XenForo default.vcl settings

Andrei lagged at gmail.com
Thu Aug 4 16:50:38 CEST 2016


The log output suggests the xf_ cookie check in vcl_recv is not the first
thing to run as you pasted earlier. Also, looking a bit closer, your issue
the fact that you unset the cookie in vcl_backend_response if it's not
wordpress related. Again, you should really audit your entire VCL, and
remove unneeded stuff, like all the WordPress related rules if you're not
using it.

On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
wrote:

> Log message:
>
> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
> -   ReqHeader      If-None-Match: "1787d-5392dab8f2b4e-gzip"
> -   ReqHeader      If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT
> -   ReqHeader      X-Forwarded-For: 95.5.187.232
> -   VCL_call       RECV
> -   ReqHeader      X-Actual-IP: 95.5.187.232
> -   ReqUnset       X-Forwarded-For: 95.5.187.232
> -   ReqHeader      X-Forwarded-For: 95.5.187.232, 95.5.187.232
> -   ReqUnset       Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>                               wFoW2XT0IpqCIsH5v7bQ; xf_session=
> -   ReqHeader      Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>                               est_cookie=WP+Cookie+check
> -   ReqUnset       Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>                               est_cookie=WP+Cookie+check
> -   ReqHeader      Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>                               est_cookie=WP+Cookie+check
> -   ReqUnset       X-Forwarded-For: 95.5.187.232, 95.5.187.232
> -   ReqHeader      X-Forwarded-For: 95.5.187.232, 95.5.187.232,
> 95.5.187.232
> -   ReqUnset       Accept-Encoding: gzip, deflate, sdch
> -   ReqHeader      Accept-Encoding: gzip
> -   VCL_Log        PPPAASS
> -   VCL_return     pass
> -   VCL_call       HASH
> -   VCL_return     lookup
> -   VCL_call       PASS
> -   VCL_return     fetch
> -   Link           bereq 524435 pass
> -   Timestamp      Fetch: 1470321283.617655 0.005758 0.005758
> -   RespProtocol   HTTP/1.1
> -   RespStatus     200
> -   RespReason     OK
> -   RespHeader     Date: Thu, 04 Aug 2016 14:34:43 GMT
> -   RespHeader     Server: Apache/2
> -   RespHeader     Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
> -   RespHeader     ETag: "1787d-5392dab8f2b4e-gzip"
> -   RespHeader     Accept-Ranges: bytes
> --
> -   ReqHeader      If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT
> -   ReqHeader      X-Forwarded-For: 95.5.187.232
> -   VCL_call       RECV
> -   ReqHeader      X-Actual-IP: 95.5.187.232
> -   ReqUnset       X-Forwarded-For: 95.5.187.232
> -   ReqHeader      X-Forwarded-For: 95.5.187.232, 95.5.187.232
> -   ReqUnset       Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>                               wFoW2XT0IpqCIsH5v7bQ; xf_session=
> -   ReqHeader      Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>                               est_cookie=WP+Cookie+check
> -   ReqUnset       Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>                                                pps_times_showed_100=1;
> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>                               est_cookie=WP+Cookie+check
> -   ReqHeader      Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
> pps_show_100=Th
>
> 2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>
>> I assume you reloaded/restarted Varnish after these changes were made. If
>> so, can you verify that you do have the cookies set on the request?
>>
>> maybe add this log message right before returning
>>
>> if(req.http.Cookie ~ "xf_(session|user)") {
>>     std.log( "PPPAASS Cookie set for forum");
>>     return (pass);
>>
>>   }
>>
>> Then you can use varnishlog command (below) to verify cookie is found
>>
>> varnishlog | grep -A15 -B15 "PPPAASS"
>>
>>
>> Cheers,
>> Richard
>>
>>
>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com> wrote:
>> >
>> > First of all, thank you. However the problem continues. Can you examine
>> the codes?
