XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Thu Aug 4 16:06:56 CEST 2016
First of all, thank you. However the problem continues. Can you examine the
codes?
/* SET THE HOST AND PORT OF WORDPRESS
* *********************************************************/
vcl 4.0;
import std;
backend default {
.host = "*******";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
# SET THE ALLOWED IP OF PURGE REQUESTS
# ##########################################################
acl purge {
"localhost";
"127.0.0.1";
}
#THE RECV FUNCTION
# ##########################################################
sub vcl_recv {
*if(req.http.Cookie ~ "xf_(session|user)") {*
* return (pass);*
* }*
# set realIP by trimming CloudFlare IP which will be used for various checks
set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# Purge request check sections for hash_always_miss, purge and ban
# BLOCK IF NOT IP is not in purge acl
# ##########################################################
# Enable smart refreshing using hash_always_miss
if (req.http.Cache-Control ~ "no-cache") {
if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
set req.hash_always_miss = true;
}
}
if (req.method == "PURGE") {
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
return(synth(405,"Not allowed."));
}
return (purge);
}
if (req.method == "BAN") {
# Same ACL check as above:
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
~ purge) {
return(synth(403, "Not allowed."));
}
ban("req.http.host == " + req.http.host +
" && req.url == " + req.url);
# Throw a synthetic page so the
# request won't go to the backend.
return(synth(200, "Ban added"));
}
# Unset cloudflare cookies
# Remove has_js and CloudFlare/Google Analytics __* cookies.
set req.http.Cookie = regsuball(req.http.Cookie,
"(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
# For Testing: If you want to test with Varnish passing (not caching)
uncomment
# return( pass );
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# DO NOT CACHE RSS FEED
if (req.url ~ "/feed(/)?") {
return ( pass );
}
## Do not cache search results, comment these 3 lines if you do want to
cache them
if (req.url ~ "/\?s\=") {
return ( pass );
}
# CLEAN UP THE ENCODING HEADER.
# SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
# VARNISH WILL CREATE SEPARATE CACHES FOR EACH
# DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
# ##########################################################
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
# PIPE ALL NON-STANDARD REQUESTS
# ##########################################################
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
return (pipe);
}
# ONLY CACHE GET AND HEAD REQUESTS
# ##########################################################
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER
# COMMENT OR UNCOMMENT BOTH
# ##########################################################
if ( req.http.cookie ~ "wordpress_logged_in" ) {
return( pass );
}
# IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
# THEN UNSET THE COOKIES
# ##########################################################
if (!(req.url ~ "wp-(login|admin)")
&& !(req.url ~ "&preview=true" )
){
unset req.http.cookie;
}
# IF BASIC AUTH IS ON THEN DO NOT CACHE
# ##########################################################
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
# IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
# ##########################################################
return (hash);
# This is for phpmyadmin
if (req.http.Host == "ki1.org") {
return (pass);
}
if (req.http.Host == "mysql.ki1.org") {
return (pass);
}
}
# HIT FUNCTION
# ##########################################################
sub vcl_hit {
# IF THIS IS A PURGE REQUEST THEN DO THE PURGE
# ##########################################################
if (req.method == "PURGE") {
#
# This is now handled in vcl_recv.
#
# purge;
return (synth(200, "Purged."));
}
return (deliver);
