XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Thu Aug 4 16:43:22 CEST 2016
Log message:
[root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
- ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"
- ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT
- ReqHeader X-Forwarded-For: 95.5.187.232
- VCL_call RECV
- ReqHeader X-Actual-IP: 95.5.187.232
- ReqUnset X-Forwarded-For: 95.5.187.232
- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
__gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
wFoW2XT0IpqCIsH5v7bQ; xf_session=
- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
est_cookie=WP+Cookie+check
- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
est_cookie=WP+Cookie+check
- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
est_cookie=WP+Cookie+check
- ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232
- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, 95.5.187.232
- ReqUnset Accept-Encoding: gzip, deflate, sdch
- ReqHeader Accept-Encoding: gzip
- VCL_Log PPPAASS
- VCL_return pass
- VCL_call HASH
- VCL_return lookup
- VCL_call PASS
- VCL_return fetch
- Link bereq 524435 pass
- Timestamp Fetch: 1470321283.617655 0.005758 0.005758
- RespProtocol HTTP/1.1
- RespStatus 200
- RespReason OK
- RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT
- RespHeader Server: Apache/2
- RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
- RespHeader ETag: "1787d-5392dab8f2b4e-gzip"
- RespHeader Accept-Ranges: bytes
--
- ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT
- ReqHeader X-Forwarded-For: 95.5.187.232
- VCL_call RECV
- ReqHeader X-Actual-IP: 95.5.187.232
- ReqUnset X-Forwarded-For: 95.5.187.232
- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
__gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
wFoW2XT0IpqCIsH5v7bQ; xf_session=
- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
est_cookie=WP+Cookie+check
- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
pps_times_showed_100=1;
xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
est_cookie=WP+Cookie+check
- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
pps_show_100=Th
2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
> I assume you reloaded/restarted Varnish after these changes were made. If
> so, can you verify that you do have the cookies set on the request?
>
> maybe add this log message right before returning
>
> if(req.http.Cookie ~ "xf_(session|user)") {
> std.log( "PPPAASS Cookie set for forum");
> return (pass);
>
> }
>
> Then you can use varnishlog command (below) to verify cookie is found
>
> varnishlog | grep -A15 -B15 "PPPAASS"
>
>
> Cheers,
> Richard
>
>
> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
> wrote:
> >
> > First of all, thank you. However the problem continues. Can you examine
> the codes?
> >
> >
> > /* SET THE HOST AND PORT OF WORDPRESS
> > * *********************************************************/
> > vcl 4.0;
> > import std;
> >
> > backend default {
> > .host = "*******";
> > .port = "8080";
> > .connect_timeout = 600s;
> > .first_byte_timeout = 600s;
> > .between_bytes_timeout = 600s;
> > .max_connections = 800;
> > }
> >
> > # SET THE ALLOWED IP OF PURGE REQUESTS
> > # ##########################################################
> > acl purge {
> > "localhost";
> > "127.0.0.1";
> > }
> >
> > #THE RECV FUNCTION
> > # ##########################################################
> > sub vcl_recv {
> >
> > if(req.http.Cookie ~ "xf_(session|user)") {
> > return (pass);
> > }
> >
> > # set realIP by trimming CloudFlare IP which will be used for various
> checks
> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
> "");
> >
> > # FORWARD THE IP OF THE REQUEST
> > if (req.restarts == 0) {
> > if (req.http.x-forwarded-for) {
> > set req.http.X-Forwarded-For =
> > req.http.X-Forwarded-For + ", " + client.ip;
> > } else {
> > set req.http.X-Forwarded-For = client.ip;
> > }
> > }
> >
> > # Purge request check sections for hash_always_miss, purge and ban
> > # BLOCK IF NOT IP is not in purge acl
> > # ##########################################################
> >
> > # Enable smart refreshing using hash_always_miss
> > if (req.http.Cache-Control ~ "no-cache") {
> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {
> > set req.hash_always_miss = true;
> > }
> > }
> >
> > if (req.method == "PURGE") {
> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {
> > return(synth(405,"Not allowed."));
> > }
> > return (purge);
> >
> > }
> > if (req.method == "BAN") {
> > # Same ACL check as above:
> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4") ~ purge) {
> > return(synth(403, "Not allowed."));
> > }
> > ban("req.http.host == " + req.http.host +
> > " && req.url == " + req.url);
> >
> > # Throw a synthetic page so the
> > # request won't go to the backend.
