XenForo default.vcl settings
Lane, Richard
rlane at ahbelo.com
Thu Aug 4 14:26:49 CEST 2016
If you want Varnish to ignore request for a path you need to tell it to
pass. In your example you have a rule for the RSS feed. You can do the same
for /forum/ in your vcl_recv block.
*# DO NOT CACHE RSS FEED*
* if (req.url ~ "/feed(/)?") {*
* return ( pass ); *
*}*
*# DO NOT CACHE FORUM*
if (req.url ~ "/forum(/)?") {
return ( pass );
}
Cheers,
Richard
>
> Message: 1
> Date: Wed, 3 Aug 2016 23:34:40 +0300
> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
> To: varnish-misc <varnish-misc at varnish-cache.org>
> Subject: XenForo default.vcl settings
> Message-ID:
> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_
> Q at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hi,
>
> Could you please share the appropriate Default.vcl settings for XenForo
> Forums? No one can register to the forum at the moment. My current
> Default.vcl settings are as follows.
>
> Forum address: domain.com/forum
>
> */* SET THE HOST AND PORT OF WORDPRESS*
> * * *********************************************************/*
> *vcl 4.0;*
> *import std;*
>
> *backend default {*
> * .host = "*******";*
> * .port = "8080";*
> * .connect_timeout = 600s;*
> * .first_byte_timeout = 600s;*
> * .between_bytes_timeout = 600s;*
> * .max_connections = 800;*
> *}*
>
> *# SET THE ALLOWED IP OF PURGE REQUESTS*
> *# ##########################################################*
> *acl purge {*
> * "localhost";*
> * "127.0.0.1";*
> *}*
>
> *#THE RECV FUNCTION*
> *# ##########################################################*
> *sub vcl_recv {*
>
> *# set realIP by trimming CloudFlare IP which will be used for various
> checks*
> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
> ""); *
>
> * # FORWARD THE IP OF THE REQUEST*
> * if (req.restarts == 0) {*
> * if (req.http.x-forwarded-for) {*
> * set req.http.X-Forwarded-For =*
> * req.http.X-Forwarded-For + ", " + client.ip;*
> * } else {*
> * set req.http.X-Forwarded-For = client.ip;*
> * }*
> * }*
>
> * # Purge request check sections for hash_always_miss, purge and ban*
> * # BLOCK IF NOT IP is not in purge acl*
> * # ##########################################################*
>
> * # Enable smart refreshing using hash_always_miss*
> *if (req.http.Cache-Control ~ "no-cache") {*
> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {*
> * set req.hash_always_miss = true;*
> * }*
> *}*
>
> *if (req.method == "PURGE") {*
> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {*
> * return(synth(405,"Not allowed."));*
> * }*
> * return (purge);*
>
> * }*
> *if (req.method == "BAN") {*
> * # Same ACL check as above:*
> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
> ~ purge) {*
> * return(synth(403, "Not allowed."));*
> * }*
> * ban("req.http.host == " + req.http.host +*
> * " && req.url == " + req.url);*
>
> * # Throw a synthetic page so the*
> * # request won't go to the backend.*
> * return(synth(200, "Ban added"));*
> *}*
>
>
> *# Unset cloudflare cookies*
> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
> * set req.http.Cookie = regsuball(req.http.Cookie,
> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
> * # Remove a ";" prefix, if present.*
> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>
> * # For Testing: If you want to test with Varnish passing (not caching)
> uncomment*
> * # return( pass );*
>
> * # FORWARD THE IP OF THE REQUEST*
> * if (req.restarts == 0) {*
> * if (req.http.x-forwarded-for) {*
> * set req.http.X-Forwarded-For =*
> * req.http.X-Forwarded-For + ", " + client.ip;*
> * } else {*
> * set req.http.X-Forwarded-For = client.ip;*
> * }*
> * }*
>
> *# DO NOT CACHE RSS FEED*
> * if (req.url ~ "/feed(/)?") {*
> * return ( pass ); *
> *}*
>
> *## Do not cache search results, comment these 3 lines if you do want to
> cache them*
>
> *if (req.url ~ "/\?s\=") {*
> * return ( pass ); *
> *}*
>
> *# CLEAN UP THE ENCODING HEADER.*
> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING*
> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
> * # ##########################################################*
> * if (req.http.Accept-Encoding) {*
> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
> * # No point in compressing these*
> * unset req.http.Accept-Encoding;*
> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
> * set req.http.Accept-Encoding = "gzip";*
> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