}
# MISS FUNCTION
# ##########################################################
sub vcl_miss {
if (req.method == "PURGE") {
#
# This is now handled in vcl_recv.
#
# purge;
return (synth(200, "Purged."));
}
return (fetch);
}
# FETCH FUNCTION
# ##########################################################
sub vcl_backend_response {
# I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
# TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
# TO DO THIS
# ##########################################################
set beresp.http.Vary = "Accept-Encoding";
# IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
# TIME THIS PAGE WILL STAY CACHED (TTL)
# ##########################################################
if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
"wordpress_logged_in" ) {
unset beresp.http.set-cookie;
set beresp.ttl = 52w;
# set beresp.grace =1w;
}
* if (beresp.http.Set-Cookie ~ "xf_(session|user)") {*
* set beresp.uncacheable = true;*
* set beresp.ttl = 1w;*
* return (deliver);*
* }*
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
set beresp.ttl = 120 s;
# set beresp.ttl = 120s;
set beresp.uncacheable = true;
return (deliver);
}
return (deliver);
}
# DELIVER FUNCTION
# ##########################################################
sub vcl_deliver {
# IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
# IN THE HEADER (GREAT FOR DEBUGGING)
# ##########################################################
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
# IF THIS IS A MISS RETURN THAT IN THE HEADER
# ##########################################################
} else {
set resp.http.X-Cache = "MISS";
}
}
2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
> correction:
>
> sub vcl_recv {
> if(req.http.Cookie ~ "xf_(session|user)") {
> return (pass);
> }
> }
>
> sub vcl_backend_response {
> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> set beresp.uncacheable = true;
> set beresp.ttl = 1w;
> return (deliver);
> }
> }
>
> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>
>> Hello,
>>
>> Aside from the provided VCL being for WordPress, while you're running
>> XenForo, the xf_ cookies are being dropped by your config. A quick fix is:
>>
>> sub vcl_recv {
>> if( req.http.Cookie ~ "xf_(session|user)") {
>> return (pass);
>> }
>> }
>>
>> sub vcl_backend_response {
>> if (req.http.Cookie ~ "xf_(session|user)") {
>> set beresp.uncacheable = true;
>> set beresp.ttl = 1w;
>> return (deliver);
>> }
>> }
>>
>> However, I suggest auditing your VCL, and only including rules specific
>> to the application(s) which you are running.
>>
>>
>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com> wrote:
>>
>>> Users can't login or register to domain.com/forum with the current
>>> settings. So we need to make a change related to *xf_user *and
>>> *xf_session* but how?
>>>
>>>
>>>
>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>
>>>> If you want Varnish to ignore request for a path you need to tell it to
>>>> pass. In your example you have a rule for the RSS feed. You can do the same
>>>> for /forum/ in your vcl_recv block.
>>>>
>>>> *# DO NOT CACHE RSS FEED*
>>>> * if (req.url ~ "/feed(/)?") {*
>>>> * return ( pass ); *
>>>> *}*
>>>>
>>>> *# DO NOT CACHE FORUM*
>>>> if (req.url ~ "/forum(/)?") {
>>>> return ( pass );
>>>> }
>>>>
>>>> Cheers,
>>>> Richard
>>>>
>>>>
>>>>>
>>>>> Message: 1
>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>> Subject: XenForo default.vcl settings
>>>>> Message-ID:
>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.gm
>>>>> ail.com>
>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>
>>>>> Hi,
>>>>>
>>>>> Could you please share the appropriate Default.vcl settings for XenForo
>>>>> Forums? No one can register to the forum at the moment. My current
>>>>> Default.vcl settings are as follows.
