XenForo default.vcl settings
Lane, Richard
rlane at ahbelo.com
Thu Aug 4 16:24:50 CEST 2016
I assume you reloaded/restarted Varnish after these changes were made. If
so, can you verify that you do have the cookies set on the request?
maybe add this log message right before returning
if(req.http.Cookie ~ "xf_(session|user)") {
std.log( "PPPAASS Cookie set for forum");
return (pass);
}
Then you can use varnishlog command (below) to verify cookie is found
varnishlog | grep -A15 -B15 "PPPAASS"
Cheers,
Richard
On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
wrote:
>
> First of all, thank you. However the problem continues. Can you examine
the codes?
>
>
> /* SET THE HOST AND PORT OF WORDPRESS
> * *********************************************************/
> vcl 4.0;
> import std;
>
> backend default {
> .host = "*******";
> .port = "8080";
> .connect_timeout = 600s;
> .first_byte_timeout = 600s;
> .between_bytes_timeout = 600s;
> .max_connections = 800;
> }
>
> # SET THE ALLOWED IP OF PURGE REQUESTS
> # ##########################################################
> acl purge {
> "localhost";
> "127.0.0.1";
> }
>
> #THE RECV FUNCTION
> # ##########################################################
> sub vcl_recv {
>
> if(req.http.Cookie ~ "xf_(session|user)") {
> return (pass);
> }
>
> # set realIP by trimming CloudFlare IP which will be used for various
checks
> set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
"");
>
> # FORWARD THE IP OF THE REQUEST
> if (req.restarts == 0) {
> if (req.http.x-forwarded-for) {
> set req.http.X-Forwarded-For =
> req.http.X-Forwarded-For + ", " + client.ip;
> } else {
> set req.http.X-Forwarded-For = client.ip;
> }
> }
>
> # Purge request check sections for hash_always_miss, purge and ban
> # BLOCK IF NOT IP is not in purge acl
> # ##########################################################
>
> # Enable smart refreshing using hash_always_miss
> if (req.http.Cache-Control ~ "no-cache") {
> if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
> set req.hash_always_miss = true;
> }
> }
>
> if (req.method == "PURGE") {
> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
> return(synth(405,"Not allowed."));
> }
> return (purge);
>
> }
> if (req.method == "BAN") {
> # Same ACL check as above:
> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4") ~ purge) {
> return(synth(403, "Not allowed."));
> }
> ban("req.http.host == " + req.http.host +
> " && req.url == " + req.url);
>
> # Throw a synthetic page so the
> # request won't go to the backend.
> return(synth(200, "Ban added"));
> }
>
>
> # Unset cloudflare cookies
> # Remove has_js and CloudFlare/Google Analytics __* cookies.
> set req.http.Cookie = regsuball(req.http.Cookie,
"(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
> # Remove a ";" prefix, if present.
> set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>
> # For Testing: If you want to test with Varnish passing (not caching)
uncomment
> # return( pass );
>
> # FORWARD THE IP OF THE REQUEST
> if (req.restarts == 0) {
> if (req.http.x-forwarded-for) {
> set req.http.X-Forwarded-For =
> req.http.X-Forwarded-For + ", " + client.ip;
> } else {
> set req.http.X-Forwarded-For = client.ip;
> }
> }
>
> # DO NOT CACHE RSS FEED
> if (req.url ~ "/feed(/)?") {
> return ( pass );
> }
>
> ## Do not cache search results, comment these 3 lines if you do want to
cache them
>
> if (req.url ~ "/\?s\=") {
> return ( pass );
> }
>
> # CLEAN UP THE ENCODING HEADER.
> # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
> # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
> # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
> # ##########################################################
> if (req.http.Accept-Encoding) {
> if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
> # No point in compressing these
> unset req.http.Accept-Encoding;
> } elsif (req.http.Accept-Encoding ~ "gzip") {
> set req.http.Accept-Encoding = "gzip";
> } elsif (req.http.Accept-Encoding ~ "deflate") {
> set req.http.Accept-Encoding = "deflate";
> } else {
> # unknown algorithm
> unset req.http.Accept-Encoding;
> }
> }
>
> # PIPE ALL NON-STANDARD REQUESTS
> # ##########################################################
> if (req.method != "GET" &&
> req.method != "HEAD" &&
> req.method != "PUT" &&
> req.method != "POST" &&
> req.method != "TRACE" &&
> req.method != "OPTIONS" &&
> req.method != "DELETE") {
> return (pipe);
> }
>
> # ONLY CACHE GET AND HEAD REQUESTS
> # ##########################################################
> if (req.method != "GET" && req.method != "HEAD") {
> return (pass);
> }
>
> # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
EITHER
> # COMMENT OR UNCOMMENT BOTH
> # ##########################################################
> if ( req.http.cookie ~ "wordpress_logged_in" ) {
> return( pass );
> }
>
> # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
> # THEN UNSET THE COOKIES
> # ##########################################################
> if (!(req.url ~ "wp-(login|admin)")
> && !(req.url ~ "&preview=true" )
> ){
> unset req.http.cookie;
> }
>
> # IF BASIC AUTH IS ON THEN DO NOT CACHE
> # ##########################################################
> if (req.http.Authorization || req.http.Cookie) {
> return (pass);
> }
>
> # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
> # ##########################################################
> return (hash);
> # This is for phpmyadmin
> if (req.http.Host == "ki1.org") {
> return (pass);
> }
>
> if (req.http.Host == "mysql.ki1.org") {
> return (pass);
> }
>
> }
>
> # HIT FUNCTION
> # ##########################################################
> sub vcl_hit {
> # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
> # ##########################################################
> if (req.method == "PURGE") {
> #
> # This is now handled in vcl_recv.
> #
> # purge;
> return (synth(200, "Purged."));
> }
> return (deliver);
> }
>
> # MISS FUNCTION
> # ##########################################################
> sub vcl_miss {
> if (req.method == "PURGE") {
> #
> # This is now handled in vcl_recv.
> #
> # purge;
> return (synth(200, "Purged."));
> }
> return (fetch);
> }
>
> # FETCH FUNCTION
> # ##########################################################
> sub vcl_backend_response {
> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
> # TO DO THIS
> # ##########################################################
> set beresp.http.Vary = "Accept-Encoding";
>
> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> # TIME THIS PAGE WILL STAY CACHED (TTL)
> # ##########################################################
> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
"wordpress_logged_in" ) {
> unset beresp.http.set-cookie;
> set beresp.ttl = 52w;
> # set beresp.grace =1w;
> }
>
> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> set beresp.uncacheable = true;
> set beresp.ttl = 1w;
> return (deliver);
> }
>
>
> if (beresp.ttl <= 0s ||
> beresp.http.Set-Cookie ||
> beresp.http.Vary == "*") {
> set beresp.ttl = 120 s;
> # set beresp.ttl = 120s;
> set beresp.uncacheable = true;
> return (deliver);
> }
>
> return (deliver);
> }
>
> # DELIVER FUNCTION
> # ##########################################################
> sub vcl_deliver {
> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
> # IN THE HEADER (GREAT FOR DEBUGGING)
> # ##########################################################
> if (obj.hits > 0) {
> set resp.http.X-Cache = "HIT";
> # IF THIS IS A MISS RETURN THAT IN THE HEADER
> # ##########################################################
> } else {
> set resp.http.X-Cache = "MISS";
> }
> }
>
>
>
> 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>>
>> correction:
>>
>> sub vcl_recv {
>> if(req.http.Cookie ~ "xf_(session|user)") {
>> return (pass);
>> }
>> }
>>
>> sub vcl_backend_response {
>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>> set beresp.uncacheable = true;
>> set beresp.ttl = 1w;
>> return (deliver);
>> }
>> }
>>
>> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>>>
>>> Hello,
>>>
>>> Aside from the provided VCL being for WordPress, while you're running
XenForo, the xf_ cookies are being dropped by your config. A quick fix is:
>>>
>>> sub vcl_recv {
>>> if( req.http.Cookie ~ "xf_(session|user)") {
>>> return (pass);
>>> }
>>> }
>>>
>>> sub vcl_backend_response {
>>> if (req.http.Cookie ~ "xf_(session|user)") {
>>> set beresp.uncacheable = true;
>>> set beresp.ttl = 1w;
>>> return (deliver);
>>> }
>>> }
>>>
>>> However, I suggest auditing your VCL, and only including rules specific
to the application(s) which you are running.
