XenForo default.vcl settings
Lane, Richard
rlane at ahbelo.com
Thu Aug 4 17:02:34 CEST 2016
I agree that the order of execution may be getting you here. If you need
the WordPress rules then you may need to put additional logic to ensure
non-wordpress applications are not negatively affected.
What happens if you change the order of these two blocks? Put your
Set-Cookie check block before the wp-login check.
> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> # TIME THIS PAGE WILL STAY CACHED (TTL)
> # ##########################################################
> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
"wordpress_logged_in" ) {
> unset beresp.http.set-cookie;
> set beresp.ttl = 52w;
> # set beresp.grace =1w;
> }
>
> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> set beresp.uncacheable = true;
> set beresp.ttl = 1w;
> return (deliver);
> }
On Thu, Aug 4, 2016 at 9:50 AM, Andrei <lagged at gmail.com> wrote:
> The log output suggests the xf_ cookie check in vcl_recv is not the first
> thing to run as you pasted earlier. Also, looking a bit closer, your issue
> the fact that you unset the cookie in vcl_backend_response if it's not
> wordpress related. Again, you should really audit your entire VCL, and
> remove unneeded stuff, like all the WordPress related rules if you're not
> using it.
>
> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com
> > wrote:
>
>> Log message:
>>
>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"
>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT
>> - ReqHeader X-Forwarded-For: 95.5.187.232
>> - VCL_call RECV
>> - ReqHeader X-Actual-IP: 95.5.187.232
>> - ReqUnset X-Forwarded-For: 95.5.187.232
>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>> est_cookie=WP+Cookie+check
>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>> est_cookie=WP+Cookie+check
>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>> est_cookie=WP+Cookie+check
>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232
>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232,
>> 95.5.187.232
>> - ReqUnset Accept-Encoding: gzip, deflate, sdch
>> - ReqHeader Accept-Encoding: gzip
>> - VCL_Log PPPAASS
>> - VCL_return pass
>> - VCL_call HASH
>> - VCL_return lookup
>> - VCL_call PASS
>> - VCL_return fetch
>> - Link bereq 524435 pass
>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758
>> - RespProtocol HTTP/1.1
>> - RespStatus 200
>> - RespReason OK
>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT
>> - RespHeader Server: Apache/2
>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip"
>> - RespHeader Accept-Ranges: bytes
>> --
>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT
>> - ReqHeader X-Forwarded-For: 95.5.187.232
>> - VCL_call RECV
>> - ReqHeader X-Actual-IP: 95.5.187.232
>> - ReqUnset X-Forwarded-For: 95.5.187.232
>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>> est_cookie=WP+Cookie+check
>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>> pps_times_showed_100=1;
>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>> est_cookie=WP+Cookie+check
>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>> pps_show_100=Th
>>
>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>
>>> I assume you reloaded/restarted Varnish after these changes were made.
>>> If so, can you verify that you do have the cookies set on the request?
>>>
>>> maybe add this log message right before returning
>>>
>>> if(req.http.Cookie ~ "xf_(session|user)") {
>>> std.log( "PPPAASS Cookie set for forum");
>>> return (pass);
>>>
>>> }
>>>
>>> Then you can use varnishlog command (below) to verify cookie is found
>>>
>>> varnishlog | grep -A15 -B15 "PPPAASS"
>>>
>>>
>>> Cheers,
>>> Richard
>>>
>>>
>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <
>>> ayberk.kimsesiz at gmail.com> wrote:
>>> >
>>> > First of all, thank you. However the problem continues. Can you
>>> examine the codes?