> > return(synth(200, "Ban added"));
> > }
> >
> >
> > # Unset cloudflare cookies
> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
> > set req.http.Cookie = regsuball(req.http.Cookie,
> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
> > # Remove a ";" prefix, if present.
> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
> >
> > # For Testing: If you want to test with Varnish passing (not caching)
> uncomment
> > # return( pass );
> >
> > # FORWARD THE IP OF THE REQUEST
> > if (req.restarts == 0) {
> > if (req.http.x-forwarded-for) {
> > set req.http.X-Forwarded-For =
> > req.http.X-Forwarded-For + ", " + client.ip;
> > } else {
> > set req.http.X-Forwarded-For = client.ip;
> > }
> > }
> >
> > # DO NOT CACHE RSS FEED
> > if (req.url ~ "/feed(/)?") {
> > return ( pass );
> > }
> >
> > ## Do not cache search results, comment these 3 lines if you do want to
> cache them
> >
> > if (req.url ~ "/\?s\=") {
> > return ( pass );
> > }
> >
> > # CLEAN UP THE ENCODING HEADER.
> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
> > # ##########################################################
> > if (req.http.Accept-Encoding) {
> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
> > # No point in compressing these
> > unset req.http.Accept-Encoding;
> > } elsif (req.http.Accept-Encoding ~ "gzip") {
> > set req.http.Accept-Encoding = "gzip";
> > } elsif (req.http.Accept-Encoding ~ "deflate") {
> > set req.http.Accept-Encoding = "deflate";
> > } else {
> > # unknown algorithm
> > unset req.http.Accept-Encoding;
> > }
> > }
> >
> > # PIPE ALL NON-STANDARD REQUESTS
> > # ##########################################################
> > if (req.method != "GET" &&
> > req.method != "HEAD" &&
> > req.method != "PUT" &&
> > req.method != "POST" &&
> > req.method != "TRACE" &&
> > req.method != "OPTIONS" &&
> > req.method != "DELETE") {
> > return (pipe);
> > }
> >
> > # ONLY CACHE GET AND HEAD REQUESTS
> > # ##########################################################
> > if (req.method != "GET" && req.method != "HEAD") {
> > return (pass);
> > }
> >
> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
> EITHER
> > # COMMENT OR UNCOMMENT BOTH
> > # ##########################################################
> > if ( req.http.cookie ~ "wordpress_logged_in" ) {
> > return( pass );
> > }
> >
> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
> > # THEN UNSET THE COOKIES
> > # ##########################################################
> > if (!(req.url ~ "wp-(login|admin)")
> > && !(req.url ~ "&preview=true" )
> > ){
> > unset req.http.cookie;
> > }
> >
> > # IF BASIC AUTH IS ON THEN DO NOT CACHE
> > # ##########################################################
> > if (req.http.Authorization || req.http.Cookie) {
> > return (pass);
> > }
> >
> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
> > # ##########################################################
> > return (hash);
> > # This is for phpmyadmin
> > if (req.http.Host == "ki1.org") {
> > return (pass);
> > }
> >
> > if (req.http.Host == "mysql.ki1.org") {
> > return (pass);
> > }
> >
> > }
> >
> > # HIT FUNCTION
> > # ##########################################################
> > sub vcl_hit {
> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
> > # ##########################################################
> > if (req.method == "PURGE") {
> > #
> > # This is now handled in vcl_recv.