> * set req.http.Accept-Encoding = "deflate";*
> * } else {*
> * # unknown algorithm*
> * unset req.http.Accept-Encoding;*
> * }*
> * }*
>
> * # PIPE ALL NON-STANDARD REQUESTS*
> * # ##########################################################*
> * if (req.method != "GET" &&*
> * req.method != "HEAD" &&*
> * req.method != "PUT" && *
> * req.method != "POST" &&*
> * req.method != "TRACE" &&*
> * req.method != "OPTIONS" &&*
> * req.method != "DELETE") {*
> * return (pipe);*
> * }*
>
> * # ONLY CACHE GET AND HEAD REQUESTS*
> * # ##########################################################*
> * if (req.method != "GET" && req.method != "HEAD") {*
> * return (pass);*
> * }*
>
> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
> EITHER*
> * # COMMENT OR UNCOMMENT BOTH*
> * # ##########################################################*
> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
> * return( pass );*
> * }*
>
> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
> * # THEN UNSET THE COOKIES*
> * # ##########################################################*
> * if (!(req.url ~ "wp-(login|admin)") *
> * && !(req.url ~ "&preview=true" ) *
> * ){*
> * unset req.http.cookie;*
> * }*
>
> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
> * # ##########################################################*
> * if (req.http.Authorization || req.http.Cookie) {*
> * return (pass);*
> * }*
>
> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
> * # ##########################################################*
> * return (hash);*
> * # This is for phpmyadmin*
> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
> *return (pass);*
> *}*
>
> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
> *return (pass);*
> *}*
>
> *}*
>
> *# HIT FUNCTION*
> *# ##########################################################*
> *sub vcl_hit {*
> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
> * # ##########################################################*
> * if (req.method == "PURGE") {*
> * #*
> * # This is now handled in vcl_recv.*
> * #*
> * # purge;*
> * return (synth(200, "Purged."));*
> * }*
> * return (deliver);*
> *}*
>
> *# MISS FUNCTION*
> *# ##########################################################*
> *sub vcl_miss {*
> * if (req.method == "PURGE") {*
> * #*
> * # This is now handled in vcl_recv.*
> * #*
> * # purge;*
> * return (synth(200, "Purged."));*
> * }*
> * return (fetch);*
> *}*
>
> *# FETCH FUNCTION*
> *# ##########################################################*
> *sub vcl_backend_response {*
> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
> * # TO DO THIS*
> * # ##########################################################*
> * set beresp.http.Vary = "Accept-Encoding";*
>
> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
> * # ##########################################################*
> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> "wordpress_logged_in" ) {*
> * unset beresp.http.set-cookie;*
> * set beresp.ttl = 52w;*
> *# set beresp.grace =1w;*
> * }*
>
> * if (beresp.ttl <= 0s ||*
> * beresp.http.Set-Cookie ||*
> * beresp.http.Vary == "*") {*
> * set beresp.ttl = 120 s;*
> * # set beresp.ttl = 120s;*
> * set beresp.uncacheable = true;*
> * return (deliver);*
> * }*
>
> * return (deliver);*
> *}*
>
> *# DELIVER FUNCTION*
> *# ##########################################################*
> *sub vcl_deliver {*
> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
> * # IN THE HEADER (GREAT FOR DEBUGGING)*
> * # ##########################################################*
> * if (obj.hits > 0) {*
> * set resp.http.X-Cache = "HIT";*
> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
> * # ##########################################################*
> * } else {*
> * set resp.http.X-Cache = "MISS";*
> * }*
> *}*
>
>
> Thanks,
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-
> misc/attachments/20160803/d572e4b2/attachment-0001.html>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 4 Aug 2016 12:14:36 +0300
> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
> To: varnish-misc <varnish-misc at varnish-cache.org>
> Subject: Re: XenForo default.vcl settings
> Message-ID:
> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4
> O3i1ofA at mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I need to add the followings to default.vcl for Xenforo. However, solutions
> in the Xenforo forums for this didn't work. Can you please help?