>> >
>> >
>> > /* SET THE HOST AND PORT OF WORDPRESS
>> >  * *********************************************************/
>> > vcl 4.0;
>> > import std;
>> >
>> > backend default {
>> >   .host = "*******";
>> >   .port = "8080";
>> >   .connect_timeout = 600s;
>> >   .first_byte_timeout = 600s;
>> >   .between_bytes_timeout = 600s;
>> >   .max_connections = 800;
>> > }
>> >
>> > # SET THE ALLOWED IP OF PURGE REQUESTS
>> > # ##########################################################
>> > acl purge {
>> >   "localhost";
>> >   "127.0.0.1";
>> > }
>> >
>> > #THE RECV FUNCTION
>> > # ##########################################################
>> > sub vcl_recv {
>> >
>> > if(req.http.Cookie ~ "xf_(session|user)") {
>> >     return (pass);
>> >   }
>> >
>> > # set realIP by trimming CloudFlare IP which will be used for various
>> checks
>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
>> "");
>> >
>> >         # FORWARD THE IP OF THE REQUEST
>> >   if (req.restarts == 0) {
>> >     if (req.http.x-forwarded-for) {
>> >       set req.http.X-Forwarded-For =
>> >       req.http.X-Forwarded-For + ", " + client.ip;
>> >     } else {
>> >       set req.http.X-Forwarded-For = client.ip;
>> >     }
>> >   }
>> >
>> >  # Purge request check sections for hash_always_miss, purge and ban
>> >  # BLOCK IF NOT IP is not in purge acl
>> >  # ##########################################################
>> >
>> >   # Enable smart refreshing using hash_always_miss
>> > if (req.http.Cache-Control ~ "no-cache") {
>> >     if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>> purge) {
>> >          set req.hash_always_miss = true;
>> >     }
>> > }
>> >
>> > if (req.method == "PURGE") {
>> >     if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>> ~ purge) {
>> >         return(synth(405,"Not allowed."));
>> >         }
>> >     return (purge);
>> >
>> >   }
>> > if (req.method == "BAN") {
>> >         # Same ACL check as above:
>> >         if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4") ~ purge) {
>> >                         return(synth(403, "Not allowed."));
>> >         }
>> >         ban("req.http.host == " + req.http.host +
>> >                   " && req.url == " + req.url);
>> >
>> >         # Throw a synthetic page so the
>> >         # request won't go to the backend.
>> >         return(synth(200, "Ban added"));
>> > }
>> >
>> >
>> > # Unset cloudflare cookies
>> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
>> >       set req.http.Cookie = regsuball(req.http.Cookie,
>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
>> >       # Remove a ";" prefix, if present.
>> >      set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>> >
>> >   # For Testing: If you want to test with Varnish passing (not caching)
>> uncomment
>> >   # return( pass );
>> >
>> >   # FORWARD THE IP OF THE REQUEST
>> >   if (req.restarts == 0) {
>> >     if (req.http.x-forwarded-for) {
>> >       set req.http.X-Forwarded-For =
>> >       req.http.X-Forwarded-For + ", " + client.ip;
>> >     } else {
>> >       set req.http.X-Forwarded-For = client.ip;
>> >     }
>> >   }
>> >
>> > # DO NOT CACHE RSS FEED
>> >  if (req.url ~ "/feed(/)?") {
>> >     return ( pass );
>> > }
>> >
>> > ## Do not cache search results, comment these 3 lines if you do want to
>> cache them
>> >
>> > if (req.url ~ "/\?s\=") {
>> >     return ( pass );
>> > }
>> >
>> > # CLEAN UP THE ENCODING HEADER.