>>>
>>>
>>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
ayberk.kimsesiz at gmail.com> wrote:
>>>>
>>>> Users can't login or register to domain.com/forum with the current
settings. So we need to make a change related to xf_user and xf_session but
how?
>>>>
>>>>
>>>>
>>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>>
>>>>> If you want Varnish to ignore request for a path you need to tell it
to pass. In your example you have a rule for the RSS feed. You can do the
same for /forum/ in your vcl_recv block.
>>>>>
>>>>> *# DO NOT CACHE RSS FEED*
>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>> * return ( pass ); *
>>>>> *}*
>>>>>
>>>>> *# DO NOT CACHE FORUM*
>>>>> if (req.url ~ "/forum(/)?") {
>>>>> return ( pass );
>>>>> }
>>>>>
>>>>> Cheers,
>>>>> Richard
>>>>>
>>>>>>
>>>>>>
>>>>>> Message: 1
>>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>> Subject: XenForo default.vcl settings
>>>>>> Message-ID:
>>>>>> <
CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com>
>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> Could you please share the appropriate Default.vcl settings for
XenForo
>>>>>> Forums? No one can register to the forum at the moment. My current
>>>>>> Default.vcl settings are as follows.
>>>>>>
>>>>>> Forum address: domain.com/forum
>>>>>>
>>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>> * * *********************************************************/*
>>>>>> *vcl 4.0;*
>>>>>> *import std;*
>>>>>>
>>>>>> *backend default {*
>>>>>> * .host = "*******";*
>>>>>> * .port = "8080";*
>>>>>> * .connect_timeout = 600s;*
>>>>>> * .first_byte_timeout = 600s;*
>>>>>> * .between_bytes_timeout = 600s;*
>>>>>> * .max_connections = 800;*
>>>>>> *}*
>>>>>>
>>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>> *# ##########################################################*
>>>>>> *acl purge {*
>>>>>> * "localhost";*
>>>>>> * "127.0.0.1";*
>>>>>> *}*
>>>>>>
>>>>>> *#THE RECV FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_recv {*
>>>>>>
>>>>>> *# set realIP by trimming CloudFlare IP which will be used for
various
>>>>>> checks*
>>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
].*$",
>>>>>> ""); *
>>>>>>
>>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>> * if (req.restarts == 0) {*
>>>>>> * if (req.http.x-forwarded-for) {*
>>>>>> * set req.http.X-Forwarded-For =*
>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> * } else {*
>>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> * # Purge request check sections for hash_always_miss, purge and ban*
>>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>>>> * # ##########################################################*
>>>>>>
>>>>>> * # Enable smart refreshing using hash_always_miss*
>>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4") ~
>>>>>> purge) {*
>>>>>> * set req.hash_always_miss = true;*
>>>>>> * }*
>>>>>> *}*
>>>>>>
>>>>>> *if (req.method == "PURGE") {*
>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4") ~
>>>>>> purge) {*
>>>>>> * return(synth(405,"Not allowed."));*
>>>>>> * }*
>>>>>> * return (purge);*
>>>>>>
>>>>>> * }*
>>>>>> *if (req.method == "BAN") {*
>>>>>> * # Same ACL check as above:*
>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4")
>>>>>> ~ purge) {*
>>>>>> * return(synth(403, "Not allowed."));*
>>>>>> * }*
>>>>>> * ban("req.http.host == " + req.http.host +*
>>>>>> * " && req.url == " + req.url);*
>>>>>>
>>>>>> * # Throw a synthetic page so the*
>>>>>> * # request won't go to the backend.*
>>>>>> * return(synth(200, "Ban added"));*
>>>>>> *}*
>>>>>>
>>>>>>
>>>>>> *# Unset cloudflare cookies*
>>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>> * # Remove a ";" prefix, if present.*
>>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>>>
>>>>>> * # For Testing: If you want to test with Varnish passing (not
caching)
>>>>>> uncomment*
>>>>>> * # return( pass );*
>>>>>>
>>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>> * if (req.restarts == 0) {*
>>>>>> * if (req.http.x-forwarded-for) {*
>>>>>> * set req.http.X-Forwarded-For =*
>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> * } else {*
>>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> *# DO NOT CACHE RSS FEED*
>>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>>> * return ( pass ); *
>>>>>> *}*
>>>>>>
>>>>>> *## Do not cache search results, comment these 3 lines if you do
want to
>>>>>> cache them*
>>>>>>
>>>>>> *if (req.url ~ "/\?s\=") {*
>>>>>> * return ( pass ); *
>>>>>> *}*
>>>>>>
>>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
ACCEPT-ENCODING*
>>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>>> * # ##########################################################*
>>>>>> * if (req.http.Accept-Encoding) {*
>>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>>> * # No point in compressing these*
>>>>>> * unset req.http.Accept-Encoding;*
>>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>>>> * } else {*
>>>>>> * # unknown algorithm*
>>>>>> * unset req.http.Accept-Encoding;*