> > #
> > # purge;
> > return (synth(200, "Purged."));
> > }
> > return (deliver);
> > }
> >
> > # MISS FUNCTION
> > # ##########################################################
> > sub vcl_miss {
> > if (req.method == "PURGE") {
> > #
> > # This is now handled in vcl_recv.
> > #
> > # purge;
> > return (synth(200, "Purged."));
> > }
> > return (fetch);
> > }
> >
> > # FETCH FUNCTION
> > # ##########################################################
> > sub vcl_backend_response {
> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
> > # TO DO THIS
> > # ##########################################################
> > set beresp.http.Vary = "Accept-Encoding";
> >
> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> > # TIME THIS PAGE WILL STAY CACHED (TTL)
> > # ##########################################################
> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> "wordpress_logged_in" ) {
> > unset beresp.http.set-cookie;
> > set beresp.ttl = 52w;
> > # set beresp.grace =1w;
> > }
> >
> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> > set beresp.uncacheable = true;
> > set beresp.ttl = 1w;
> > return (deliver);
> > }
> >
> >
> > if (beresp.ttl <= 0s ||
> > beresp.http.Set-Cookie ||
> > beresp.http.Vary == "*") {
> > set beresp.ttl = 120 s;
> > # set beresp.ttl = 120s;
> > set beresp.uncacheable = true;
> > return (deliver);
> > }
> >
> > return (deliver);
> > }
> >
> > # DELIVER FUNCTION
> > # ##########################################################
> > sub vcl_deliver {
> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
> > # IN THE HEADER (GREAT FOR DEBUGGING)
> > # ##########################################################
> > if (obj.hits > 0) {
> > set resp.http.X-Cache = "HIT";
> > # IF THIS IS A MISS RETURN THAT IN THE HEADER
> > # ##########################################################
> > } else {
> > set resp.http.X-Cache = "MISS";
> > }
> > }
> >
> >
> >
> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
> >>
> >> correction:
> >>
> >> sub vcl_recv {
> >> if(req.http.Cookie ~ "xf_(session|user)") {
> >> return (pass);
> >> }
> >> }
> >>
> >> sub vcl_backend_response {
> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> >> set beresp.uncacheable = true;
> >> set beresp.ttl = 1w;
> >> return (deliver);
> >> }
> >> }
> >>
> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
> >>>
> >>> Hello,
> >>>
> >>> Aside from the provided VCL being for WordPress, while you're running
> XenForo, the xf_ cookies are being dropped by your config. A quick fix is:
> >>>
> >>> sub vcl_recv {
> >>> if( req.http.Cookie ~ "xf_(session|user)") {
> >>> return (pass);
> >>> }
> >>> }
> >>>
> >>> sub vcl_backend_response {
> >>> if (req.http.Cookie ~ "xf_(session|user)") {
> >>> set beresp.uncacheable = true;
> >>> set beresp.ttl = 1w;
> >>> return (deliver);
> >>> }
> >>> }
> >>>
> >>> However, I suggest auditing your VCL, and only including rules
> specific to the application(s) which you are running.
> >>>
> >>>
> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
> ayberk.kimsesiz at gmail.com> wrote:
> >>>>
> >>>> Users can't login or register to domain.com/forum with the current
> settings. So we need to make a change related to xf_user and xf_session but
> how?
> >>>>
> >>>>
> >>>>
> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
> >>>>>
> >>>>> If you want Varnish to ignore request for a path you need to tell it
> to pass. In your example you have a rule for the RSS feed. You can do the
> same for /forum/ in your vcl_recv block.
> >>>>>
> >>>>> *# DO NOT CACHE RSS FEED*
> >>>>> * if (req.url ~ "/feed(/)?") {*
> >>>>> * return ( pass ); *
> >>>>> *}*
> >>>>>
> >>>>> *# DO NOT CACHE FORUM*
> >>>>> if (req.url ~ "/forum(/)?") {
> >>>>> return ( pass );
> >>>>> }
> >>>>>
> >>>>> Cheers,
> >>>>> Richard
> >>>>>
> >>>>>>
> >>>>>>
> >>>>>> Message: 1
> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
> >>>>>> Subject: XenForo default.vcl settings
> >>>>>> Message-ID:
> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_
> Q at mail.gmail.com>
> >>>>>> Content-Type: text/plain; charset="utf-8"
> >>>>>>
> >>>>>> Hi,
> >>>>>>
> >>>>>> Could you please share the appropriate Default.vcl settings for
> XenForo
> >>>>>> Forums? No one can register to the forum at the moment. My current
> >>>>>> Default.vcl settings are as follows.