>>>>>
>>>>> Forum address: domain.com/forum
>>>>>
>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>>> * * *********************************************************/*
>>>>> *vcl 4.0;*
>>>>> *import std;*
>>>>>
>>>>> *backend default {*
>>>>> * .host = "*******";*
>>>>> * .port = "8080";*
>>>>> * .connect_timeout = 600s;*
>>>>> * .first_byte_timeout = 600s;*
>>>>> * .between_bytes_timeout = 600s;*
>>>>> * .max_connections = 800;*
>>>>> *}*
>>>>>
>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>> *# ##########################################################*
>>>>> *acl purge {*
>>>>> * "localhost";*
>>>>> * "127.0.0.1";*
>>>>> *}*
>>>>>
>>>>> *#THE RECV FUNCTION*
>>>>> *# ##########################################################*
>>>>> *sub vcl_recv {*
>>>>>
>>>>> *# set realIP by trimming CloudFlare IP which will be used for various
>>>>> checks*
>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>>> ].*$",
>>>>> ""); *
>>>>>
>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>> * if (req.restarts == 0) {*
>>>>> * if (req.http.x-forwarded-for) {*
>>>>> * set req.http.X-Forwarded-For =*
>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> * } else {*
>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>> * }*
>>>>> * }*
>>>>>
>>>>> * # Purge request check sections for hash_always_miss, purge and ban*
>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>>> * # ##########################################################*
>>>>>
>>>>> * # Enable smart refreshing using hash_always_miss*
>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>>>> ~
>>>>> purge) {*
>>>>> * set req.hash_always_miss = true;*
>>>>> * }*
>>>>> *}*
>>>>>
>>>>> *if (req.method == "PURGE") {*
>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> purge) {*
>>>>> * return(synth(405,"Not allowed."));*
>>>>> * }*
>>>>> * return (purge);*
>>>>>
>>>>> * }*
>>>>> *if (req.method == "BAN") {*
>>>>> * # Same ACL check as above:*
>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4")
>>>>> ~ purge) {*
>>>>> * return(synth(403, "Not allowed."));*
>>>>> * }*
>>>>> * ban("req.http.host == " + req.http.host +*
>>>>> * " && req.url == " + req.url);*
>>>>>
>>>>> * # Throw a synthetic page so the*
>>>>> * # request won't go to the backend.*
>>>>> * return(synth(200, "Ban added"));*
>>>>> *}*
>>>>>
>>>>>
>>>>> *# Unset cloudflare cookies*
>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>> * # Remove a ";" prefix, if present.*
>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>>
>>>>> * # For Testing: If you want to test with Varnish passing (not
>>>>> caching)
>>>>> uncomment*
>>>>> * # return( pass );*
>>>>>
>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>> * if (req.restarts == 0) {*
>>>>> * if (req.http.x-forwarded-for) {*
>>>>> * set req.http.X-Forwarded-For =*
>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> * } else {*
>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>> * }*
>>>>> * }*
>>>>>
>>>>> *# DO NOT CACHE RSS FEED*
>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>> * return ( pass ); *
>>>>> *}*
>>>>>
>>>>> *## Do not cache search results, comment these 3 lines if you do want
>>>>> to
>>>>> cache them*
>>>>>
>>>>> *if (req.url ~ "/\?s\=") {*
>>>>> * return ( pass ); *
>>>>> *}*
>>>>>
>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>> ACCEPT-ENCODING*
>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>> * # ##########################################################*
>>>>> * if (req.http.Accept-Encoding) {*
>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>> * # No point in compressing these*
>>>>> * unset req.http.Accept-Encoding;*
>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>>> * } else {*
>>>>> * # unknown algorithm*
>>>>> * unset req.http.Accept-Encoding;*
>>>>> * }*
>>>>> * }*
>>>>>
>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>>> * # ##########################################################*
>>>>> * if (req.method != "GET" &&*
>>>>> * req.method != "HEAD" &&*
>>>>> * req.method != "PUT" && *
>>>>> * req.method != "POST" &&*
>>>>> * req.method != "TRACE" &&*
>>>>> * req.method != "OPTIONS" &&*
>>>>> * req.method != "DELETE") {*
>>>>> * return (pipe);*
>>>>> * }*
>>>>>
>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>> * # ##########################################################*
>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>>> * return (pass);*
>>>>> * }*
>>>>>
>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>>>>> EITHER*