>>> >
>>> >
>>> > /* SET THE HOST AND PORT OF WORDPRESS
>>> > * *********************************************************/
>>> > vcl 4.0;
>>> > import std;
>>> >
>>> > backend default {
>>> > .host = "*******";
>>> > .port = "8080";
>>> > .connect_timeout = 600s;
>>> > .first_byte_timeout = 600s;
>>> > .between_bytes_timeout = 600s;
>>> > .max_connections = 800;
>>> > }
>>> >
>>> > # SET THE ALLOWED IP OF PURGE REQUESTS
>>> > # ##########################################################
>>> > acl purge {
>>> > "localhost";
>>> > "127.0.0.1";
>>> > }
>>> >
>>> > #THE RECV FUNCTION
>>> > # ##########################################################
>>> > sub vcl_recv {
>>> >
>>> > if(req.http.Cookie ~ "xf_(session|user)") {
>>> > return (pass);
>>> > }
>>> >
>>> > # set realIP by trimming CloudFlare IP which will be used for various
>>> checks
>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>> ].*$", "");
>>> >
>>> > # FORWARD THE IP OF THE REQUEST
>>> > if (req.restarts == 0) {
>>> > if (req.http.x-forwarded-for) {
>>> > set req.http.X-Forwarded-For =
>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>> > } else {
>>> > set req.http.X-Forwarded-For = client.ip;
>>> > }
>>> > }
>>> >
>>> > # Purge request check sections for hash_always_miss, purge and ban
>>> > # BLOCK IF NOT IP is not in purge acl
>>> > # ##########################################################
>>> >
>>> > # Enable smart refreshing using hash_always_miss
>>> > if (req.http.Cache-Control ~ "no-cache") {
>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>> ~ purge) {
>>> > set req.hash_always_miss = true;
>>> > }
>>> > }
>>> >
>>> > if (req.method == "PURGE") {
>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>> ~ purge) {
>>> > return(synth(405,"Not allowed."));
>>> > }
>>> > return (purge);
>>> >
>>> > }
>>> > if (req.method == "BAN") {
>>> > # Same ACL check as above:
>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4") ~ purge) {
>>> > return(synth(403, "Not allowed."));
>>> > }
>>> > ban("req.http.host == " + req.http.host +
>>> > " && req.url == " + req.url);
>>> >
>>> > # Throw a synthetic page so the
>>> > # request won't go to the backend.
>>> > return(synth(200, "Ban added"));
>>> > }
>>> >
>>> >
>>> > # Unset cloudflare cookies
>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
>>> > set req.http.Cookie = regsuball(req.http.Cookie,
>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
>>> > # Remove a ";" prefix, if present.
>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>>> >
>>> > # For Testing: If you want to test with Varnish passing (not
>>> caching) uncomment
>>> > # return( pass );
>>> >
>>> > # FORWARD THE IP OF THE REQUEST
>>> > if (req.restarts == 0) {
>>> > if (req.http.x-forwarded-for) {
>>> > set req.http.X-Forwarded-For =
>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>> > } else {
>>> > set req.http.X-Forwarded-For = client.ip;
>>> > }
>>> > }
>>> >
>>> > # DO NOT CACHE RSS FEED
>>> > if (req.url ~ "/feed(/)?") {
>>> > return ( pass );
>>> > }
>>> >
>>> > ## Do not cache search results, comment these 3 lines if you do want
>>> to cache them
>>> >
>>> > if (req.url ~ "/\?s\=") {
>>> > return ( pass );
>>> > }
>>> >
>>> > # CLEAN UP THE ENCODING HEADER.