> >>>>>>
> >>>>>> Forum address: domain.com/forum
> >>>>>>
> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
> >>>>>> * * *********************************************************/*
> >>>>>> *vcl 4.0;*
> >>>>>> *import std;*
> >>>>>>
> >>>>>> *backend default {*
> >>>>>> * .host = "*******";*
> >>>>>> * .port = "8080";*
> >>>>>> * .connect_timeout = 600s;*
> >>>>>> * .first_byte_timeout = 600s;*
> >>>>>> * .between_bytes_timeout = 600s;*
> >>>>>> * .max_connections = 800;*
> >>>>>> *}*
> >>>>>>
> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
> >>>>>> *# ##########################################################*
> >>>>>> *acl purge {*
> >>>>>> * "localhost";*
> >>>>>> * "127.0.0.1";*
> >>>>>> *}*
> >>>>>>
> >>>>>> *#THE RECV FUNCTION*
> >>>>>> *# ##########################################################*
> >>>>>> *sub vcl_recv {*
> >>>>>>
> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for
> various
> >>>>>> checks*
> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
> ].*$",
> >>>>>> ""); *
> >>>>>>
> >>>>>> * # FORWARD THE IP OF THE REQUEST*
> >>>>>> * if (req.restarts == 0) {*
> >>>>>> * if (req.http.x-forwarded-for) {*
> >>>>>> * set req.http.X-Forwarded-For =*
> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
> >>>>>> * } else {*
> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
> >>>>>> * }*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # Purge request check sections for hash_always_miss, purge and
> ban*
> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
> >>>>>> * # ##########################################################*
> >>>>>>
> >>>>>> * # Enable smart refreshing using hash_always_miss*
> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4") ~
> >>>>>> purge) {*
> >>>>>> * set req.hash_always_miss = true;*
> >>>>>> * }*
> >>>>>> *}*
> >>>>>>
> >>>>>> *if (req.method == "PURGE") {*
> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4") ~
> >>>>>> purge) {*
> >>>>>> * return(synth(405,"Not allowed."));*
> >>>>>> * }*
> >>>>>> * return (purge);*
> >>>>>>
> >>>>>> * }*
> >>>>>> *if (req.method == "BAN") {*
> >>>>>> * # Same ACL check as above:*
> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4")
> >>>>>> ~ purge) {*
> >>>>>> * return(synth(403, "Not allowed."));*
> >>>>>> * }*
> >>>>>> * ban("req.http.host == " + req.http.host +*
> >>>>>> * " && req.url == " + req.url);*
> >>>>>>
> >>>>>> * # Throw a synthetic page so the*
> >>>>>> * # request won't go to the backend.*
> >>>>>> * return(synth(200, "Ban added"));*
> >>>>>> *}*
> >>>>>>
> >>>>>>
> >>>>>> *# Unset cloudflare cookies*
> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
> >>>>>> * # Remove a ";" prefix, if present.*
> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
> >>>>>>
> >>>>>> * # For Testing: If you want to test with Varnish passing (not
> caching)
> >>>>>> uncomment*
> >>>>>> * # return( pass );*
> >>>>>>
> >>>>>> * # FORWARD THE IP OF THE REQUEST*
> >>>>>> * if (req.restarts == 0) {*
> >>>>>> * if (req.http.x-forwarded-for) {*
> >>>>>> * set req.http.X-Forwarded-For =*
> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
> >>>>>> * } else {*
> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
> >>>>>> * }*
> >>>>>> * }*
> >>>>>>
> >>>>>> *# DO NOT CACHE RSS FEED*
> >>>>>> * if (req.url ~ "/feed(/)?") {*