>> >   # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY.  WITH VARY ACCEPT-ENCODING
>> >   # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
>> >   # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
>> >   # ##########################################################
>> >   if (req.http.Accept-Encoding) {
>> >     if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
>> >       # No point in compressing these
>> >       unset req.http.Accept-Encoding;
>> >     } elsif (req.http.Accept-Encoding ~ "gzip") {
>> >       set req.http.Accept-Encoding = "gzip";
>> >     } elsif (req.http.Accept-Encoding ~ "deflate") {
>> >       set req.http.Accept-Encoding = "deflate";
>> >     } else {
>> >       # unknown algorithm
>> >       unset req.http.Accept-Encoding;
>> >     }
>> >   }
>> >
>> >   # PIPE ALL NON-STANDARD REQUESTS
>> >   # ##########################################################
>> >   if (req.method != "GET" &&
>> >     req.method != "HEAD" &&
>> >     req.method != "PUT" &&
>> >     req.method != "POST" &&
>> >     req.method != "TRACE" &&
>> >     req.method != "OPTIONS" &&
>> >     req.method != "DELETE") {
>> >       return (pipe);
>> >   }
>> >
>> >   # ONLY CACHE GET AND HEAD REQUESTS
>> >   # ##########################################################
>> >   if (req.method != "GET" && req.method != "HEAD") {
>> >     return (pass);
>> >   }
>> >
>> >   # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>> EITHER
>> >   # COMMENT OR UNCOMMENT BOTH
>> >   # ##########################################################
>> >   if ( req.http.cookie ~ "wordpress_logged_in" ) {
>> >     return( pass );
>> >   }
>> >
>> >   # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
>> >   # THEN UNSET THE COOKIES
>> >   # ##########################################################
>> >   if (!(req.url ~ "wp-(login|admin)")
>> >     && !(req.url ~ "&preview=true" )
>> >   ){
>> >     unset req.http.cookie;
>> >   }
>> >
>> >   # IF BASIC AUTH IS ON THEN DO NOT CACHE
>> >   # ##########################################################
>> >   if (req.http.Authorization || req.http.Cookie) {
>> >     return (pass);
>> >   }
>> >
>> >   # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
>> >   # ##########################################################
>> >   return (hash);
>> >   # This is for phpmyadmin
>> > if (req.http.Host == "ki1.org") {
>> > return (pass);
>> > }
>> >
>> > if (req.http.Host == "mysql.ki1.org") {
>> > return (pass);
>> > }
>> >
>> > }
>> >
>> > # HIT FUNCTION
>> > # ##########################################################
>> > sub vcl_hit {
>> >   # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
>> >   # ##########################################################
>> >   if (req.method == "PURGE") {
>> >     #
>> >     # This is now handled in vcl_recv.
>> >     #
>> >     # purge;
>> >     return (synth(200, "Purged."));
>> >   }
>> >   return (deliver);
>> > }
>> >
>> > # MISS FUNCTION
>> > # ##########################################################
>> > sub vcl_miss {
>> >   if (req.method == "PURGE") {
>> >     #
>> >     # This is now handled in vcl_recv.
>> >     #
>> >     # purge;
>> >     return (synth(200, "Purged."));
>> >   }
>> >   return (fetch);
>> > }
>> >
>> > # FETCH FUNCTION
>> > # ##########################################################
>> > sub vcl_backend_response {
>> >   # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>> >   # TENDANCY TO SET VARY USER-AGENT.  YOU MAY OR MAY NOT WANT
>> >   # TO DO THIS
>> >   # ##########################################################
>> >   set beresp.http.Vary = "Accept-Encoding";
>> >
>> >   # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>> >   # TIME THIS PAGE WILL STAY CACHED (TTL)
>> >   # ##########################################################