>
> xf_session_admin
> xf_user
> xf_session
>
> Or how can i block Varnish in a way that it doesn't work in *
> domain.com/forum
> <http://domain.com/forum>*
>
>
>
> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>:
>
> > Hi,
> >
> > Could you please share the appropriate Default.vcl settings for XenForo
> > Forums? No one can register to the forum at the moment. My current
> > Default.vcl settings are as follows.
> >
> > Forum address: domain.com/forum
> >
> > */* SET THE HOST AND PORT OF WORDPRESS*
> > * * *********************************************************/*
> > *vcl 4.0;*
> > *import std;*
> >
> > *backend default {*
> > * .host = "*******";*
> > * .port = "8080";*
> > * .connect_timeout = 600s;*
> > * .first_byte_timeout = 600s;*
> > * .between_bytes_timeout = 600s;*
> > * .max_connections = 800;*
> > *}*
> >
> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
> > *# ##########################################################*
> > *acl purge {*
> > * "localhost";*
> > * "127.0.0.1";*
> > *}*
> >
> > *#THE RECV FUNCTION*
> > *# ##########################################################*
> > *sub vcl_recv {*
> >
> > *# set realIP by trimming CloudFlare IP which will be used for various
> > checks*
> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
> > ""); *
> >
> > * # FORWARD THE IP OF THE REQUEST*
> > * if (req.restarts == 0) {*
> > * if (req.http.x-forwarded-for) {*
> > * set req.http.X-Forwarded-For =*
> > * req.http.X-Forwarded-For + ", " + client.ip;*
> > * } else {*
> > * set req.http.X-Forwarded-For = client.ip;*
> > * }*
> > * }*
> >
> > * # Purge request check sections for hash_always_miss, purge and ban*
> > * # BLOCK IF NOT IP is not in purge acl*
> > * # ##########################################################*
> >
> > * # Enable smart refreshing using hash_always_miss*
> > *if (req.http.Cache-Control ~ "no-cache") {*
> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> > purge) {*
> > * set req.hash_always_miss = true;*
> > * }*
> > *}*
> >
> > *if (req.method == "PURGE") {*
> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> > purge) {*
> > * return(synth(405,"Not allowed."));*
> > * }*
> > * return (purge);*
> >
> > * }*
> > *if (req.method == "BAN") {*
> > * # Same ACL check as above:*
> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> > "1.2.3.4") ~ purge) {*
> > * return(synth(403, "Not allowed."));*
> > * }*
> > * ban("req.http.host == " + req.http.host +*
> > * " && req.url == " + req.url);*
> >
> > * # Throw a synthetic page so the*
> > * # request won't go to the backend.*
> > * return(synth(200, "Ban added"));*
> > *}*
> >
> >
> > *# Unset cloudflare cookies*
> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
> > * set req.http.Cookie = regsuball(req.http.Cookie,
> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
> > * # Remove a ";" prefix, if present.*
> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
> >
> > * # For Testing: If you want to test with Varnish passing (not caching)
> > uncomment*
> > * # return( pass );*
> >
> > * # FORWARD THE IP OF THE REQUEST*
> > * if (req.restarts == 0) {*
> > * if (req.http.x-forwarded-for) {*
> > * set req.http.X-Forwarded-For =*
> > * req.http.X-Forwarded-For + ", " + client.ip;*
> > * } else {*
> > * set req.http.X-Forwarded-For = client.ip;*
> > * }*
> > * }*
> >
> > *# DO NOT CACHE RSS FEED*
> > * if (req.url ~ "/feed(/)?") {*
> > * return ( pass ); *
> > *}*
> >
> > *## Do not cache search results, comment these 3 lines if you do want to
> > cache them*
> >
> > *if (req.url ~ "/\?s\=") {*
> > * return ( pass ); *
> > *}*
> >
> > *# CLEAN UP THE ENCODING HEADER.*
> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
> ACCEPT-ENCODING*
> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
> > * # ##########################################################*
> > * if (req.http.Accept-Encoding) {*
> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
> > * # No point in compressing these*
> > * unset req.http.Accept-Encoding;*
> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
> > * set req.http.Accept-Encoding = "gzip";*
> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
> > * set req.http.Accept-Encoding = "deflate";*
> > * } else {*
> > * # unknown algorithm*
> > * unset req.http.Accept-Encoding;*
