XenForo default.vcl settings
Andrei
lagged at gmail.com
Thu Aug 4 16:24:19 CEST 2016
Please provide us a copy of the varnishlog output during a login attempt
for review
On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
wrote:
> First of all, thank you. However the problem continues. Can you examine
> the codes?
>
>
> /* SET THE HOST AND PORT OF WORDPRESS
> * *********************************************************/
> vcl 4.0;
> import std;
>
> backend default {
> .host = "*******";
> .port = "8080";
> .connect_timeout = 600s;
> .first_byte_timeout = 600s;
> .between_bytes_timeout = 600s;
> .max_connections = 800;
> }
>
> # SET THE ALLOWED IP OF PURGE REQUESTS
> # ##########################################################
> acl purge {
> "localhost";
> "127.0.0.1";
> }
>
> #THE RECV FUNCTION
> # ##########################################################
> sub vcl_recv {
>
> *if(req.http.Cookie ~ "xf_(session|user)") {*
> * return (pass);*
> * }*
>
> # set realIP by trimming CloudFlare IP which will be used for various
> checks
> set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
> "");
>
> # FORWARD THE IP OF THE REQUEST
> if (req.restarts == 0) {
> if (req.http.x-forwarded-for) {
> set req.http.X-Forwarded-For =
> req.http.X-Forwarded-For + ", " + client.ip;
> } else {
> set req.http.X-Forwarded-For = client.ip;
> }
> }
>
> # Purge request check sections for hash_always_miss, purge and ban
> # BLOCK IF NOT IP is not in purge acl
> # ##########################################################
>
> # Enable smart refreshing using hash_always_miss
> if (req.http.Cache-Control ~ "no-cache") {
> if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {
> set req.hash_always_miss = true;
> }
> }
>
> if (req.method == "PURGE") {
> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
> purge) {
> return(synth(405,"Not allowed."));
> }
> return (purge);
>
> }
> if (req.method == "BAN") {
> # Same ACL check as above:
> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
> ~ purge) {
> return(synth(403, "Not allowed."));
> }
> ban("req.http.host == " + req.http.host +
> " && req.url == " + req.url);
>
> # Throw a synthetic page so the
> # request won't go to the backend.
> return(synth(200, "Ban added"));
> }
>
>
> # Unset cloudflare cookies
> # Remove has_js and CloudFlare/Google Analytics __* cookies.
> set req.http.Cookie = regsuball(req.http.Cookie,
> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
> # Remove a ";" prefix, if present.
> set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>
> # For Testing: If you want to test with Varnish passing (not caching)
> uncomment
> # return( pass );
>
> # FORWARD THE IP OF THE REQUEST
> if (req.restarts == 0) {
> if (req.http.x-forwarded-for) {
> set req.http.X-Forwarded-For =
> req.http.X-Forwarded-For + ", " + client.ip;
> } else {
> set req.http.X-Forwarded-For = client.ip;
> }
> }
>
> # DO NOT CACHE RSS FEED
> if (req.url ~ "/feed(/)?") {
> return ( pass );
> }
>
> ## Do not cache search results, comment these 3 lines if you do want to
> cache them
>
> if (req.url ~ "/\?s\=") {
> return ( pass );
> }
>
> # CLEAN UP THE ENCODING HEADER.
> # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
> # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
> # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
> # ##########################################################
> if (req.http.Accept-Encoding) {
> if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
> # No point in compressing these
> unset req.http.Accept-Encoding;
> } elsif (req.http.Accept-Encoding ~ "gzip") {
> set req.http.Accept-Encoding = "gzip";
> } elsif (req.http.Accept-Encoding ~ "deflate") {
> set req.http.Accept-Encoding = "deflate";
> } else {
> # unknown algorithm
> unset req.http.Accept-Encoding;
> }
> }
>
> # PIPE ALL NON-STANDARD REQUESTS
> # ##########################################################
> if (req.method != "GET" &&
> req.method != "HEAD" &&
> req.method != "PUT" &&
> req.method != "POST" &&
> req.method != "TRACE" &&
> req.method != "OPTIONS" &&
> req.method != "DELETE") {
> return (pipe);
> }
>
> # ONLY CACHE GET AND HEAD REQUESTS
> # ##########################################################
> if (req.method != "GET" && req.method != "HEAD") {
> return (pass);
> }
>
> # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
> EITHER
> # COMMENT OR UNCOMMENT BOTH
> # ##########################################################
> if ( req.http.cookie ~ "wordpress_logged_in" ) {
> return( pass );
> }
>
> # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
> # THEN UNSET THE COOKIES
> # ##########################################################
> if (!(req.url ~ "wp-(login|admin)")
> && !(req.url ~ "&preview=true" )
> ){
> unset req.http.cookie;
> }
>
> # IF BASIC AUTH IS ON THEN DO NOT CACHE
> # ##########################################################
> if (req.http.Authorization || req.http.Cookie) {
> return (pass);
> }
>
> # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
> # ##########################################################
> return (hash);
> # This is for phpmyadmin
> if (req.http.Host == "ki1.org") {
> return (pass);
> }
>
> if (req.http.Host == "mysql.ki1.org") {
> return (pass);
> }
>
> }
>
> # HIT FUNCTION
> # ##########################################################
> sub vcl_hit {
> # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
> # ##########################################################
> if (req.method == "PURGE") {
> #
> # This is now handled in vcl_recv.
> #
> # purge;
> return (synth(200, "Purged."));
> }
> return (deliver);
> }
>
> # MISS FUNCTION
> # ##########################################################
> sub vcl_miss {
> if (req.method == "PURGE") {
> #
> # This is now handled in vcl_recv.
> #
> # purge;
> return (synth(200, "Purged."));
> }
> return (fetch);
> }
>
> # FETCH FUNCTION
> # ##########################################################
> sub vcl_backend_response {
> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
> # TO DO THIS
> # ##########################################################
> set beresp.http.Vary = "Accept-Encoding";
>
> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> # TIME THIS PAGE WILL STAY CACHED (TTL)
> # ##########################################################
> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> "wordpress_logged_in" ) {
> unset beresp.http.set-cookie;
> set beresp.ttl = 52w;
> # set beresp.grace =1w;
> }
>
> * if (beresp.http.Set-Cookie ~ "xf_(session|user)") {*
> * set beresp.uncacheable = true;*
> * set beresp.ttl = 1w;*
> * return (deliver);*
> * }*
>
>
> if (beresp.ttl <= 0s ||
> beresp.http.Set-Cookie ||
> beresp.http.Vary == "*") {
> set beresp.ttl = 120 s;
> # set beresp.ttl = 120s;
> set beresp.uncacheable = true;
> return (deliver);
> }
>
> return (deliver);
> }
>
> # DELIVER FUNCTION
> # ##########################################################
> sub vcl_deliver {
> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
> # IN THE HEADER (GREAT FOR DEBUGGING)
> # ##########################################################
> if (obj.hits > 0) {
> set resp.http.X-Cache = "HIT";
> # IF THIS IS A MISS RETURN THAT IN THE HEADER
> # ##########################################################
> } else {
> set resp.http.X-Cache = "MISS";
> }
> }
>
>
>
> 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>
>> correction:
>>
>> sub vcl_recv {
>> if(req.http.Cookie ~ "xf_(session|user)") {
>> return (pass);
>> }
>> }
>>
>> sub vcl_backend_response {
>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>> set beresp.uncacheable = true;
>> set beresp.ttl = 1w;
>> return (deliver);
>> }
>> }
>>
>> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> Aside from the provided VCL being for WordPress, while you're running
>>> XenForo, the xf_ cookies are being dropped by your config. A quick fix is:
>>>
>>> sub vcl_recv {
>>> if( req.http.Cookie ~ "xf_(session|user)") {
>>> return (pass);
>>> }
>>> }
>>>
>>> sub vcl_backend_response {
>>> if (req.http.Cookie ~ "xf_(session|user)") {
>>> set beresp.uncacheable = true;
>>> set beresp.ttl = 1w;
>>> return (deliver);
>>> }
>>> }
>>>
>>> However, I suggest auditing your VCL, and only including rules specific
>>> to the application(s) which you are running.