>> >   if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> "wordpress_logged_in" ) {
>> >     unset beresp.http.set-cookie;
>> >     set beresp.ttl = 52w;
>> > #    set beresp.grace =1w;
>> >   }
>> >
>> >     if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>> > set beresp.uncacheable = true;
>> >     set beresp.ttl = 1w;
>> >     return (deliver);
>> >   }
>> >
>> >
>> >   if (beresp.ttl <= 0s ||
>> >     beresp.http.Set-Cookie ||
>> >     beresp.http.Vary == "*") {
>> >       set beresp.ttl = 120 s;
>> >       # set beresp.ttl = 120s;
>> >       set beresp.uncacheable = true;
>> >       return (deliver);
>> >   }
>> >
>> >   return (deliver);
>> > }
>> >
>> > # DELIVER FUNCTION
>> > # ##########################################################
>> > sub vcl_deliver {
>> >   # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>> >   # IN THE HEADER (GREAT FOR DEBUGGING)
>> >   # ##########################################################
>> >   if (obj.hits > 0) {
>> >     set resp.http.X-Cache = "HIT";
>> >   # IF THIS IS A MISS RETURN THAT IN THE HEADER
>> >   # ##########################################################
>> >   } else {
>> >     set resp.http.X-Cache = "MISS";
>> >   }
>> > }
>> >
>> >
>> >
>> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>> >>
>> >> correction:
>> >>
>> >> sub vcl_recv {
>> >>   if(req.http.Cookie ~ "xf_(session|user)") {
>> >>     return (pass);
>> >>   }
>> >> }
>> >>
>> >> sub vcl_backend_response {
>> >>   if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>> >>     set beresp.uncacheable = true;
>> >>     set beresp.ttl = 1w;
>> >>     return (deliver);
>> >>   }
>> >> }
>> >>
>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>> >>>
>> >>> Hello,
>> >>>
>> >>> Aside from the provided VCL being for WordPress, while you're running
>> XenForo, the xf_ cookies are being dropped by your config. A quick fix is:
>> >>>
>> >>> sub vcl_recv {
>> >>>   if( req.http.Cookie ~ "xf_(session|user)") {
>> >>>     return (pass);
>> >>>   }
>> >>> }
>> >>>
>> >>> sub vcl_backend_response {
>> >>>   if (req.http.Cookie ~ "xf_(session|user)") {
>> >>>     set beresp.uncacheable = true;
>> >>>     set beresp.ttl = 1w;
>> >>>     return (deliver);
>> >>>   }
>> >>> }
>> >>>
>> >>> However, I suggest auditing your VCL, and only including rules
>> specific to the application(s) which you are running.
>> >>>
>> >>>
>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com> wrote:
>> >>>>
>> >>>> Users can't login or register to domain.com/forum with the current
>> settings. So we need to make a change related to xf_user and xf_session but
>> how?
>> >>>>
>> >>>>
>> >>>>
>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>> >>>>>
>> >>>>> If you want Varnish to ignore request for a path you need to tell
>> it to pass. In your example you have a rule for the RSS feed. You can do
>> the same for /forum/ in your vcl_recv block.
>> >>>>>
>> >>>>> *# DO NOT CACHE RSS FEED*
>> >>>>> * if (req.url ~ "/feed(/)?") {*
>> >>>>> *    return ( pass ); *
>> >>>>> *}*
>> >>>>>
>> >>>>> *# DO NOT CACHE FORUM*
>> >>>>>  if (req.url ~ "/forum(/)?") {
>> >>>>>     return ( pass );
>> >>>>>  }
>> >>>>>
>> >>>>> Cheers,
>> >>>>> Richard
>> >>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> Message: 1
>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>> >>>>>> Subject: XenForo default.vcl settings
>> >>>>>> Message-ID:
>> >>>>>>         <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.
>> gmail.com>
>> >>>>>> Content-Type: text/plain; charset="utf-8"
>> >>>>>>
>> >>>>>> Hi,
>> >>>>>>
>> >>>>>> Could you please share the appropriate Default.vcl settings for
>> XenForo
>> >>>>>> Forums? No one can register to the forum at the moment. My current
>> >>>>>> Default.vcl settings are as follows.
