How to config varnish to NOT cache content within cookies

Chaos Lee chaokovsky.lee at gmail.com
Tue Nov 23 02:48:15 CET 2010


In varnish document, it said varnish dosen't cache content within cookies.
But I find varnish cached the content in my environment, so the login user
chaos at all. This is my config vcl:

backend www {
    .host = "www.sample.com";
    .port = "80";
}

backend v {
    .host = "v.sample.com";
    .port = "80";
}

backend u {
    .host = "u.sample.com";
    .port = "80";
}


backend so {
    .host = "so.sample.com";
    .port = "80";
}

acl purge {
    "localhost";
    "10.0.0.0"/8;
}

sub vcl_recv {
    set req.grace = 30m;

    if (req.http.x-forwarded-for) {
        set req.http.X-Forwarded-For = req.http.X-Forwarded-For ", "
client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;
    }

    if (req.http.range && !req.url ~ "^/player/get\w*M3U8/.*") {
        error 403 "Forbidden";
    }

    if (req.http.host ~ "^(www.)?sample.com$") {
        set req.backend = www;
    } elsif (req.http.host ~ "^v.sample.com$") {
        set req.backend = v;
    } elsif (req.http.host ~ "^u.sample.com$") {
        set req.backend = u;
    } elsif (req.http.host ~ "^so.sample.com$") {
        set req.backend = so;
    } else {
        error 404 "Unknown virtual host";
    }

    # Allow ip from PURGE acl
    if (req.request == "PURGE") {
        if (!client.ip ~ purge) {
            error 405 "Not allowed.";
        }
            return (lookup);
    }

    if (req.request != "GET" && req.request != "HEAD") {
        return (pass);
    }

    if (req.http.authenticate || req.http.authorization) {
        return (pass);
    }

    if (req.http.cookie && req.http.cookie ~ "authtoken=") {
        return (pass);
    }

    return (lookup);
}

sub vcl_hit {
    if (req.request == "PURGE") {
        set obj.ttl = 0s;
        error 200 "Purged";
    }

    if (!obj.cacheable) {
        return (pass);
    }

    return (deliver);
}

sub vcl_miss {
    if (req.request == "PURGE") {
        error 405 "Not in cache";
    }

    return (fetch);
}

sub vcl_deliver {
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT on a29.squid";
    } else {
        set resp.http.X-Cache = "MISS from a29.squid";
    }

    # Remove unused varnish header
    remove resp.http.X-Varnish;
    return (deliver);
}

sub vcl_fetch {
    set beresp.grace = 30m;

    return (deliver);
}

sub vcl_pass {
    remove bereq.http.X-Varnish;

    return (pass);
}

sub vcl_error {
    set obj.http.Cache-Control = "no-store, no-cache, must-revalidate";
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {""};
    return (deliver);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20101123/5e264fd1/attachment-0003.html>


More information about the varnish-misc mailing list