zope-plone.vcl

Ricardo Newbery ric at digitalmarbles.com
Fri May 2 11:41:11 CEST 2008


On May 1, 2008, at 10:50 PM, Wichert Akkerman wrote:

> Ricardo Newbery wrote:
>>
>> On May 1, 2008, at 2:21 PM, Wichert Akkerman wrote:
>>
>>> Previously Ricardo Newbery wrote:
>>>> Just poking around the tracker and I noticed some activity on the
>>>> example plone vcl.  http://varnish.projects.linpro.no/changeset/ 
>>>> 2634
>>>>
>>>> Just thought I would chime in that the example has issues.
>>>>
>>>> First of all, it's unnecessary to filter cookie-authenticated  
>>>> requests
>>>> as authenticated responses are already set with a past date Expires
>>>> (although you need to set a default_ttl of zero seconds, http://varnish.projects.linpro.no/ticket/236)
>>>
>>> Actually that is not true. It holds for document, but a quick test  
>>> shows
>>> it does not for images.
>>
>>
>> Pardon, can you elaborate?  What does not hold true?
>>
>> I realize that setting a default_ttl of zero seconds introduces  
>> another problem in that items without explicit cache control would  
>> not be cached.  That's why fixing the varnish Expires handling  
>> would be better.
>
> Authenticated requests do not always get a past Expires-date in  
> their response. This appears to only be true for documents (like  
> ATDocument) but not for images (like ATImage).


Ah right... but I believe this is by design.  Images are usually not  
intended to be excluded from proxy caches.  In Plone, by default even  
if the images are restricted by their workflow state to authenticated  
requests, the response does not have any cache-control to exclude it  
from shared caches downstream (in my opinion, this is a bug).  And if  
you can't exclude it from downstream shared caches, it's rather  
pointless to exclude it from the reverse proxy cache.

The problem with the example zope-plone.vcl is that it excludes ALL  
cookie-authenticated responses -- even those inline images, css, and  
javascript files that otherwise would be cacheable in downstream  
caches -- making authenticated browsing unnecessarily taxing on the  
backend.

Ric





More information about the varnish-misc mailing list