>> >>>>>>
>> >>>>>> Forum address: domain.com/forum
>> >>>>>>
>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>> >>>>>> * * *********************************************************/*
>> >>>>>> *vcl 4.0;*
>> >>>>>> *import std;*
>> >>>>>>
>> >>>>>> *backend default {*
>> >>>>>> *  .host = "*******";*
>> >>>>>> *  .port = "8080";*
>> >>>>>> *  .connect_timeout = 600s;*
>> >>>>>> *  .first_byte_timeout = 600s;*
>> >>>>>> *  .between_bytes_timeout = 600s;*
>> >>>>>> *  .max_connections = 800;*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>> >>>>>> *# ##########################################################*
>> >>>>>> *acl purge {*
>> >>>>>> *  "localhost";*
>> >>>>>> *  "127.0.0.1";*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *#THE RECV FUNCTION*
>> >>>>>> *# ##########################################################*
>> >>>>>> *sub vcl_recv {*
>> >>>>>>
>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for
>> various
>> >>>>>> checks*
>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>> ].*$",
>> >>>>>> ""); *
>> >>>>>>
>> >>>>>> *        # FORWARD THE IP OF THE REQUEST*
>> >>>>>> *  if (req.restarts == 0) {*
>> >>>>>> *    if (req.http.x-forwarded-for) {*
>> >>>>>> *      set req.http.X-Forwarded-For =*
>> >>>>>> *      req.http.X-Forwarded-For + ", " + client.ip;*
>> >>>>>> *    } else {*
>> >>>>>> *      set req.http.X-Forwarded-For = client.ip;*
>> >>>>>> *    }*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> * # Purge request check sections for hash_always_miss, purge and
>> ban*
>> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
>> >>>>>> * # ##########################################################*
>> >>>>>>
>> >>>>>> *  # Enable smart refreshing using hash_always_miss*
>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>> >>>>>> *    if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4") ~
>> >>>>>> purge) {*
>> >>>>>> *         set req.hash_always_miss = true;*
>> >>>>>> *    }*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *if (req.method == "PURGE") {*
>> >>>>>> *    if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4") ~
>> >>>>>> purge) {*
>> >>>>>> *        return(synth(405,"Not allowed."));*
>> >>>>>> *        }*
>> >>>>>> *    return (purge);*
>> >>>>>>
>> >>>>>> *  }*
>> >>>>>> *if (req.method == "BAN") {*
>> >>>>>> *        # Same ACL check as above:*
>> >>>>>> *        if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4")
>> >>>>>> ~ purge) {*
>> >>>>>> *                        return(synth(403, "Not allowed."));*
>> >>>>>> *        }*
>> >>>>>> *        ban("req.http.host == " + req.http.host +*
>> >>>>>> *                  " && req.url == " + req.url);*
>> >>>>>>
>> >>>>>> *        # Throw a synthetic page so the*
>> >>>>>> *        # request won't go to the backend.*
>> >>>>>> *        return(synth(200, "Ban added"));*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>>
>> >>>>>> *# Unset cloudflare cookies*
>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>> >>>>>> *      set req.http.Cookie = regsuball(req.http.Cookie,
>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>> >>>>>> *      # Remove a ";" prefix, if present.*
>> >>>>>> *     set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>> >>>>>>
>> >>>>>> *  # For Testing: If you want to test with Varnish passing (not
>> caching)
>> >>>>>> uncomment*
>> >>>>>> *  # return( pass );*
>> >>>>>>
>> >>>>>> *  # FORWARD THE IP OF THE REQUEST*
>> >>>>>> *  if (req.restarts == 0) {*
>> >>>>>> *    if (req.http.x-forwarded-for) {*