> >>>>>> * return ( pass ); *
> >>>>>> *}*
> >>>>>>
> >>>>>> *## Do not cache search results, comment these 3 lines if you do
> want to
> >>>>>> cache them*
> >>>>>>
> >>>>>> *if (req.url ~ "/\?s\=") {*
> >>>>>> * return ( pass ); *
> >>>>>> *}*
> >>>>>>
> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
> ACCEPT-ENCODING*
> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
> >>>>>> * # ##########################################################*
> >>>>>> * if (req.http.Accept-Encoding) {*
> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
> >>>>>> * # No point in compressing these*
> >>>>>> * unset req.http.Accept-Encoding;*
> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
> >>>>>> * set req.http.Accept-Encoding = "gzip";*
> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
> >>>>>> * set req.http.Accept-Encoding = "deflate";*
> >>>>>> * } else {*
> >>>>>> * # unknown algorithm*
> >>>>>> * unset req.http.Accept-Encoding;*
> >>>>>> * }*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
> >>>>>> * # ##########################################################*
> >>>>>> * if (req.method != "GET" &&*
> >>>>>> * req.method != "HEAD" &&*
> >>>>>> * req.method != "PUT" && *
> >>>>>> * req.method != "POST" &&*
> >>>>>> * req.method != "TRACE" &&*
> >>>>>> * req.method != "OPTIONS" &&*
> >>>>>> * req.method != "DELETE") {*
> >>>>>> * return (pipe);*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
> >>>>>> * # ##########################################################*
> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
> >>>>>> * return (pass);*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
> TOO,
> >>>>>> EITHER*
> >>>>>> * # COMMENT OR UNCOMMENT BOTH*
> >>>>>> * # ##########################################################*
> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
> >>>>>> * return( pass );*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
> >>>>>> * # THEN UNSET THE COOKIES*
> >>>>>> * # ##########################################################*
> >>>>>> * if (!(req.url ~ "wp-(login|admin)") *
> >>>>>> * && !(req.url ~ "&preview=true" ) *
> >>>>>> * ){*
> >>>>>> * unset req.http.cookie;*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
> >>>>>> * # ##########################################################*
> >>>>>> * if (req.http.Authorization || req.http.Cookie) {*
> >>>>>> * return (pass);*
> >>>>>> * }*
> >>>>>>
> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
> >>>>>> * # ##########################################################*
> >>>>>> * return (hash);*
> >>>>>> * # This is for phpmyadmin*
> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
> >>>>>> *return (pass);*
> >>>>>> *}*
> >>>>>>
> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
> >>>>>> *return (pass);*
> >>>>>> *}*
> >>>>>>
> >>>>>> *}*
> >>>>>>
> >>>>>> *# HIT FUNCTION*
> >>>>>> *# ##########################################################*
> >>>>>> *sub vcl_hit {*
> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
> >>>>>> * # ##########################################################*
> >>>>>> * if (req.method == "PURGE") {*
> >>>>>> * #*
> >>>>>> * # This is now handled in vcl_recv.*
> >>>>>> * #*
> >>>>>> * # purge;*
> >>>>>> * return (synth(200, "Purged."));*
> >>>>>> * }*