>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>> ACCEPT-ENCODING
>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
>>> > # ##########################################################
>>> > if (req.http.Accept-Encoding) {
>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
>>> > # No point in compressing these
>>> > unset req.http.Accept-Encoding;
>>> > } elsif (req.http.Accept-Encoding ~ "gzip") {
>>> > set req.http.Accept-Encoding = "gzip";
>>> > } elsif (req.http.Accept-Encoding ~ "deflate") {
>>> > set req.http.Accept-Encoding = "deflate";
>>> > } else {
>>> > # unknown algorithm
>>> > unset req.http.Accept-Encoding;
>>> > }
>>> > }
>>> >
>>> > # PIPE ALL NON-STANDARD REQUESTS
>>> > # ##########################################################
>>> > if (req.method != "GET" &&
>>> > req.method != "HEAD" &&
>>> > req.method != "PUT" &&
>>> > req.method != "POST" &&
>>> > req.method != "TRACE" &&
>>> > req.method != "OPTIONS" &&
>>> > req.method != "DELETE") {
>>> > return (pipe);
>>> > }
>>> >
>>> > # ONLY CACHE GET AND HEAD REQUESTS
>>> > # ##########################################################
>>> > if (req.method != "GET" && req.method != "HEAD") {
>>> > return (pass);
>>> > }
>>> >
>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>>> EITHER
>>> > # COMMENT OR UNCOMMENT BOTH
>>> > # ##########################################################
>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) {
>>> > return( pass );
>>> > }
>>> >
>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
>>> > # THEN UNSET THE COOKIES
>>> > # ##########################################################
>>> > if (!(req.url ~ "wp-(login|admin)")
>>> > && !(req.url ~ "&preview=true" )
>>> > ){
>>> > unset req.http.cookie;
>>> > }
>>> >
>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE
>>> > # ##########################################################
>>> > if (req.http.Authorization || req.http.Cookie) {
>>> > return (pass);
>>> > }
>>> >
>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
>>> > # ##########################################################
>>> > return (hash);
>>> > # This is for phpmyadmin
>>> > if (req.http.Host == "ki1.org") {
>>> > return (pass);
>>> > }
>>> >
>>> > if (req.http.Host == "mysql.ki1.org") {
>>> > return (pass);
>>> > }
>>> >
>>> > }
>>> >
>>> > # HIT FUNCTION
>>> > # ##########################################################
>>> > sub vcl_hit {
>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
>>> > # ##########################################################
>>> > if (req.method == "PURGE") {
>>> > #
>>> > # This is now handled in vcl_recv.
>>> > #
>>> > # purge;
>>> > return (synth(200, "Purged."));
>>> > }
>>> > return (deliver);
>>> > }
>>> >
>>> > # MISS FUNCTION
>>> > # ##########################################################
>>> > sub vcl_miss {
>>> > if (req.method == "PURGE") {
>>> > #
>>> > # This is now handled in vcl_recv.
>>> > #
>>> > # purge;
>>> > return (synth(200, "Purged."));
>>> > }
>>> > return (fetch);
>>> > }
>>> >
>>> > # FETCH FUNCTION
>>> > # ##########################################################
>>> > sub vcl_backend_response {
>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
>>> > # TO DO THIS
>>> > # ##########################################################
>>> > set beresp.http.Vary = "Accept-Encoding";
>>> >
>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>>> > # ##########################################################
>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>> "wordpress_logged_in" ) {
>>> > unset beresp.http.set-cookie;
>>> > set beresp.ttl = 52w;