>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>>> * # ##########################################################*
>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>> * return( pass );*
>>>>> * }*
>>>>>
>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>> * # THEN UNSET THE COOKIES*
>>>>> * # ##########################################################*
>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>>> * && !(req.url ~ "&preview=true" ) *
>>>>> * ){*
>>>>> * unset req.http.cookie;*
>>>>> * }*
>>>>>
>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>> * # ##########################################################*
>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>>> * return (pass);*
>>>>> * }*
>>>>>
>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>> * # ##########################################################*
>>>>> * return (hash);*
>>>>> * # This is for phpmyadmin*
>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>> *return (pass);*
>>>>> *}*
>>>>>
>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>> *return (pass);*
>>>>> *}*
>>>>>
>>>>> *}*
>>>>>
>>>>> *# HIT FUNCTION*
>>>>> *# ##########################################################*
>>>>> *sub vcl_hit {*
>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>> * # ##########################################################*
>>>>> * if (req.method == "PURGE") {*
>>>>> * #*
>>>>> * # This is now handled in vcl_recv.*
>>>>> * #*
>>>>> * # purge;*
>>>>> * return (synth(200, "Purged."));*
>>>>> * }*
>>>>> * return (deliver);*
>>>>> *}*
>>>>>
>>>>> *# MISS FUNCTION*
>>>>> *# ##########################################################*
>>>>> *sub vcl_miss {*
>>>>> * if (req.method == "PURGE") {*
>>>>> * #*
>>>>> * # This is now handled in vcl_recv.*
>>>>> * #*
>>>>> * # purge;*
>>>>> * return (synth(200, "Purged."));*
>>>>> * }*
>>>>> * return (fetch);*
>>>>> *}*
>>>>>
>>>>> *# FETCH FUNCTION*
>>>>> *# ##########################################################*
>>>>> *sub vcl_backend_response {*
>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>> * # TO DO THIS*
>>>>> * # ##########################################################*
>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>>
>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>> * # ##########################################################*
>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>> "wordpress_logged_in" ) {*
>>>>> * unset beresp.http.set-cookie;*
>>>>> * set beresp.ttl = 52w;*
>>>>> *# set beresp.grace =1w;*
>>>>> * }*
>>>>>
>>>>> * if (beresp.ttl <= 0s ||*
>>>>> * beresp.http.Set-Cookie ||*
>>>>> * beresp.http.Vary == "*") {*
>>>>> * set beresp.ttl = 120 s;*
>>>>> * # set beresp.ttl = 120s;*
>>>>> * set beresp.uncacheable = true;*
>>>>> * return (deliver);*
>>>>> * }*
>>>>>
>>>>> * return (deliver);*
>>>>> *}*
>>>>>
>>>>> *# DELIVER FUNCTION*
>>>>> *# ##########################################################*
>>>>> *sub vcl_deliver {*
>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>> * # ##########################################################*
>>>>> * if (obj.hits > 0) {*
>>>>> * set resp.http.X-Cache = "HIT";*
>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>> * # ##########################################################*
>>>>> * } else {*
>>>>> * set resp.http.X-Cache = "MISS";*
>>>>> * }*
>>>>> *}*
>>>>>
>>>>>
>>>>> Thanks,
>>>>> -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>>>> attachments/20160803/d572e4b2/attachment-0001.html>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Message: 2
>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>> Subject: Re: XenForo default.vcl settings
>>>>> Message-ID:
>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.gm
>>>>> ail.com>
>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>
>>>>> I need to add the followings to default.vcl for Xenforo. However,
>>>>> solutions
>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>>>>
>>>>> xf_session_admin
>>>>> xf_user
>>>>> xf_session
>>>>>
>>>>> Or how can i block Varnish in a way that it doesn't work in *
>>>>> domain.com/forum
>>>>> <http://domain.com/forum>*
>>>>>
>>>>>
>>>>>
>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com
>>>>> >:
>>>>>
>>>>> > Hi,
>>>>> >
>>>>> > Could you please share the appropriate Default.vcl settings for
>>>>> XenForo
>>>>> > Forums? No one can register to the forum at the moment. My current
>>>>> > Default.vcl settings are as follows.