> >>>>>> * return (deliver);*
> >>>>>> *}*
> >>>>>>
> >>>>>> *# MISS FUNCTION*
> >>>>>> *# ##########################################################*
> >>>>>> *sub vcl_miss {*
> >>>>>> * if (req.method == "PURGE") {*
> >>>>>> * #*
> >>>>>> * # This is now handled in vcl_recv.*
> >>>>>> * #*
> >>>>>> * # purge;*
> >>>>>> * return (synth(200, "Purged."));*
> >>>>>> * }*
> >>>>>> * return (fetch);*
> >>>>>> *}*
> >>>>>>
> >>>>>> *# FETCH FUNCTION*
> >>>>>> *# ##########################################################*
> >>>>>> *sub vcl_backend_response {*
> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
> >>>>>> * # TO DO THIS*
> >>>>>> * # ##########################################################*
> >>>>>> * set beresp.http.Vary = "Accept-Encoding";*
> >>>>>>
> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
> >>>>>> * # ##########################################################*
> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> >>>>>> "wordpress_logged_in" ) {*
> >>>>>> * unset beresp.http.set-cookie;*
> >>>>>> * set beresp.ttl = 52w;*
> >>>>>> *# set beresp.grace =1w;*
> >>>>>> * }*
> >>>>>>
> >>>>>> * if (beresp.ttl <= 0s ||*
> >>>>>> * beresp.http.Set-Cookie ||*
> >>>>>> * beresp.http.Vary == "*") {*
> >>>>>> * set beresp.ttl = 120 s;*
> >>>>>> * # set beresp.ttl = 120s;*
> >>>>>> * set beresp.uncacheable = true;*
> >>>>>> * return (deliver);*
> >>>>>> * }*
> >>>>>>
> >>>>>> * return (deliver);*
> >>>>>> *}*
> >>>>>>
> >>>>>> *# DELIVER FUNCTION*
> >>>>>> *# ##########################################################*
> >>>>>> *sub vcl_deliver {*
> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
> >>>>>> * # ##########################################################*
> >>>>>> * if (obj.hits > 0) {*
> >>>>>> * set resp.http.X-Cache = "HIT";*
> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
> >>>>>> * # ##########################################################*
> >>>>>> * } else {*
> >>>>>> * set resp.http.X-Cache = "MISS";*
> >>>>>> * }*
> >>>>>> *}*
> >>>>>>
> >>>>>>
> >>>>>> Thanks,
> >>>>>> -------------- next part --------------
> >>>>>> An HTML attachment was scrubbed...
> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-
> misc/attachments/20160803/d572e4b2/attachment-0001.html>
> >>>>>>
> >>>>>> ------------------------------
> >>>>>>
> >>>>>> Message: 2
> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
> >>>>>> Subject: Re: XenForo default.vcl settings
> >>>>>> Message-ID:
> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4
> O3i1ofA at mail.gmail.com>
> >>>>>> Content-Type: text/plain; charset="utf-8"
> >>>>>>
> >>>>>> I need to add the followings to default.vcl for Xenforo. However,
> solutions
> >>>>>> in the Xenforo forums for this didn't work. Can you please help?
> >>>>>>
> >>>>>> xf_session_admin
> >>>>>> xf_user
> >>>>>> xf_session
> >>>>>>
> >>>>>> Or how can i block Varnish in a way that it doesn't work in *
> domain.com/forum
> >>>>>> <http://domain.com/forum>*
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
> ayberk.kimsesiz at gmail.com>:
> >>>>>>
> >>>>>> > Hi,
> >>>>>> >
> >>>>>> > Could you please share the appropriate Default.vcl settings for
> XenForo
> >>>>>> > Forums? No one can register to the forum at the moment. My current
> >>>>>> > Default.vcl settings are as follows.