>>>>>> * }*
>>>>>> * }*
>>>>>>
>>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method != "GET" &&*
>>>>>> * req.method != "HEAD" &&*
>>>>>> * req.method != "PUT" && *
>>>>>> * req.method != "POST" &&*
>>>>>> * req.method != "TRACE" &&*
>>>>>> * req.method != "OPTIONS" &&*
>>>>>> * req.method != "DELETE") {*
>>>>>> * return (pipe);*
>>>>>> * }*
>>>>>>
>>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>> * return (pass);*
>>>>>> * }*
>>>>>>
>>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
TOO,
>>>>>> EITHER*
>>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>>>> * # ##########################################################*
>>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>> * return( pass );*
>>>>>> * }*
>>>>>>
>>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>>> * # THEN UNSET THE COOKIES*
>>>>>> * # ##########################################################*
>>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>>>> * && !(req.url ~ "&preview=true" ) *
>>>>>> * ){*
>>>>>> * unset req.http.cookie;*
>>>>>> * }*
>>>>>>
>>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>> * # ##########################################################*
>>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>>>> * return (pass);*
>>>>>> * }*
>>>>>>
>>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>> * # ##########################################################*
>>>>>> * return (hash);*
>>>>>> * # This is for phpmyadmin*
>>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>> *return (pass);*
>>>>>> *}*
>>>>>>
>>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>>> *return (pass);*
>>>>>> *}*
>>>>>>
>>>>>> *}*
>>>>>>
>>>>>> *# HIT FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_hit {*
>>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>> * # ##########################################################*
>>>>>> * if (req.method == "PURGE") {*
>>>>>> * #*
>>>>>> * # This is now handled in vcl_recv.*
>>>>>> * #*
>>>>>> * # purge;*
>>>>>> * return (synth(200, "Purged."));*
>>>>>> * }*
>>>>>> * return (deliver);*
>>>>>> *}*
>>>>>>
>>>>>> *# MISS FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_miss {*
>>>>>> * if (req.method == "PURGE") {*
>>>>>> * #*
>>>>>> * # This is now handled in vcl_recv.*
>>>>>> * #*
>>>>>> * # purge;*
>>>>>> * return (synth(200, "Purged."));*
>>>>>> * }*
>>>>>> * return (fetch);*
>>>>>> *}*
>>>>>>
>>>>>> *# FETCH FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_backend_response {*
>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>>> * # TO DO THIS*
>>>>>> * # ##########################################################*
>>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>>>
>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>> * # ##########################################################*
>>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>>> "wordpress_logged_in" ) {*
>>>>>> * unset beresp.http.set-cookie;*
>>>>>> * set beresp.ttl = 52w;*
>>>>>> *# set beresp.grace =1w;*
>>>>>> * }*
>>>>>>
>>>>>> * if (beresp.ttl <= 0s ||*
>>>>>> * beresp.http.Set-Cookie ||*
>>>>>> * beresp.http.Vary == "*") {*
>>>>>> * set beresp.ttl = 120 s;*
>>>>>> * # set beresp.ttl = 120s;*
>>>>>> * set beresp.uncacheable = true;*
>>>>>> * return (deliver);*
>>>>>> * }*
>>>>>>
>>>>>> * return (deliver);*
>>>>>> *}*
>>>>>>
>>>>>> *# DELIVER FUNCTION*
>>>>>> *# ##########################################################*
>>>>>> *sub vcl_deliver {*
>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>> * # ##########################################################*
>>>>>> * if (obj.hits > 0) {*
>>>>>> * set resp.http.X-Cache = "HIT";*
>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>> * # ##########################################################*
>>>>>> * } else {*
>>>>>> * set resp.http.X-Cache = "MISS";*
>>>>>> * }*
>>>>>> *}*
>>>>>>
>>>>>>
>>>>>> Thanks,
>>>>>> -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL: <
https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/attachment-0001.html
>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> Message: 2
>>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>> Subject: Re: XenForo default.vcl settings
>>>>>> Message-ID:
>>>>>> <
CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.gmail.com>
>>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>
>>>>>> I need to add the followings to default.vcl for Xenforo. However,
solutions
>>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>>>>>
>>>>>> xf_session_admin
>>>>>> xf_user
>>>>>> xf_session
>>>>>>
>>>>>> Or how can i block Varnish in a way that it doesn't work in *
domain.com/forum
>>>>>> <http://domain.com/forum>*
>>>>>>
>>>>>>
>>>>>>
>>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com
>:
>>>>>>
>>>>>> > Hi,
>>>>>> >
>>>>>> > Could you please share the appropriate Default.vcl settings for
XenForo
>>>>>> > Forums? No one can register to the forum at the moment. My current
>>>>>> > Default.vcl settings are as follows.