>>>
>>>
>>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>>> ayberk.kimsesiz at gmail.com> wrote:
>>>
>>>> Users can't login or register to domain.com/forum with the current
>>>> settings. So we need to make a change related to *xf_user *and
>>>> *xf_session* but how?
>>>>
>>>>
>>>>
>>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>
>>>>> If you want Varnish to ignore request for a path you need to tell it
>>>>> to pass. In your example you have a rule for the RSS feed. You can do the
>>>>> same for /forum/ in your vcl_recv block.
>>>>>
>>>>> *# DO NOT CACHE RSS FEED*
>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>> * return ( pass ); *
>>>>> *}*
>>>>>
>>>>> *# DO NOT CACHE FORUM*
>>>>> if (req.url ~ "/forum(/)?") {
>>>>> return ( pass );
>>>>> }
>>>>>
>>>>> Cheers,
>>>>> Richard
>>>>>
>>>>>
>>>>>>
>>>>>> Message: 1
>>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>> Subject: XenForo default.vcl settings
>>>>>> Message-ID:
>>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.gm
>>>>>> ail.com>
>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Could you please share the appropriate Default.vcl settings for
>>>>>> XenForo
>>>>>> Forums? No one can register to the forum at the moment. My current
>>>>>> Default.vcl settings are as follows.
>>>>>>
>>>>>> Forum address: domain.com/forum
>>>>>>
>>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>> * * *********************************************************/*
>>>>>> *vcl 4.0;*
>>>>>> *import std;*
>>>>>>
>>>>>> *backend default {*
>>>>>> * .host = "*******";*
>>>>>> * .port = "8080";*
>>>>>> * .connect_timeout = 600s;*
>>>>>> * .first_byte_timeout = 600s;*
>>>>>> * .between_bytes_timeout = 600s;*
>>>>>> * .max_connections = 800;*
>>>>>> *}*
>>>>>>
>>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>> *# ##########################################################*
>>>>>> *acl purge {*
>>>>>> * "localhost";*
>>>>>> * "127.0.0.1";*
>>>>>> *}*
>>>>>>
>>>>>> *#THE RECV FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_recv {*
>>>>>>
>>>>>> *# set realIP by trimming CloudFlare IP which will be used for various
>>>>>> checks*
>>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>>>> ].*$",
>>>>>> ""); *
>>>>>>
>>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>> * if (req.restarts == 0) {*
>>>>>> * if (req.http.x-forwarded-for) {*
>>>>>> * set req.http.X-Forwarded-For =*
>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> * } else {*
>>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> * # Purge request check sections for hash_always_miss, purge and ban*
>>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>>>> * # ##########################################################*
>>>>>>
>>>>>> * # Enable smart refreshing using hash_always_miss*
>>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> "1.2.3.4") ~
>>>>>> purge) {*
>>>>>> * set req.hash_always_miss = true;*
>>>>>> * }*
>>>>>> *}*
>>>>>>
>>>>>> *if (req.method == "PURGE") {*
>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> "1.2.3.4") ~
>>>>>> purge) {*
>>>>>> * return(synth(405,"Not allowed."));*
>>>>>> * }*
>>>>>> * return (purge);*
>>>>>>
>>>>>> * }*
>>>>>> *if (req.method == "BAN") {*
>>>>>> * # Same ACL check as above:*
>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> "1.2.3.4")
>>>>>> ~ purge) {*
>>>>>> * return(synth(403, "Not allowed."));*
>>>>>> * }*
>>>>>> * ban("req.http.host == " + req.http.host +*
>>>>>> * " && req.url == " + req.url);*
>>>>>>
>>>>>> * # Throw a synthetic page so the*
>>>>>> * # request won't go to the backend.*
>>>>>> * return(synth(200, "Ban added"));*
>>>>>> *}*
>>>>>>
>>>>>>
>>>>>> *# Unset cloudflare cookies*
>>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>> * # Remove a ";" prefix, if present.*
>>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>>>
>>>>>> * # For Testing: If you want to test with Varnish passing (not
>>>>>> caching)
>>>>>> uncomment*
>>>>>> * # return( pass );*
>>>>>>
>>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>> * if (req.restarts == 0) {*
>>>>>> * if (req.http.x-forwarded-for) {*
>>>>>> * set req.http.X-Forwarded-For =*
>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> * } else {*
>>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> *# DO NOT CACHE RSS FEED*
>>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>>> * return ( pass ); *
>>>>>> *}*
>>>>>>
>>>>>> *## Do not cache search results, comment these 3 lines if you do want
>>>>>> to
>>>>>> cache them*
>>>>>>
>>>>>> *if (req.url ~ "/\?s\=") {*
>>>>>> * return ( pass ); *
>>>>>> *}*
>>>>>>
>>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>>> ACCEPT-ENCODING*
>>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>>> * # ##########################################################*
>>>>>> * if (req.http.Accept-Encoding) {*
>>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>>> * # No point in compressing these*