>> >>>>>> *      set req.http.X-Forwarded-For =*
>> >>>>>> *      req.http.X-Forwarded-For + ", " + client.ip;*
>> >>>>>> *    } else {*
>> >>>>>> *      set req.http.X-Forwarded-For = client.ip;*
>> >>>>>> *    }*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *# DO NOT CACHE RSS FEED*
>> >>>>>> * if (req.url ~ "/feed(/)?") {*
>> >>>>>> *    return ( pass ); *
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *## Do not cache search results, comment these 3 lines if you do
>> want to
>> >>>>>> cache them*
>> >>>>>>
>> >>>>>> *if (req.url ~ "/\?s\=") {*
>> >>>>>> *    return ( pass ); *
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
>> >>>>>> *  # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY.  WITH VARY
>> ACCEPT-ENCODING*
>> >>>>>> *  # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>> >>>>>> *  # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (req.http.Accept-Encoding) {*
>> >>>>>> *    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>> >>>>>> *      # No point in compressing these*
>> >>>>>> *      unset req.http.Accept-Encoding;*
>> >>>>>> *    } elsif (req.http.Accept-Encoding ~ "gzip") {*
>> >>>>>> *      set req.http.Accept-Encoding = "gzip";*
>> >>>>>> *    } elsif (req.http.Accept-Encoding ~ "deflate") {*
>> >>>>>> *      set req.http.Accept-Encoding = "deflate";*
>> >>>>>> *    } else {*
>> >>>>>> *      # unknown algorithm*
>> >>>>>> *      unset req.http.Accept-Encoding;*
>> >>>>>> *    }*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # PIPE ALL NON-STANDARD REQUESTS*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (req.method != "GET" &&*
>> >>>>>> *    req.method != "HEAD" &&*
>> >>>>>> *    req.method != "PUT" && *
>> >>>>>> *    req.method != "POST" &&*
>> >>>>>> *    req.method != "TRACE" &&*
>> >>>>>> *    req.method != "OPTIONS" &&*
>> >>>>>> *    req.method != "DELETE") {*
>> >>>>>> *      return (pipe);*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # ONLY CACHE GET AND HEAD REQUESTS*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (req.method != "GET" && req.method != "HEAD") {*
>> >>>>>> *    return (pass);*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
>> TOO,
>> >>>>>> EITHER*
>> >>>>>> *  # COMMENT OR UNCOMMENT BOTH*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>> >>>>>> *    return( pass );*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>> >>>>>> *  # THEN UNSET THE COOKIES*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (!(req.url ~ "wp-(login|admin)") *
>> >>>>>> *    && !(req.url ~ "&preview=true" ) *
>> >>>>>> *  ){*
>> >>>>>> *    unset req.http.cookie;*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (req.http.Authorization || req.http.Cookie) {*
>> >>>>>> *    return (pass);*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  return (hash);*
>> >>>>>> *  # This is for phpmyadmin*
>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>> >>>>>> *return (pass);*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>> >>>>>> *return (pass);*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# HIT FUNCTION*
>> >>>>>> *# ##########################################################*
>> >>>>>> *sub vcl_hit {*
>> >>>>>> *  # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (req.method == "PURGE") {*
>> >>>>>> *    #*
>> >>>>>> *    # This is now handled in vcl_recv.*
>> >>>>>> *    #*
>> >>>>>> *    # purge;*
>> >>>>>> *    return (synth(200, "Purged."));*
>> >>>>>> *  }*
>> >>>>>> *  return (deliver);*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# MISS FUNCTION*