>>>>>> >
>>>>>> > Forum address: domain.com/forum
>>>>>> >
>>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>> > * * *********************************************************/*
>>>>>> > *vcl 4.0;*
>>>>>> > *import std;*
>>>>>> >
>>>>>> > *backend default {*
>>>>>> > * .host = "*******";*
>>>>>> > * .port = "8080";*
>>>>>> > * .connect_timeout = 600s;*
>>>>>> > * .first_byte_timeout = 600s;*
>>>>>> > * .between_bytes_timeout = 600s;*
>>>>>> > * .max_connections = 800;*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>> > *# ##########################################################*
>>>>>> > *acl purge {*
>>>>>> > * "localhost";*
>>>>>> > * "127.0.0.1";*
>>>>>> > *}*
>>>>>> >
>>>>>> > *#THE RECV FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_recv {*
>>>>>> >
>>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
various
>>>>>> > checks*
>>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
].*$",
>>>>>> > ""); *
>>>>>> >
>>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>> > * if (req.restarts == 0) {*
>>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>> > * set req.http.X-Forwarded-For =*
>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> > * } else {*
>>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # Purge request check sections for hash_always_miss, purge and
ban*
>>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>>>> > * # ##########################################################*
>>>>>> >
>>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4") ~
>>>>>> > purge) {*
>>>>>> > * set req.hash_always_miss = true;*
>>>>>> > * }*
>>>>>> > *}*
>>>>>> >
>>>>>> > *if (req.method == "PURGE") {*
>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
"1.2.3.4") ~
>>>>>> > purge) {*
>>>>>> > * return(synth(405,"Not allowed."));*
>>>>>> > * }*
>>>>>> > * return (purge);*
>>>>>> >
>>>>>> > * }*
>>>>>> > *if (req.method == "BAN") {*
>>>>>> > * # Same ACL check as above:*
>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>> > "1.2.3.4") ~ purge) {*
>>>>>> > * return(synth(403, "Not allowed."));*
>>>>>> > * }*
>>>>>> > * ban("req.http.host == " + req.http.host +*
>>>>>> > * " && req.url == " + req.url);*
>>>>>> >
>>>>>> > * # Throw a synthetic page so the*
>>>>>> > * # request won't go to the backend.*
>>>>>> > * return(synth(200, "Ban added"));*
>>>>>> > *}*
>>>>>> >
>>>>>> >
>>>>>> > *# Unset cloudflare cookies*
>>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>> > * # Remove a ";" prefix, if present.*
>>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>>>>> >
>>>>>> > * # For Testing: If you want to test with Varnish passing (not
caching)
>>>>>> > uncomment*
>>>>>> > * # return( pass );*
>>>>>> >
>>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>> > * if (req.restarts == 0) {*
>>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>> > * set req.http.X-Forwarded-For =*
>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>> > * } else {*
>>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > *# DO NOT CACHE RSS FEED*
>>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>>>> > * return ( pass ); *
>>>>>> > *}*
>>>>>> >
>>>>>> > *## Do not cache search results, comment these 3 lines if you do
want to
>>>>>> > cache them*
>>>>>> >
>>>>>> > *if (req.url ~ "/\?s\=") {*
>>>>>> > * return ( pass ); *
>>>>>> > *}*
>>>>>> >
>>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
ACCEPT-ENCODING*
>>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.http.Accept-Encoding) {*
>>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>>>> > * # No point in compressing these*
>>>>>> > * unset req.http.Accept-Encoding;*
>>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>>>> > * } else {*
>>>>>> > * # unknown algorithm*
>>>>>> > * unset req.http.Accept-Encoding;*
>>>>>> > * }*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method != "GET" &&*
>>>>>> > * req.method != "HEAD" &&*
>>>>>> > * req.method != "PUT" && *
>>>>>> > * req.method != "POST" &&*
>>>>>> > * req.method != "TRACE" &&*
>>>>>> > * req.method != "OPTIONS" &&*
>>>>>> > * req.method != "DELETE") {*
>>>>>> > * return (pipe);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>> > * return (pass);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