>>> > # set beresp.grace =1w;
>>> > }
>>> >
>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>> > set beresp.uncacheable = true;
>>> > set beresp.ttl = 1w;
>>> > return (deliver);
>>> > }
>>> >
>>> >
>>> > if (beresp.ttl <= 0s ||
>>> > beresp.http.Set-Cookie ||
>>> > beresp.http.Vary == "*") {
>>> > set beresp.ttl = 120 s;
>>> > # set beresp.ttl = 120s;
>>> > set beresp.uncacheable = true;
>>> > return (deliver);
>>> > }
>>> >
>>> > return (deliver);
>>> > }
>>> >
>>> > # DELIVER FUNCTION
>>> > # ##########################################################
>>> > sub vcl_deliver {
>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>>> > # IN THE HEADER (GREAT FOR DEBUGGING)
>>> > # ##########################################################
>>> > if (obj.hits > 0) {
>>> > set resp.http.X-Cache = "HIT";
>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER
>>> > # ##########################################################
>>> > } else {
>>> > set resp.http.X-Cache = "MISS";
>>> > }
>>> > }
>>> >
>>> >
>>> >
>>> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>>> >>
>>> >> correction:
>>> >>
>>> >> sub vcl_recv {
>>> >> if(req.http.Cookie ~ "xf_(session|user)") {
>>> >> return (pass);
>>> >> }
>>> >> }
>>> >>
>>> >> sub vcl_backend_response {
>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>> >> set beresp.uncacheable = true;
>>> >> set beresp.ttl = 1w;
>>> >> return (deliver);
>>> >> }
>>> >> }
>>> >>
>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>>> >>>
>>> >>> Hello,
>>> >>>
>>> >>> Aside from the provided VCL being for WordPress, while you're
>>> running XenForo, the xf_ cookies are being dropped by your config. A quick
>>> fix is:
>>> >>>
>>> >>> sub vcl_recv {
>>> >>> if( req.http.Cookie ~ "xf_(session|user)") {
>>> >>> return (pass);
>>> >>> }
>>> >>> }
>>> >>>
>>> >>> sub vcl_backend_response {
>>> >>> if (req.http.Cookie ~ "xf_(session|user)") {
>>> >>> set beresp.uncacheable = true;
>>> >>> set beresp.ttl = 1w;
>>> >>> return (deliver);
>>> >>> }
>>> >>> }
>>> >>>
>>> >>> However, I suggest auditing your VCL, and only including rules
>>> specific to the application(s) which you are running.
>>> >>>
>>> >>>
>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>>> ayberk.kimsesiz at gmail.com> wrote:
>>> >>>>
>>> >>>> Users can't login or register to domain.com/forum with the current
>>> settings. So we need to make a change related to xf_user and xf_session but
>>> how?
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>> >>>>>
>>> >>>>> If you want Varnish to ignore request for a path you need to tell
>>> it to pass. In your example you have a rule for the RSS feed. You can do
>>> the same for /forum/ in your vcl_recv block.
>>> >>>>>
>>> >>>>> *# DO NOT CACHE RSS FEED*
>>> >>>>> * if (req.url ~ "/feed(/)?") {*
>>> >>>>> * return ( pass ); *
>>> >>>>> *}*
>>> >>>>>
>>> >>>>> *# DO NOT CACHE FORUM*
>>> >>>>> if (req.url ~ "/forum(/)?") {
>>> >>>>> return ( pass );
>>> >>>>> }
>>> >>>>>
>>> >>>>> Cheers,
>>> >>>>> Richard
>>> >>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Message: 1
>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>> >>>>>> Subject: XenForo default.vcl settings
>>> >>>>>> Message-ID:
>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe
>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com>
>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>> >>>>>>
>>> >>>>>> Hi,
>>> >>>>>>
>>> >>>>>> Could you please share the appropriate Default.vcl settings for
>>> XenForo
>>> >>>>>> Forums? No one can register to the forum at the moment. My current
>>> >>>>>> Default.vcl settings are as follows.