>>>>>> * unset req.http.Accept-Encoding;*
>>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>>>> * } else {*
>>>>>> * # unknown algorithm*
>>>>>> * unset req.http.Accept-Encoding;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method != "GET" &&*
>>>>>> * req.method != "HEAD" &&*
>>>>>> * req.method != "PUT" && *
>>>>>> * req.method != "POST" &&*
>>>>>> * req.method != "TRACE" &&*
>>>>>> * req.method != "OPTIONS" &&*
>>>>>> * req.method != "DELETE") {*
>>>>>> * return (pipe);*
>>>>>> * }*
>>>>>>
>>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>> * return (pass);*
>>>>>> * }*
>>>>>>
>>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>>>>>> EITHER*
>>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>>>> * # ##########################################################*
>>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>> * return( pass );*
>>>>>> * }*
>>>>>>
>>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>>> * # THEN UNSET THE COOKIES*
>>>>>> * # ##########################################################*
>>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>>>> * && !(req.url ~ "&preview=true" ) *
>>>>>> * ){*
>>>>>> * unset req.http.cookie;*
>>>>>> * }*
>>>>>>
>>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>> * # ##########################################################*
>>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>>>> * return (pass);*
>>>>>> * }*
>>>>>>
>>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>> * # ##########################################################*
>>>>>> * return (hash);*
>>>>>> * # This is for phpmyadmin*
>>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>> *return (pass);*
>>>>>> *}*
>>>>>>
>>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>>> *return (pass);*
>>>>>> *}*
>>>>>>
>>>>>> *}*
>>>>>>
>>>>>> *# HIT FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_hit {*
>>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method == "PURGE") {*
>>>>>> * #*
>>>>>> * # This is now handled in vcl_recv.*
>>>>>> * #*
>>>>>> * # purge;*
>>>>>> * return (synth(200, "Purged."));*
>>>>>> * }*
>>>>>> * return (deliver);*
>>>>>> *}*
>>>>>>
>>>>>> *# MISS FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_miss {*
>>>>>> * if (req.method == "PURGE") {*
>>>>>> * #*
>>>>>> * # This is now handled in vcl_recv.*
>>>>>> * #*
>>>>>> * # purge;*
>>>>>> * return (synth(200, "Purged."));*
>>>>>> * }*
>>>>>> * return (fetch);*
>>>>>> *}*
>>>>>>
>>>>>> *# FETCH FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_backend_response {*
>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>>> * # TO DO THIS*
>>>>>> * # ##########################################################*
>>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>>>
>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>> * # ##########################################################*
>>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>>> "wordpress_logged_in" ) {*
>>>>>> * unset beresp.http.set-cookie;*
>>>>>> * set beresp.ttl = 52w;*
>>>>>> *# set beresp.grace =1w;*
>>>>>> * }*
>>>>>>
>>>>>> * if (beresp.ttl <= 0s ||*
>>>>>> * beresp.http.Set-Cookie ||*
>>>>>> * beresp.http.Vary == "*") {*
>>>>>> * set beresp.ttl = 120 s;*
>>>>>> * # set beresp.ttl = 120s;*
>>>>>> * set beresp.uncacheable = true;*
>>>>>> * return (deliver);*
>>>>>> * }*
>>>>>>
>>>>>> * return (deliver);*
>>>>>> *}*
>>>>>>
>>>>>> *# DELIVER FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_deliver {*
>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>> * # ##########################################################*
>>>>>> * if (obj.hits > 0) {*
>>>>>> * set resp.http.X-Cache = "HIT";*
>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>> * # ##########################################################*
>>>>>> * } else {*
>>>>>> * set resp.http.X-Cache = "MISS";*
>>>>>> * }*
>>>>>> *}*
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>>>>> attachments/20160803/d572e4b2/attachment-0001.html>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> Message: 2
>>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>> Subject: Re: XenForo default.vcl settings
>>>>>> Message-ID:
>>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.gm
>>>>>> ail.com>
>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>
>>>>>> I need to add the followings to default.vcl for Xenforo. However,
>>>>>> solutions
>>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>>>>>
>>>>>> xf_session_admin
>>>>>> xf_user
>>>>>> xf_session
>>>>>>
>>>>>> Or how can i block Varnish in a way that it doesn't work in *
>>>>>> domain.com/forum
>>>>>> <http://domain.com/forum>*
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com
>>>>>> >:
>>>>>>
>>>>>> > Hi,
>>>>>> >
>>>>>> > Could you please share the appropriate Default.vcl settings for
>>>>>> XenForo
>>>>>> > Forums? No one can register to the forum at the moment. My current
>>>>>> > Default.vcl settings are as follows.