>>>>> >
>>>>> > Forum address: domain.com/forum
>>>>> >
>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>>> > * * *********************************************************/*
>>>>> > *vcl 4.0;*
>>>>> > *import std;*
>>>>> >
>>>>> > *backend default {*
>>>>> > * .host = "*******";*
>>>>> > * .port = "8080";*
>>>>> > * .connect_timeout = 600s;*
>>>>> > * .first_byte_timeout = 600s;*
>>>>> > * .between_bytes_timeout = 600s;*
>>>>> > * .max_connections = 800;*
>>>>> > *}*
>>>>> >
>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>> > *# ##########################################################*
>>>>> > *acl purge {*
>>>>> > * "localhost";*
>>>>> > * "127.0.0.1";*
>>>>> > *}*
>>>>> >
>>>>> > *#THE RECV FUNCTION*
>>>>> > *# ##########################################################*
>>>>> > *sub vcl_recv {*
>>>>> >
>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
>>>>> various
>>>>> > checks*
>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>>> ].*$",
>>>>> > ""); *
>>>>> >
>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>> > * if (req.restarts == 0) {*
>>>>> > * if (req.http.x-forwarded-for) {*
>>>>> > * set req.http.X-Forwarded-For =*
>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> > * } else {*
>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>> > * }*
>>>>> > * }*
>>>>> >
>>>>> > * # Purge request check sections for hash_always_miss, purge and ban*
>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>>> > * # ##########################################################*
>>>>> >
>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> > purge) {*
>>>>> > * set req.hash_always_miss = true;*
>>>>> > * }*
>>>>> > *}*
>>>>> >
>>>>> > *if (req.method == "PURGE") {*
>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> > purge) {*
>>>>> > * return(synth(405,"Not allowed."));*
>>>>> > * }*
>>>>> > * return (purge);*
>>>>> >
>>>>> > * }*
>>>>> > *if (req.method == "BAN") {*
>>>>> > * # Same ACL check as above:*
>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> > "1.2.3.4") ~ purge) {*
>>>>> > * return(synth(403, "Not allowed."));*
>>>>> > * }*
>>>>> > * ban("req.http.host == " + req.http.host +*
>>>>> > * " && req.url == " + req.url);*
>>>>> >
>>>>> > * # Throw a synthetic page so the*
>>>>> > * # request won't go to the backend.*
>>>>> > * return(synth(200, "Ban added"));*
>>>>> > *}*
>>>>> >
>>>>> >
>>>>> > *# Unset cloudflare cookies*
>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>> > * # Remove a ";" prefix, if present.*
>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>> >
>>>>> > * # For Testing: If you want to test with Varnish passing (not
>>>>> caching)
>>>>> > uncomment*
>>>>> > * # return( pass );*
>>>>> >
>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>> > * if (req.restarts == 0) {*
>>>>> > * if (req.http.x-forwarded-for) {*
>>>>> > * set req.http.X-Forwarded-For =*
>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> > * } else {*
>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>> > * }*
>>>>> > * }*
>>>>> >
>>>>> > *# DO NOT CACHE RSS FEED*
>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>>> > * return ( pass ); *
>>>>> > *}*
>>>>> >
>>>>> > *## Do not cache search results, comment these 3 lines if you do
>>>>> want to
>>>>> > cache them*
>>>>> >
>>>>> > *if (req.url ~ "/\?s\=") {*
>>>>> > * return ( pass ); *
>>>>> > *}*
>>>>> >
>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>> ACCEPT-ENCODING*
>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>> > * # ##########################################################*
>>>>> > * if (req.http.Accept-Encoding) {*
>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>> > * # No point in compressing these*
>>>>> > * unset req.http.Accept-Encoding;*
>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>>> > * } else {*
>>>>> > * # unknown algorithm*
>>>>> > * unset req.http.Accept-Encoding;*
>>>>> > * }*
>>>>> > * }*
>>>>> >
>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>>> > * # ##########################################################*
>>>>> > * if (req.method != "GET" &&*
>>>>> > * req.method != "HEAD" &&*
>>>>> > * req.method != "PUT" && *
>>>>> > * req.method != "POST" &&*
>>>>> > * req.method != "TRACE" &&*
>>>>> > * req.method != "OPTIONS" &&*
>>>>> > * req.method != "DELETE") {*
>>>>> > * return (pipe);*
>>>>> > * }*
>>>>> >
>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>> > * # ##########################################################*