>>> >>>>>>
>>> >>>>>> Forum address: domain.com/forum
>>> >>>>>>
>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>> >>>>>> * * *********************************************************/*
>>> >>>>>> *vcl 4.0;*
>>> >>>>>> *import std;*
>>> >>>>>>
>>> >>>>>> *backend default {*
>>> >>>>>> * .host = "*******";*
>>> >>>>>> * .port = "8080";*
>>> >>>>>> * .connect_timeout = 600s;*
>>> >>>>>> * .first_byte_timeout = 600s;*
>>> >>>>>> * .between_bytes_timeout = 600s;*
>>> >>>>>> * .max_connections = 800;*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *acl purge {*
>>> >>>>>> * "localhost";*
>>> >>>>>> * "127.0.0.1";*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *#THE RECV FUNCTION*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *sub vcl_recv {*
>>> >>>>>>
>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for
>>> various
>>> >>>>>> checks*
>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>> ].*$",
>>> >>>>>> ""); *
>>> >>>>>>
>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>> >>>>>> * if (req.restarts == 0) {*
>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>> >>>>>> * set req.http.X-Forwarded-For =*
>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>> >>>>>> * } else {*
>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>> >>>>>> * }*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and
>>> ban*
>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>> >>>>>> * # ##########################################################*
>>> >>>>>>
>>> >>>>>> * # Enable smart refreshing using hash_always_miss*
>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4") ~
>>> >>>>>> purge) {*
>>> >>>>>> * set req.hash_always_miss = true;*
>>> >>>>>> * }*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *if (req.method == "PURGE") {*
>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4") ~
>>> >>>>>> purge) {*
>>> >>>>>> * return(synth(405,"Not allowed."));*
>>> >>>>>> * }*
>>> >>>>>> * return (purge);*
>>> >>>>>>
>>> >>>>>> * }*
>>> >>>>>> *if (req.method == "BAN") {*
>>> >>>>>> * # Same ACL check as above:*
>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4")
>>> >>>>>> ~ purge) {*
>>> >>>>>> * return(synth(403, "Not allowed."));*
>>> >>>>>> * }*
>>> >>>>>> * ban("req.http.host == " + req.http.host +*
>>> >>>>>> * " && req.url == " + req.url);*
>>> >>>>>>
>>> >>>>>> * # Throw a synthetic page so the*
>>> >>>>>> * # request won't go to the backend.*
>>> >>>>>> * return(synth(200, "Ban added"));*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> *# Unset cloudflare cookies*
>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>> >>>>>> * # Remove a ";" prefix, if present.*
>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>> >>>>>>
>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not
>>> caching)
>>> >>>>>> uncomment*
>>> >>>>>> * # return( pass );*
>>> >>>>>>
>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>> >>>>>> * if (req.restarts == 0) {*
>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>> >>>>>> * set req.http.X-Forwarded-For =*
>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>> >>>>>> * } else {*
>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>> >>>>>> * }*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> *# DO NOT CACHE RSS FEED*
>>> >>>>>> * if (req.url ~ "/feed(/)?") {*
>>> >>>>>> * return ( pass ); *
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do
>>> want to
>>> >>>>>> cache them*
>>> >>>>>>
>>> >>>>>> *if (req.url ~ "/\?s\=") {*
>>> >>>>>> * return ( pass ); *
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>> ACCEPT-ENCODING*
>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (req.http.Accept-Encoding) {*
>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>> >>>>>> * # No point in compressing these*
>>> >>>>>> * unset req.http.Accept-Encoding;*
>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>> >>>>>> * set req.http.Accept-Encoding = "gzip";*
>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>> >>>>>> * set req.http.Accept-Encoding = "deflate";*
>>> >>>>>> * } else {*
>>> >>>>>> * # unknown algorithm*
>>> >>>>>> * unset req.http.Accept-Encoding;*
>>> >>>>>> * }*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (req.method != "GET" &&*
>>> >>>>>> * req.method != "HEAD" &&*
>>> >>>>>> * req.method != "PUT" && *
>>> >>>>>> * req.method != "POST" &&*
>>> >>>>>> * req.method != "TRACE" &&*
>>> >>>>>> * req.method != "OPTIONS" &&*
>>> >>>>>> * req.method != "DELETE") {*