>>>>>> >
>>>>>> > Forum address: domain.com/forum
>>>>>> >
>>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>> > * * *********************************************************/*
>>>>>> > *vcl 4.0;*
>>>>>> > *import std;*
>>>>>> >
>>>>>> > *backend default {*
>>>>>> > * .host = "*******";*
>>>>>> > * .port = "8080";*
>>>>>> > * .connect_timeout = 600s;*
>>>>>> > * .first_byte_timeout = 600s;*
>>>>>> > * .between_bytes_timeout = 600s;*
>>>>>> > * .max_connections = 800;*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>> > *# ##########################################################*
>>>>>> > *acl purge {*
>>>>>> > * "localhost";*
>>>>>> > * "127.0.0.1";*
>>>>>> > *}*
>>>>>> >
>>>>>> > *#THE RECV FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_recv {*
>>>>>> >
>>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
>>>>>> various
>>>>>> > checks*
>>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>>>> ].*$",
>>>>>> > ""); *
>>>>>> >
>>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>> > * if (req.restarts == 0) {*
>>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>> > * set req.http.X-Forwarded-For =*
>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> > * } else {*
>>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # Purge request check sections for hash_always_miss, purge and
>>>>>> ban*
>>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>>>> > * # ##########################################################*
>>>>>> >
>>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> "1.2.3.4") ~
>>>>>> > purge) {*
>>>>>> > * set req.hash_always_miss = true;*
>>>>>> > * }*
>>>>>> > *}*
>>>>>> >
>>>>>> > *if (req.method == "PURGE") {*
>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> "1.2.3.4") ~
>>>>>> > purge) {*
>>>>>> > * return(synth(405,"Not allowed."));*
>>>>>> > * }*
>>>>>> > * return (purge);*
>>>>>> >
>>>>>> > * }*
>>>>>> > *if (req.method == "BAN") {*
>>>>>> > * # Same ACL check as above:*
>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> > "1.2.3.4") ~ purge) {*
>>>>>> > * return(synth(403, "Not allowed."));*
>>>>>> > * }*
>>>>>> > * ban("req.http.host == " + req.http.host +*
>>>>>> > * " && req.url == " + req.url);*
>>>>>> >
>>>>>> > * # Throw a synthetic page so the*
>>>>>> > * # request won't go to the backend.*
>>>>>> > * return(synth(200, "Ban added"));*
>>>>>> > *}*
>>>>>> >
>>>>>> >
>>>>>> > *# Unset cloudflare cookies*
>>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>> > * # Remove a ";" prefix, if present.*
>>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>>> >
>>>>>> > * # For Testing: If you want to test with Varnish passing (not
>>>>>> caching)
>>>>>> > uncomment*
>>>>>> > * # return( pass );*
>>>>>> >
>>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>> > * if (req.restarts == 0) {*
>>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>> > * set req.http.X-Forwarded-For =*
>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> > * } else {*
>>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > *# DO NOT CACHE RSS FEED*
>>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>>>> > * return ( pass ); *
>>>>>> > *}*
>>>>>> >
>>>>>> > *## Do not cache search results, comment these 3 lines if you do
>>>>>> want to
>>>>>> > cache them*
>>>>>> >
>>>>>> > *if (req.url ~ "/\?s\=") {*
>>>>>> > * return ( pass ); *
>>>>>> > *}*
>>>>>> >
>>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>>> ACCEPT-ENCODING*
>>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.http.Accept-Encoding) {*
>>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>>> > * # No point in compressing these*
>>>>>> > * unset req.http.Accept-Encoding;*
>>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>>>> > * } else {*
>>>>>> > * # unknown algorithm*
>>>>>> > * unset req.http.Accept-Encoding;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method != "GET" &&*
>>>>>> > * req.method != "HEAD" &&*
>>>>>> > * req.method != "PUT" && *
>>>>>> > * req.method != "POST" &&*
>>>>>> > * req.method != "TRACE" &&*
>>>>>> > * req.method != "OPTIONS" &&*
>>>>>> > * req.method != "DELETE") {*