> >>>>>> >
> >>>>>> > Forum address: domain.com/forum
> >>>>>> >
> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
> >>>>>> > * * *********************************************************/*
> >>>>>> > *vcl 4.0;*
> >>>>>> > *import std;*
> >>>>>> >
> >>>>>> > *backend default {*
> >>>>>> > * .host = "*******";*
> >>>>>> > * .port = "8080";*
> >>>>>> > * .connect_timeout = 600s;*
> >>>>>> > * .first_byte_timeout = 600s;*
> >>>>>> > * .between_bytes_timeout = 600s;*
> >>>>>> > * .max_connections = 800;*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
> >>>>>> > *# ##########################################################*
> >>>>>> > *acl purge {*
> >>>>>> > * "localhost";*
> >>>>>> > * "127.0.0.1";*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *#THE RECV FUNCTION*
> >>>>>> > *# ##########################################################*
> >>>>>> > *sub vcl_recv {*
> >>>>>> >
> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
> various
> >>>>>> > checks*
> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
> ].*$",
> >>>>>> > ""); *
> >>>>>> >
> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
> >>>>>> > * if (req.restarts == 0) {*
> >>>>>> > * if (req.http.x-forwarded-for) {*
> >>>>>> > * set req.http.X-Forwarded-For =*
> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
> >>>>>> > * } else {*
> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
> >>>>>> > * }*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # Purge request check sections for hash_always_miss, purge and
> ban*
> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
> >>>>>> > * # ##########################################################*
> >>>>>> >
> >>>>>> > * # Enable smart refreshing using hash_always_miss*
> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4") ~
> >>>>>> > purge) {*
> >>>>>> > * set req.hash_always_miss = true;*
> >>>>>> > * }*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *if (req.method == "PURGE") {*
> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> "1.2.3.4") ~
> >>>>>> > purge) {*
> >>>>>> > * return(synth(405,"Not allowed."));*
> >>>>>> > * }*
> >>>>>> > * return (purge);*
> >>>>>> >
> >>>>>> > * }*
> >>>>>> > *if (req.method == "BAN") {*
> >>>>>> > * # Same ACL check as above:*
> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
> >>>>>> > "1.2.3.4") ~ purge) {*
> >>>>>> > * return(synth(403, "Not allowed."));*
> >>>>>> > * }*
> >>>>>> > * ban("req.http.host == " + req.http.host +*
> >>>>>> > * " && req.url == " + req.url);*
> >>>>>> >
> >>>>>> > * # Throw a synthetic page so the*
> >>>>>> > * # request won't go to the backend.*
> >>>>>> > * return(synth(200, "Ban added"));*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> >
> >>>>>> > *# Unset cloudflare cookies*
> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
> >>>>>> > * # Remove a ";" prefix, if present.*
> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
> >>>>>> >
> >>>>>> > * # For Testing: If you want to test with Varnish passing (not
> caching)
> >>>>>> > uncomment*
> >>>>>> > * # return( pass );*
> >>>>>> >
> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
> >>>>>> > * if (req.restarts == 0) {*
> >>>>>> > * if (req.http.x-forwarded-for) {*
> >>>>>> > * set req.http.X-Forwarded-For =*
> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
> >>>>>> > * } else {*
> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
> >>>>>> > * }*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > *# DO NOT CACHE RSS FEED*
> >>>>>> > * if (req.url ~ "/feed(/)?") {*
> >>>>>> > * return ( pass ); *
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *## Do not cache search results, comment these 3 lines if you do
> want to
> >>>>>> > cache them*
> >>>>>> >
> >>>>>> > *if (req.url ~ "/\?s\=") {*
> >>>>>> > * return ( pass ); *
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
> ACCEPT-ENCODING*
> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (req.http.Accept-Encoding) {*
> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
> >>>>>> > * # No point in compressing these*
> >>>>>> > * unset req.http.Accept-Encoding;*
> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
> >>>>>> > * set req.http.Accept-Encoding = "gzip";*
> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
> >>>>>> > * set req.http.Accept-Encoding = "deflate";*
> >>>>>> > * } else {*
> >>>>>> > * # unknown algorithm*
> >>>>>> > * unset req.http.Accept-Encoding;*
> >>>>>> > * }*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (req.method != "GET" &&*
> >>>>>> > * req.method != "HEAD" &&*
> >>>>>> > * req.method != "PUT" && *
> >>>>>> > * req.method != "POST" &&*
> >>>>>> > * req.method != "TRACE" &&*