>>> >>>>>> * return (pipe);*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>> >>>>>> * return (pass);*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
>>> TOO,
>>> >>>>>> EITHER*
>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>> >>>>>> * return( pass );*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>> >>>>>> * # THEN UNSET THE COOKIES*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>> >>>>>> * && !(req.url ~ "&preview=true" ) *
>>> >>>>>> * ){*
>>> >>>>>> * unset req.http.cookie;*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>> >>>>>> * return (pass);*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * return (hash);*
>>> >>>>>> * # This is for phpmyadmin*
>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>> >>>>>> *return (pass);*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>> >>>>>> *return (pass);*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# HIT FUNCTION*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *sub vcl_hit {*
>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (req.method == "PURGE") {*
>>> >>>>>> * #*
>>> >>>>>> * # This is now handled in vcl_recv.*
>>> >>>>>> * #*
>>> >>>>>> * # purge;*
>>> >>>>>> * return (synth(200, "Purged."));*
>>> >>>>>> * }*
>>> >>>>>> * return (deliver);*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# MISS FUNCTION*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *sub vcl_miss {*
>>> >>>>>> * if (req.method == "PURGE") {*
>>> >>>>>> * #*
>>> >>>>>> * # This is now handled in vcl_recv.*
>>> >>>>>> * #*
>>> >>>>>> * # purge;*
>>> >>>>>> * return (synth(200, "Purged."));*
>>> >>>>>> * }*
>>> >>>>>> * return (fetch);*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# FETCH FUNCTION*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *sub vcl_backend_response {*
>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>> >>>>>> * # TO DO THIS*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>> >>>>>>
>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>> >>>>>> "wordpress_logged_in" ) {*
>>> >>>>>> * unset beresp.http.set-cookie;*
>>> >>>>>> * set beresp.ttl = 52w;*
>>> >>>>>> *# set beresp.grace =1w;*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * if (beresp.ttl <= 0s ||*
>>> >>>>>> * beresp.http.Set-Cookie ||*
>>> >>>>>> * beresp.http.Vary == "*") {*
>>> >>>>>> * set beresp.ttl = 120 s;*
>>> >>>>>> * # set beresp.ttl = 120s;*
>>> >>>>>> * set beresp.uncacheable = true;*
>>> >>>>>> * return (deliver);*
>>> >>>>>> * }*
>>> >>>>>>
>>> >>>>>> * return (deliver);*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>> *# DELIVER FUNCTION*
>>> >>>>>> *# ##########################################################*
>>> >>>>>> *sub vcl_deliver {*
>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * if (obj.hits > 0) {*
>>> >>>>>> * set resp.http.X-Cache = "HIT";*
>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>> >>>>>> * # ##########################################################*
>>> >>>>>> * } else {*
>>> >>>>>> * set resp.http.X-Cache = "MISS";*
>>> >>>>>> * }*
>>> >>>>>> *}*
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> Thanks,
>>> >>>>>> -------------- next part --------------
>>> >>>>>> An HTML attachment was scrubbed...
>>> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>> attachments/20160803/d572e4b2/attachment-0001.html>
>>> >>>>>>
>>> >>>>>> ------------------------------
>>> >>>>>>
>>> >>>>>> Message: 2
>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>> >>>>>> Subject: Re: XenForo default.vcl settings
>>> >>>>>> Message-ID:
>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5
>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com>
>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>> >>>>>>
>>> >>>>>> I need to add the followings to default.vcl for Xenforo. However,
>>> solutions
>>> >>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>> >>>>>>
>>> >>>>>> xf_session_admin
>>> >>>>>> xf_user
>>> >>>>>> xf_session
>>> >>>>>>
>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in *
>>> domain.com/forum
>>> >>>>>> <http://domain.com/forum>*
>>> >>>>>>
>>> >>>>>>
>>> >>>>>>
>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
>>> ayberk.kimsesiz at gmail.com>:
>>> >>>>>>
>>> >>>>>> > Hi,
>>> >>>>>> >
>>> >>>>>> > Could you please share the appropriate Default.vcl settings for
>>> XenForo
>>> >>>>>> > Forums? No one can register to the forum at the moment. My
>>> current
>>> >>>>>> > Default.vcl settings are as follows.