>>>>>> > * return (pipe);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>> > * return (pass);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
>>>>>> TOO,
>>>>>> > EITHER*
>>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>>>> > * # ##########################################################*
>>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>> > * return( pass );*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>>> > * # THEN UNSET THE COOKIES*
>>>>>> > * # ##########################################################*
>>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>>>> > * ){*
>>>>>> > * unset req.http.cookie;*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>>>> > * return (pass);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>> > * # ##########################################################*
>>>>>> > * return (hash);*
>>>>>> > * # This is for phpmyadmin*
>>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>> > *return (pass);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>>> > *return (pass);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *}*
>>>>>> >
>>>>>> > *# HIT FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_hit {*
>>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method == "PURGE") {*
>>>>>> > * #*
>>>>>> > * # This is now handled in vcl_recv.*
>>>>>> > * #*
>>>>>> > * # purge;*
>>>>>> > * return (synth(200, "Purged."));*
>>>>>> > * }*
>>>>>> > * return (deliver);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# MISS FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_miss {*
>>>>>> > * if (req.method == "PURGE") {*
>>>>>> > * #*
>>>>>> > * # This is now handled in vcl_recv.*
>>>>>> > * #*
>>>>>> > * # purge;*
>>>>>> > * return (synth(200, "Purged."));*
>>>>>> > * }*
>>>>>> > * return (fetch);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# FETCH FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_backend_response {*
>>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>>> > * # TO DO THIS*
>>>>>> > * # ##########################################################*
>>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>>>> >
>>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>> > * # ##########################################################*
>>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>>> > "wordpress_logged_in" ) {*
>>>>>> > * unset beresp.http.set-cookie;*
>>>>>> > * set beresp.ttl = 52w;*
>>>>>> > *# set beresp.grace =1w;*
>>>>>> > * }*
>>>>>> >
>>>>>> > * if (beresp.ttl <= 0s ||*
>>>>>> > * beresp.http.Set-Cookie ||*
>>>>>> > * beresp.http.Vary == "*") {*
>>>>>> > * set beresp.ttl = 120 s;*
>>>>>> > * # set beresp.ttl = 120s;*
>>>>>> > * set beresp.uncacheable = true;*
>>>>>> > * return (deliver);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * return (deliver);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# DELIVER FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_deliver {*
>>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>> > * # ##########################################################*
>>>>>> > * if (obj.hits > 0) {*
>>>>>> > * set resp.http.X-Cache = "HIT";*
>>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>> > * # ##########################################################*
>>>>>> > * } else {*
>>>>>> > * set resp.http.X-Cache = "MISS";*
>>>>>> > * }*
>>>>>> > *}*
>>>>>> >
>>>>>> >
>>>>>> > Thanks,
>>>>>> >
>>>>>> -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>>>>>> attachments/20160804/4e3f064a/attachment.html>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> varnish-misc mailing list
>>>>>> varnish-misc at varnish-cache.org
>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>>>
>>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>>>> *********************************************
>>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> varnish-misc mailing list
>>>>> varnish-misc at varnish-cache.org
>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> varnish-misc mailing list
>>>> varnish-misc at varnish-cache.org
>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/47f3cfd4/attachment-0001.html>
More information about the varnish-misc
mailing list