>> >>>>>> *# ##########################################################*
>> >>>>>> *sub vcl_miss {*
>> >>>>>> *  if (req.method == "PURGE") {*
>> >>>>>> *    #*
>> >>>>>> *    # This is now handled in vcl_recv.*
>> >>>>>> *    #*
>> >>>>>> *    # purge;*
>> >>>>>> *    return (synth(200, "Purged."));*
>> >>>>>> *  }*
>> >>>>>> *  return (fetch);*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# FETCH FUNCTION*
>> >>>>>> *# ##########################################################*
>> >>>>>> *sub vcl_backend_response {*
>> >>>>>> *  # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>> >>>>>> *  # TENDANCY TO SET VARY USER-AGENT.  YOU MAY OR MAY NOT WANT*
>> >>>>>> *  # TO DO THIS*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  set beresp.http.Vary = "Accept-Encoding";*
>> >>>>>>
>> >>>>>> *  # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>> >>>>>> *  # TIME THIS PAGE WILL STAY CACHED (TTL)*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> >>>>>> "wordpress_logged_in" ) {*
>> >>>>>> *    unset beresp.http.set-cookie;*
>> >>>>>> *    set beresp.ttl = 52w;*
>> >>>>>> *#    set beresp.grace =1w;*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  if (beresp.ttl <= 0s ||*
>> >>>>>> *    beresp.http.Set-Cookie ||*
>> >>>>>> *    beresp.http.Vary == "*") {*
>> >>>>>> *      set beresp.ttl = 120 s;*
>> >>>>>> *      # set beresp.ttl = 120s;*
>> >>>>>> *      set beresp.uncacheable = true;*
>> >>>>>> *      return (deliver);*
>> >>>>>> *  }*
>> >>>>>>
>> >>>>>> *  return (deliver);*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>> *# DELIVER FUNCTION*
>> >>>>>> *# ##########################################################*
>> >>>>>> *sub vcl_deliver {*
>> >>>>>> *  # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>> >>>>>> *  # IN THE HEADER (GREAT FOR DEBUGGING)*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  if (obj.hits > 0) {*
>> >>>>>> *    set resp.http.X-Cache = "HIT";*
>> >>>>>> *  # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>> >>>>>> *  # ##########################################################*
>> >>>>>> *  } else {*
>> >>>>>> *    set resp.http.X-Cache = "MISS";*
>> >>>>>> *  }*
>> >>>>>> *}*
>> >>>>>>
>> >>>>>>
>> >>>>>> Thanks,
>> >>>>>> -------------- next part --------------
>> >>>>>> An HTML attachment was scrubbed...
>> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>> attachments/20160803/d572e4b2/attachment-0001.html>
>> >>>>>>
>> >>>>>> ------------------------------
>> >>>>>>
>> >>>>>> Message: 2
>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>> >>>>>> Subject: Re: XenForo default.vcl settings
>> >>>>>> Message-ID:
>> >>>>>>         <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.
>> gmail.com>
>> >>>>>> Content-Type: text/plain; charset="utf-8"
>> >>>>>>
>> >>>>>> I need to add the followings to default.vcl for Xenforo. However,
>> solutions
>> >>>>>> in the Xenforo forums for this didn't work. Can you please help?
>> >>>>>>
>> >>>>>> xf_session_admin
>> >>>>>> xf_user
>> >>>>>> xf_session
>> >>>>>>
>> >>>>>> Or how can i block Varnish in a way that it doesn't work in *
>> domain.com/forum
>> >>>>>> <http://domain.com/forum>*
>> >>>>>>
>> >>>>>>
>> >>>>>>
>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com>:
>> >>>>>>
>> >>>>>> > Hi,
>> >>>>>> >
>> >>>>>> > Could you please share the appropriate Default.vcl settings for
>> XenForo
>> >>>>>> > Forums? No one can register to the forum at the moment. My
>> current
>> >>>>>> > Default.vcl settings are as follows.
