VCL Syntax¶
VCL has inherited a lot from C and it reads much like simple C or Perl.
Blocks are delimited by curly brackets, statements end with semicolons, and comments may be written as in C, C++ or Perl according to your own preferences.
Note that VCL doesn’t contain any loops or jump statements.
This section provides an outline of the more important parts of the syntax. For a full documentation of VCL syntax please see VCL in the reference.
Strings¶
Basic strings are enclosed in “ … “, and may not contain newlines.
Backslash is not special, so for instance in regsub() you do not need to do the “count-the-backslashes” polka:
regsub("barf", "(b)(a)(r)(f)", "\4\3\2p") -> "frap"
Long strings are enclosed in {” … “} or “”” … “””. They may contain any character including “, newline and other control characters except for the NUL (0x00) character. If you really want NUL characters in a string there is a VMOD that makes it possible to create such strings.
Access control lists (ACLs)¶
An ACL declaration creates and initializes a named access control list which can later be used to match client addresses:
acl local {
"localhost"; // myself
"192.0.2.0"/24; // and everyone on the local network
! "192.0.2.23"; // except for the dialin router
}
If an ACL entry specifies a host name which Varnish is unable to resolve, it will match any address it is compared to. Consequently, if it is preceded by a negation mark, it will reject any address it is compared to, which may not be what you intended. If the entry is enclosed in parentheses, however, it will simply be ignored.
To match an IP address against an ACL, simply use the match operator:
if (client.ip ~ local) {
return (pipe);
}
In Varnish versions before 7.0, ACLs would always emit a VCL_acl record in the VSL log, from 7.0 and forward, this must be explicitly enabled by specifying the +log flag:
acl local +log {
"localhost"; // myself
"192.0.2.0"/24; // and everyone on the local network
! "192.0.2.23"; // except for the dialin router
}
Operators¶
The following operators are available in VCL. See the examples further down for, uhm, examples.
- =
Assignment operator.
- ==
Comparison.
- ~
Match. Can either be used with regular expressions or ACLs.
- !
Negation.
- &&
Logical and
- ||
Logical or
Built in subroutines¶
Varnish has quite a few built-in subroutines that are called for each
transaction as it flows through Varnish. These built-in subroutines are
all named vcl_*
and are explained in Built-in subroutines.
Processing in built-in subroutines ends with return (<action>)
(see Actions).
The Built-in VCL also contains custom assistant subroutines
called by the built-in subroutines, also prefixed with vcl_
.
Custom subroutines¶
You can write your own subroutines, whose names cannot start with vcl_
.
A subroutine is typically used to group code for legibility or reusability:
sub pipe_if_local {
if (client.ip ~ local) {
return (pipe);
}
}
To call a subroutine, use the call
keyword followed by the
subroutine’s name:
call pipe_if_local;
Custom subroutines in VCL do not take arguments, nor do they return values.
return (<action>)
(see Actions) as shown in
the example above returns all the way from the top level built in
subroutine (see Built-in subroutines) which, possibly through
multiple steps, lead to the call of the custom subroutine.
return
without an action resumes execution after the call
statement of the calling subroutine.