend_hint = default;

    # To Exclude a Domain uncomment the below 
    #if (req.http.host ~ "exampledomain.com") {
    #return (pass);
    #}

    if (req.restarts > 0) {
        set req.hash_always_miss = true;
    }

    # Exclude domain example
    if (req.http.host ~ "exampledomain.com") {
     return (pass);
    }

    # Exclude URI example
     if (req.url ~ "^/.well-known/") {
      return (pass);
    }

    if (req.method == "PURGE") {
        if (client.ip !~ purge) {
            return (synth(405, "Method not allowed"));
        }
        # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
        # has been added to the response in your backend server config. This is used, for example, by the
        # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
        if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
            return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
        }

        if (req.http.X-Magento-Tags-Pattern) {
          ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
        }

        # ban everything to catch assets as well
        if (req.http.X-Magento-Tags-Pattern == ".*") {
          ban("req.url ~ .*");
        }

        if (req.http.X-Pool) {
          ban("obj.http.X-Pool ~ " + req.http.X-Pool);
        }
        return (synth(200, "Purged"));
    }

    # HTTP -> HTTPS
    if (req.http.X-Forwarded-Proto !~ "https") {
        set req.http.location = "https://" + req.http.host + req.url;
        return (synth(750, "Permanently moved"));
    }

    if (req.method != "GET" &&
        req.method != "HEAD" &&
        req.method != "PUT" &&
        req.method != "POST" &&
        req.method != "TRACE" &&
        req.method != "OPTIONS" &&
        req.method != "DELETE") {
          /* Non-RFC2616 or CONNECT which is weird. */
          return (pipe);
    }

    # We only deal with GET and HEAD by default
    if (req.method != "GET" && req.method != "HEAD") {
        return (pass);
    }

    # Bypass shopping cart, checkout and search requests
    if (req.url ~ "/checkout" || req.url ~ "/catalogsearch") {
        return (pass);
    }

    # Bypass health check requests
    if (req.url ~ "/health_check.php") {
        return (pass);
    }

    # Set initial grace period usage status
    set req.http.grace = "none";

    # normalize url in case of leading HTTP scheme and domain
    set req.url = regsub(req.url, "^http[s]?://", "");

    # collect all cookies
    std.collect(req.http.Cookie);

    # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
    if (req.http.Accept-Encoding) {
        if (req.url ~ ".(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
            # No point in compressing these
            unset req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
            set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
            set req.http.Accept-Encoding = "deflate";
        } else {
            # unknown algorithm
            unset req.http.Accept-Encoding;
        }
    }

    # Remove all marketing get parameters to minimize the cache objects
    if (req.url ~ "(?|&)(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
        set req.url = regsuball(req.url, "(gclid|cx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
        set req.url = regsub(req.url, "[?|&]+$", "");
    }

    # Static files caching
    if (req.url ~ "^/(pub/)?(media|static)/") {
        # Static files should not be cached by default
        return (pass);

        # But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
        #unset req.http.Https;
        #unset req.http.X-Forwarded-Proto;
        #unset req.http.Cookie;
    }

    return (hash);
}

sub vcl_hash {
    if (req.http.cookie ~ "X-Magento-Vary=") {
        hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "1"));
    }

    # For multi site configurations to not cache each other's content
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }

    # To make sure http users don't see ssl warning
    if (req.http.X-Forwarded-Proto) {
        hash_data(req.http.X-Forwarded-Proto);
    }
    

    if (req.url ~ "/graphql") {
        call process_graphql_headers;
    }
}

sub process_graphql_headers {
    if (req.http.Store) {
        hash_data(req.http.Store);
    }
    if (req.http.Content-Currency) {
        hash_data(req.http.Content-Currency);
    }
}

sub vcl_backend_response {

    set beresp.grace = 3d;

    if (beresp.http.content-type ~ "text") {
        set beresp.do_esi = true;
    }

    if (bereq.url ~ ".js$" || beresp.http.content-type ~ "text") {
        set beresp.do_gzip = true;
    }

    if (beresp.http.X-Magento-Debug) {
        set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
    }

    # cache only successfully responses and 404s
    if (beresp.status != 200 && beresp.status != 404) {
        set beresp.ttl = 0s;
        set beresp.uncacheable = true;
        return (deliver);
    } elsif (beresp.http.Cache-Control ~ "private") {
        set beresp.uncacheable = true;
        set beresp.ttl = 86400s;
        return (deliver);
    }

    # validate if we need to cache it and prevent from setting cookie
    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
        unset beresp.http.set-cookie;
    }

   # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
   if (beresp.ttl <= 0s ||
       beresp.http.Surrogate-control ~ "no-store" ||
       (!beresp.http.Surrogate-Control &&
       beresp.http.Cache-Control ~ "no-cache|no-store") ||
       beresp.http.Vary == "*") {
        # Mark as Hit-For-Pass for the next 2 minutes
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
    }

    return (deliver);
}

sub vcl_deliver {
    if (resp.http.X-Magento-Debug) {
        if (resp.http.x-varnish ~ " ") {
            set resp.http.X-Magento-Cache-Debug = "HIT";
            set resp.http.Grace = req.http.grace;
        } else {
            set resp.http.X-Magento-Cache-Debug = "MISS";
        }
    } else {
        unset resp.http.Age;
    }

    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
        set resp.http.X-Cache-Hits = obj.hits;
    }
    else {
        set resp.http.X-Cache = "MISS";
    }

    # Not letting browser to cache non-static files.
    if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
        set resp.http.Pragma = "no-cache";
        set resp.http.Expires = "-1";
        set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
    }

    unset resp.http.X-Magento-Debug;
    unset resp.http.X-Magento-Tags;
    unset resp.http.X-Powered-By;
    unset resp.http.Server;
    unset resp.http.X-Varnish;
    unset resp.http.Via;
    unset resp.http.Link;
}

sub vcl_synth {
    if (resp.status == 750) {
        set resp.http.location = req.http.location;
        set resp.status = 301;
        return (deliver);
    }
}

#sub vcl_hit {
#    if (obj.ttl >= 0s) {
        # Hit within TTL period
#        return (deliver);
#    }
#    if (std.healthy(req.backend_hint)) {
#        if (obj.ttl + 300s > 0s) {
            # Hit after TTL expiration, but within grace period
#            set req.http.grace = "normal (healthy server)";
#            return (deliver);
#        } else {
            # Hit after TTL and grace expiration
#            return (restart);
#        }
#    } else {
        # server is not healthy, retrieve from cache
#        set req.http.grace = "unlimited (unhealthy server)";
#        return (deliver);
#    }
#}

Varnish runs with default hdr_len

If I am right our issue is related with magento 2 bug with configurable products and big headers which are coming when there is a configurable products with a lot of variations.

https://github.com/magento/magento2/issues/23834

I have tried a solution described in above link which disable plugin product_identities_extender. This fixes the problem but not in all our products…

Some still return Backend fetch failed

Any help please? I am in dead end here!