>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>>> > * return (pass);*
>>>>> > * }*
>>>>> >
>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
>>>>> TOO,
>>>>> > EITHER*
>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>>> > * # ##########################################################*
>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>> > * return( pass );*
>>>>> > * }*
>>>>> >
>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>> > * # THEN UNSET THE COOKIES*
>>>>> > * # ##########################################################*
>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>>> > * ){*
>>>>> > * unset req.http.cookie;*
>>>>> > * }*
>>>>> >
>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>> > * # ##########################################################*
>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>>> > * return (pass);*
>>>>> > * }*
>>>>> >
>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>> > * # ##########################################################*
>>>>> > * return (hash);*
>>>>> > * # This is for phpmyadmin*
>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>> > *return (pass);*
>>>>> > *}*
>>>>> >
>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>> > *return (pass);*
>>>>> > *}*
>>>>> >
>>>>> > *}*
>>>>> >
>>>>> > *# HIT FUNCTION*
>>>>> > *# ##########################################################*
>>>>> > *sub vcl_hit {*
>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>> > * # ##########################################################*
>>>>> > * if (req.method == "PURGE") {*
>>>>> > * #*
>>>>> > * # This is now handled in vcl_recv.*
>>>>> > * #*
>>>>> > * # purge;*
>>>>> > * return (synth(200, "Purged."));*
>>>>> > * }*
>>>>> > * return (deliver);*
>>>>> > *}*
>>>>> >
>>>>> > *# MISS FUNCTION*
>>>>> > *# ##########################################################*
>>>>> > *sub vcl_miss {*
>>>>> > * if (req.method == "PURGE") {*
>>>>> > * #*
>>>>> > * # This is now handled in vcl_recv.*
>>>>> > * #*
>>>>> > * # purge;*
>>>>> > * return (synth(200, "Purged."));*
>>>>> > * }*
>>>>> > * return (fetch);*
>>>>> > *}*
>>>>> >
>>>>> > *# FETCH FUNCTION*
>>>>> > *# ##########################################################*
>>>>> > *sub vcl_backend_response {*
>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>> > * # TO DO THIS*
>>>>> > * # ##########################################################*
>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>>> >
>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>> > * # ##########################################################*
>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>> > "wordpress_logged_in" ) {*
>>>>> > * unset beresp.http.set-cookie;*
>>>>> > * set beresp.ttl = 52w;*
>>>>> > *# set beresp.grace =1w;*
>>>>> > * }*
>>>>> >
>>>>> > * if (beresp.ttl <= 0s ||*
>>>>> > * beresp.http.Set-Cookie ||*
>>>>> > * beresp.http.Vary == "*") {*
>>>>> > * set beresp.ttl = 120 s;*
>>>>> > * # set beresp.ttl = 120s;*
>>>>> > * set beresp.uncacheable = true;*
>>>>> > * return (deliver);*
>>>>> > * }*
>>>>> >
>>>>> > * return (deliver);*
>>>>> > *}*
>>>>> >
>>>>> > *# DELIVER FUNCTION*
>>>>> > *# ##########################################################*
>>>>> > *sub vcl_deliver {*
>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>> > * # ##########################################################*
>>>>> > * if (obj.hits > 0) {*
>>>>> > * set resp.http.X-Cache = "HIT";*
>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>> > * # ##########################################################*
>>>>> > * } else {*
>>>>> > * set resp.http.X-Cache = "MISS";*
>>>>> > * }*
>>>>> > *}*
>>>>> >
>>>>> >
>>>>> > Thanks,
>>>>> >
>>>>> -------------- next part --------------
>>>>> An HTML attachment was scrubbed...
>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>>>> attachments/20160804/4e3f064a/attachment.html>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> varnish-misc mailing list
>>>>> varnish-misc at varnish-cache.org
>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>>
>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>>> *********************************************
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> varnish-misc mailing list
>>>> varnish-misc at varnish-cache.org
>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc at varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/8d09d1fc/attachment-0001.html>
More information about the varnish-misc
mailing list