> >>>>>> > * req.method != "OPTIONS" &&*
> >>>>>> > * req.method != "DELETE") {*
> >>>>>> > * return (pipe);*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
> >>>>>> > * return (pass);*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
> TOO,
> >>>>>> > EITHER*
> >>>>>> > * # COMMENT OR UNCOMMENT BOTH*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
> >>>>>> > * return( pass );*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
> >>>>>> > * # THEN UNSET THE COOKIES*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
> >>>>>> > * && !(req.url ~ "&preview=true" ) *
> >>>>>> > * ){*
> >>>>>> > * unset req.http.cookie;*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
> >>>>>> > * return (pass);*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
> >>>>>> > * # ##########################################################*
> >>>>>> > * return (hash);*
> >>>>>> > * # This is for phpmyadmin*
> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
> >>>>>> > *return (pass);*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
> >>>>>> > *return (pass);*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# HIT FUNCTION*
> >>>>>> > *# ##########################################################*
> >>>>>> > *sub vcl_hit {*
> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (req.method == "PURGE") {*
> >>>>>> > * #*
> >>>>>> > * # This is now handled in vcl_recv.*
> >>>>>> > * #*
> >>>>>> > * # purge;*
> >>>>>> > * return (synth(200, "Purged."));*
> >>>>>> > * }*
> >>>>>> > * return (deliver);*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# MISS FUNCTION*
> >>>>>> > *# ##########################################################*
> >>>>>> > *sub vcl_miss {*
> >>>>>> > * if (req.method == "PURGE") {*
> >>>>>> > * #*
> >>>>>> > * # This is now handled in vcl_recv.*
> >>>>>> > * #*
> >>>>>> > * # purge;*
> >>>>>> > * return (synth(200, "Purged."));*
> >>>>>> > * }*
> >>>>>> > * return (fetch);*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# FETCH FUNCTION*
> >>>>>> > *# ##########################################################*
> >>>>>> > *sub vcl_backend_response {*
> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
> >>>>>> > * # TO DO THIS*
> >>>>>> > * # ##########################################################*
> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
> >>>>>> >
> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> >>>>>> > "wordpress_logged_in" ) {*
> >>>>>> > * unset beresp.http.set-cookie;*
> >>>>>> > * set beresp.ttl = 52w;*
> >>>>>> > *# set beresp.grace =1w;*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * if (beresp.ttl <= 0s ||*
> >>>>>> > * beresp.http.Set-Cookie ||*
> >>>>>> > * beresp.http.Vary == "*") {*
> >>>>>> > * set beresp.ttl = 120 s;*
> >>>>>> > * # set beresp.ttl = 120s;*
> >>>>>> > * set beresp.uncacheable = true;*
> >>>>>> > * return (deliver);*
> >>>>>> > * }*
> >>>>>> >
> >>>>>> > * return (deliver);*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> > *# DELIVER FUNCTION*
> >>>>>> > *# ##########################################################*
> >>>>>> > *sub vcl_deliver {*
> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
> >>>>>> > * # ##########################################################*
> >>>>>> > * if (obj.hits > 0) {*
> >>>>>> > * set resp.http.X-Cache = "HIT";*
> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
> >>>>>> > * # ##########################################################*
> >>>>>> > * } else {*
> >>>>>> > * set resp.http.X-Cache = "MISS";*
> >>>>>> > * }*
> >>>>>> > *}*
> >>>>>> >
> >>>>>> >
> >>>>>> > Thanks,
> >>>>>> >
> >>>>>> -------------- next part --------------
> >>>>>> An HTML attachment was scrubbed...
> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-
> misc/attachments/20160804/4e3f064a/attachment.html>
> >>>>>>
> >>>>>> ------------------------------
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> varnish-misc mailing list
> >>>>>> varnish-misc at varnish-cache.org
> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> >>>>>>
> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
> >>>>>> *********************************************
> >>>>>
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> varnish-misc mailing list
> >>>>> varnish-misc at varnish-cache.org
> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> >>>>
> >>>>
> >>>>
> >>>> _______________________________________________
> >>>> varnish-misc mailing list
> >>>> varnish-misc at varnish-cache.org
> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> >>>
> >>>
> >>
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/29602811/attachment-0001.html>
More information about the varnish-misc
mailing list