>>> >>>>>> >
>>> >>>>>> > Forum address: domain.com/forum
>>> >>>>>> >
>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>> >>>>>> > * * *********************************************************/*
>>> >>>>>> > *vcl 4.0;*
>>> >>>>>> > *import std;*
>>> >>>>>> >
>>> >>>>>> > *backend default {*
>>> >>>>>> > * .host = "*******";*
>>> >>>>>> > * .port = "8080";*
>>> >>>>>> > * .connect_timeout = 600s;*
>>> >>>>>> > * .first_byte_timeout = 600s;*
>>> >>>>>> > * .between_bytes_timeout = 600s;*
>>> >>>>>> > * .max_connections = 800;*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *acl purge {*
>>> >>>>>> > * "localhost";*
>>> >>>>>> > * "127.0.0.1";*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *#THE RECV FUNCTION*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *sub vcl_recv {*
>>> >>>>>> >
>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
>>> various
>>> >>>>>> > checks*
>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>> "[, ].*$",
>>> >>>>>> > ""); *
>>> >>>>>> >
>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>> >>>>>> > * if (req.restarts == 0) {*
>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>> >>>>>> > * } else {*
>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>> >>>>>> > * }*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge
>>> and ban*
>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>> >>>>>> > * # ##########################################################*
>>> >>>>>> >
>>> >>>>>> > * # Enable smart refreshing using hash_always_miss*
>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4") ~
>>> >>>>>> > purge) {*
>>> >>>>>> > * set req.hash_always_miss = true;*
>>> >>>>>> > * }*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *if (req.method == "PURGE") {*
>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> "1.2.3.4") ~
>>> >>>>>> > purge) {*
>>> >>>>>> > * return(synth(405,"Not allowed."));*
>>> >>>>>> > * }*
>>> >>>>>> > * return (purge);*
>>> >>>>>> >
>>> >>>>>> > * }*
>>> >>>>>> > *if (req.method == "BAN") {*
>>> >>>>>> > * # Same ACL check as above:*
>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>> >>>>>> > "1.2.3.4") ~ purge) {*
>>> >>>>>> > * return(synth(403, "Not allowed."));*
>>> >>>>>> > * }*
>>> >>>>>> > * ban("req.http.host == " + req.http.host +*
>>> >>>>>> > * " && req.url == " + req.url);*
>>> >>>>>> >
>>> >>>>>> > * # Throw a synthetic page so the*
>>> >>>>>> > * # request won't go to the backend.*
>>> >>>>>> > * return(synth(200, "Ban added"));*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> >
>>> >>>>>> > *# Unset cloudflare cookies*
>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>> >>>>>> > * # Remove a ";" prefix, if present.*
>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>> "");*
>>> >>>>>> >
>>> >>>>>> > * # For Testing: If you want to test with Varnish passing (not
>>> caching)
>>> >>>>>> > uncomment*
>>> >>>>>> > * # return( pass );*
>>> >>>>>> >
>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>> >>>>>> > * if (req.restarts == 0) {*
>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>> >>>>>> > * } else {*
>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>> >>>>>> > * }*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > *# DO NOT CACHE RSS FEED*
>>> >>>>>> > * if (req.url ~ "/feed(/)?") {*
>>> >>>>>> > * return ( pass ); *
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *## Do not cache search results, comment these 3 lines if you
>>> do want to
>>> >>>>>> > cache them*
>>> >>>>>> >
>>> >>>>>> > *if (req.url ~ "/\?s\=") {*
>>> >>>>>> > * return ( pass ); *
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>> ACCEPT-ENCODING*
>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (req.http.Accept-Encoding) {*
>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>> {*
>>> >>>>>> > * # No point in compressing these*
>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>> >>>>>> > * } else {*
>>> >>>>>> > * # unknown algorithm*
>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>> >>>>>> > * }*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (req.method != "GET" &&*
>>> >>>>>> > * req.method != "HEAD" &&*
>>> >>>>>> > * req.method != "PUT" && *
>>> >>>>>> > * req.method != "POST" &&*
>>> >>>>>> > * req.method != "TRACE" &&*
>>> >>>>>> > * req.method != "OPTIONS" &&*
>>> >>>>>> > * req.method != "DELETE") {*