TOO,
>>>>>> > EITHER*
>>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>>>> > * # ##########################################################*
>>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>> > * return( pass );*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>>> > * # THEN UNSET THE COOKIES*
>>>>>> > * # ##########################################################*
>>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>>>> > * ){*
>>>>>> > * unset req.http.cookie;*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>>>> > * return (pass);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>> > * # ##########################################################*
>>>>>> > * return (hash);*
>>>>>> > * # This is for phpmyadmin*
>>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>> > *return (pass);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>>>> > *return (pass);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *}*
>>>>>> >
>>>>>> > *# HIT FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_hit {*
>>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>> > * # ##########################################################*
>>>>>> > * if (req.method == "PURGE") {*
>>>>>> > * #*
>>>>>> > * # This is now handled in vcl_recv.*
>>>>>> > * #*
>>>>>> > * # purge;*
>>>>>> > * return (synth(200, "Purged."));*
>>>>>> > * }*
>>>>>> > * return (deliver);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# MISS FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_miss {*
>>>>>> > * if (req.method == "PURGE") {*
>>>>>> > * #*
>>>>>> > * # This is now handled in vcl_recv.*
>>>>>> > * #*
>>>>>> > * # purge;*
>>>>>> > * return (synth(200, "Purged."));*
>>>>>> > * }*
>>>>>> > * return (fetch);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# FETCH FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_backend_response {*
>>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>>> > * # TO DO THIS*
>>>>>> > * # ##########################################################*
>>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>>>> >
>>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>> > * # ##########################################################*
>>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>>> > "wordpress_logged_in" ) {*
>>>>>> > * unset beresp.http.set-cookie;*
>>>>>> > * set beresp.ttl = 52w;*
>>>>>> > *# set beresp.grace =1w;*
>>>>>> > * }*
>>>>>> >
>>>>>> > * if (beresp.ttl <= 0s ||*
>>>>>> > * beresp.http.Set-Cookie ||*
>>>>>> > * beresp.http.Vary == "*") {*
>>>>>> > * set beresp.ttl = 120 s;*
>>>>>> > * # set beresp.ttl = 120s;*
>>>>>> > * set beresp.uncacheable = true;*
>>>>>> > * return (deliver);*
>>>>>> > * }*
>>>>>> >
>>>>>> > * return (deliver);*
>>>>>> > *}*
>>>>>> >
>>>>>> > *# DELIVER FUNCTION*
>>>>>> > *# ##########################################################*
>>>>>> > *sub vcl_deliver {*
>>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>> > * # ##########################################################*
>>>>>> > * if (obj.hits > 0) {*
>>>>>> > * set resp.http.X-Cache = "HIT";*
>>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>> > * # ##########################################################*
>>>>>> > * } else {*
>>>>>> > * set resp.http.X-Cache = "MISS";*
>>>>>> > * }*
>>>>>> > *}*
>>>>>> >
>>>>>> >
>>>>>> > Thanks,
>>>>>> >
>>>>>> -------------- next part --------------
>>>>>> An HTML attachment was scrubbed...
>>>>>> URL: <
https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/attachment.html
>
>>>>>>
>>>>>> ------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> varnish-misc mailing list
>>>>>> varnish-misc at varnish-cache.org
>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>>>
>>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>>>> *********************************************
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> varnish-misc mailing list
>>>>> varnish-misc at varnish-cache.org
>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> varnish-misc mailing list
>>>> varnish-misc at varnish-cache.org
>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/7e7b5c09/attachment-0001.html>
More information about the varnish-misc
mailing list