> > * }*
> > * }*
> >
> > * # PIPE ALL NON-STANDARD REQUESTS*
> > * # ##########################################################*
> > * if (req.method != "GET" &&*
> > * req.method != "HEAD" &&*
> > * req.method != "PUT" && *
> > * req.method != "POST" &&*
> > * req.method != "TRACE" &&*
> > * req.method != "OPTIONS" &&*
> > * req.method != "DELETE") {*
> > * return (pipe);*
> > * }*
> >
> > * # ONLY CACHE GET AND HEAD REQUESTS*
> > * # ##########################################################*
> > * if (req.method != "GET" && req.method != "HEAD") {*
> > * return (pass);*
> > * }*
> >
> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
> > EITHER*
> > * # COMMENT OR UNCOMMENT BOTH*
> > * # ##########################################################*
> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
> > * return( pass );*
> > * }*
> >
> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
> > * # THEN UNSET THE COOKIES*
> > * # ##########################################################*
> > * if (!(req.url ~ "wp-(login|admin)") *
> > * && !(req.url ~ "&preview=true" ) *
> > * ){*
> > * unset req.http.cookie;*
> > * }*
> >
> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
> > * # ##########################################################*
> > * if (req.http.Authorization || req.http.Cookie) {*
> > * return (pass);*
> > * }*
> >
> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
> > * # ##########################################################*
> > * return (hash);*
> > * # This is for phpmyadmin*
> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
> > *return (pass);*
> > *}*
> >
> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
> > *return (pass);*
> > *}*
> >
> > *}*
> >
> > *# HIT FUNCTION*
> > *# ##########################################################*
> > *sub vcl_hit {*
> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
> > * # ##########################################################*
> > * if (req.method == "PURGE") {*
> > * #*
> > * # This is now handled in vcl_recv.*
> > * #*
> > * # purge;*
> > * return (synth(200, "Purged."));*
> > * }*
> > * return (deliver);*
> > *}*
> >
> > *# MISS FUNCTION*
> > *# ##########################################################*
> > *sub vcl_miss {*
> > * if (req.method == "PURGE") {*
> > * #*
> > * # This is now handled in vcl_recv.*
> > * #*
> > * # purge;*
> > * return (synth(200, "Purged."));*
> > * }*
> > * return (fetch);*
> > *}*
> >
> > *# FETCH FUNCTION*
> > *# ##########################################################*
> > *sub vcl_backend_response {*
> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
> > * # TO DO THIS*
> > * # ##########################################################*
> > * set beresp.http.Vary = "Accept-Encoding";*
> >
> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
> > * # ##########################################################*
> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> > "wordpress_logged_in" ) {*
> > * unset beresp.http.set-cookie;*
> > * set beresp.ttl = 52w;*
> > *# set beresp.grace =1w;*
> > * }*
> >
> > * if (beresp.ttl <= 0s ||*
> > * beresp.http.Set-Cookie ||*
> > * beresp.http.Vary == "*") {*
> > * set beresp.ttl = 120 s;*
> > * # set beresp.ttl = 120s;*
> > * set beresp.uncacheable = true;*
> > * return (deliver);*
> > * }*
> >
> > * return (deliver);*
> > *}*
> >
> > *# DELIVER FUNCTION*
> > *# ##########################################################*
> > *sub vcl_deliver {*
> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
> > * # ##########################################################*
> > * if (obj.hits > 0) {*
> > * set resp.http.X-Cache = "HIT";*
> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
> > * # ##########################################################*
> > * } else {*
> > * set resp.http.X-Cache = "MISS";*
> > * }*
> > *}*
> >
> >
> > Thanks,
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-
> misc/attachments/20160804/4e3f064a/attachment.html>
>
> ------------------------------
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
> End of varnish-misc Digest, Vol 125, Issue 14
> *********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/0774d8c0/attachment-0001.html>
More information about the varnish-misc
mailing list