>>> >>>>>> > * return (pipe);*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>> >>>>>> > * return (pass);*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>> FETCH TOO,
>>> >>>>>> > EITHER*
>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>> >>>>>> > * return( pass );*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>> >>>>>> > * # THEN UNSET THE COOKIES*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>> >>>>>> > * && !(req.url ~ "&preview=true" ) *
>>> >>>>>> > * ){*
>>> >>>>>> > * unset req.http.cookie;*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>> >>>>>> > * return (pass);*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * return (hash);*
>>> >>>>>> > * # This is for phpmyadmin*
>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>> >>>>>> > *return (pass);*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>")
>>> {*
>>> >>>>>> > *return (pass);*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# HIT FUNCTION*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *sub vcl_hit {*
>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (req.method == "PURGE") {*
>>> >>>>>> > * #*
>>> >>>>>> > * # This is now handled in vcl_recv.*
>>> >>>>>> > * #*
>>> >>>>>> > * # purge;*
>>> >>>>>> > * return (synth(200, "Purged."));*
>>> >>>>>> > * }*
>>> >>>>>> > * return (deliver);*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# MISS FUNCTION*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *sub vcl_miss {*
>>> >>>>>> > * if (req.method == "PURGE") {*
>>> >>>>>> > * #*
>>> >>>>>> > * # This is now handled in vcl_recv.*
>>> >>>>>> > * #*
>>> >>>>>> > * # purge;*
>>> >>>>>> > * return (synth(200, "Purged."));*
>>> >>>>>> > * }*
>>> >>>>>> > * return (fetch);*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# FETCH FUNCTION*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *sub vcl_backend_response {*
>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>> >>>>>> > * # TO DO THIS*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>> >>>>>> >
>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>> >>>>>> > "wordpress_logged_in" ) {*
>>> >>>>>> > * unset beresp.http.set-cookie;*
>>> >>>>>> > * set beresp.ttl = 52w;*
>>> >>>>>> > *# set beresp.grace =1w;*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * if (beresp.ttl <= 0s ||*
>>> >>>>>> > * beresp.http.Set-Cookie ||*
>>> >>>>>> > * beresp.http.Vary == "*") {*
>>> >>>>>> > * set beresp.ttl = 120 s;*
>>> >>>>>> > * # set beresp.ttl = 120s;*
>>> >>>>>> > * set beresp.uncacheable = true;*
>>> >>>>>> > * return (deliver);*
>>> >>>>>> > * }*
>>> >>>>>> >
>>> >>>>>> > * return (deliver);*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> > *# DELIVER FUNCTION*
>>> >>>>>> > *# ##########################################################*
>>> >>>>>> > *sub vcl_deliver {*
>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * if (obj.hits > 0) {*
>>> >>>>>> > * set resp.http.X-Cache = "HIT";*
>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>> >>>>>> > * # ##############################
>>> ############################*
>>> >>>>>> > * } else {*
>>> >>>>>> > * set resp.http.X-Cache = "MISS";*
>>> >>>>>> > * }*
>>> >>>>>> > *}*
>>> >>>>>> >
>>> >>>>>> >
>>> >>>>>> > Thanks,
>>> >>>>>> >
>>> >>>>>> -------------- next part --------------
>>> >>>>>> An HTML attachment was scrubbed...
>>> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>> attachments/20160804/4e3f064a/attachment.html>
>>> >>>>>>
>>> >>>>>> ------------------------------
>>> >>>>>>
>>> >>>>>> _______________________________________________
>>> >>>>>> varnish-misc mailing list
>>> >>>>>> varnish-misc at varnish-cache.org
>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>> >>>>>>
>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>> >>>>>> *********************************************
>>> >>>>>
>>> >>>>>
>>> >>>>>
>>> >>>>> _______________________________________________
>>> >>>>> varnish-misc mailing list
>>> >>>>> varnish-misc at varnish-cache.org
>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>> >>>>
>>> >>>>
>>> >>>>
>>> >>>> _______________________________________________
>>> >>>> varnish-misc mailing list
>>> >>>> varnish-misc at varnish-cache.org
>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>> >>>
>>> >>>
>>> >>
>>> >
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/5305f558/attachment-0001.html>
More information about the varnish-misc
mailing list