>> >>>>>> >
>> >>>>>> > Forum address: domain.com/forum
>> >>>>>> >
>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>> >>>>>> > * * *********************************************************/*
>> >>>>>> > *vcl 4.0;*
>> >>>>>> > *import std;*
>> >>>>>> >
>> >>>>>> > *backend default {*
>> >>>>>> > *  .host = "*******";*
>> >>>>>> > *  .port = "8080";*
>> >>>>>> > *  .connect_timeout = 600s;*
>> >>>>>> > *  .first_byte_timeout = 600s;*
>> >>>>>> > *  .between_bytes_timeout = 600s;*
>> >>>>>> > *  .max_connections = 800;*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *acl purge {*
>> >>>>>> > *  "localhost";*
>> >>>>>> > *  "127.0.0.1";*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *#THE RECV FUNCTION*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *sub vcl_recv {*
>> >>>>>> >
>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
>> various
>> >>>>>> > checks*
>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>> "[, ].*$",
>> >>>>>> > ""); *
>> >>>>>> >
>> >>>>>> > *        # FORWARD THE IP OF THE REQUEST*
>> >>>>>> > *  if (req.restarts == 0) {*
>> >>>>>> > *    if (req.http.x-forwarded-for) {*
>> >>>>>> > *      set req.http.X-Forwarded-For =*
>> >>>>>> > *      req.http.X-Forwarded-For + ", " + client.ip;*
>> >>>>>> > *    } else {*
>> >>>>>> > *      set req.http.X-Forwarded-For = client.ip;*
>> >>>>>> > *    }*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > * # Purge request check sections for hash_always_miss, purge and
>> ban*
>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>> >>>>>> > * # ##########################################################*
>> >>>>>> >
>> >>>>>> > *  # Enable smart refreshing using hash_always_miss*
>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>> >>>>>> > *    if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4") ~
>> >>>>>> > purge) {*
>> >>>>>> > *         set req.hash_always_miss = true;*
>> >>>>>> > *    }*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *if (req.method == "PURGE") {*
>> >>>>>> > *    if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4") ~
>> >>>>>> > purge) {*
>> >>>>>> > *        return(synth(405,"Not allowed."));*
>> >>>>>> > *        }*
>> >>>>>> > *    return (purge);*
>> >>>>>> >
>> >>>>>> > *  }*
>> >>>>>> > *if (req.method == "BAN") {*
>> >>>>>> > *        # Same ACL check as above:*
>> >>>>>> > *        if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> >>>>>> > "1.2.3.4") ~ purge) {*
>> >>>>>> > *                        return(synth(403, "Not allowed."));*
>> >>>>>> > *        }*
>> >>>>>> > *        ban("req.http.host == " + req.http.host +*
>> >>>>>> > *                  " && req.url == " + req.url);*
>> >>>>>> >
>> >>>>>> > *        # Throw a synthetic page so the*
>> >>>>>> > *        # request won't go to the backend.*
>> >>>>>> > *        return(synth(200, "Ban added"));*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> >
>> >>>>>> > *# Unset cloudflare cookies*
>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>> >>>>>> > *      set req.http.Cookie = regsuball(req.http.Cookie,
>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>> >>>>>> > *      # Remove a ";" prefix, if present.*
>> >>>>>> > *     set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>> "");*
>> >>>>>> >
>> >>>>>> > *  # For Testing: If you want to test with Varnish passing (not
>> caching)
>> >>>>>> > uncomment*
>> >>>>>> > *  # return( pass );*
>> >>>>>> >
>> >>>>>> > *  # FORWARD THE IP OF THE REQUEST*
>> >>>>>> > *  if (req.restarts == 0) {*
>> >>>>>> > *    if (req.http.x-forwarded-for) {*
>> >>>>>> > *      set req.http.X-Forwarded-For =*
>> >>>>>> > *      req.http.X-Forwarded-For + ", " + client.ip;*
>> >>>>>> > *    } else {*
>> >>>>>> > *      set req.http.X-Forwarded-For = client.ip;*
>> >>>>>> > *    }*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *# DO NOT CACHE RSS FEED*
>> >>>>>> > * if (req.url ~ "/feed(/)?") {*
>> >>>>>> > *    return ( pass ); *
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *## Do not cache search results, comment these 3 lines if you do
>> want to
>> >>>>>> > cache them*
>> >>>>>> >
>> >>>>>> > *if (req.url ~ "/\?s\=") {*
>> >>>>>> > *    return ( pass ); *
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>> >>>>>> > *  # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY.  WITH VARY
>> ACCEPT-ENCODING*
>> >>>>>> > *  # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>> >>>>>> > *  # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (req.http.Accept-Encoding) {*
>> >>>>>> > *    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>> >>>>>> > *      # No point in compressing these*
>> >>>>>> > *      unset req.http.Accept-Encoding;*
>> >>>>>> > *    } elsif (req.http.Accept-Encoding ~ "gzip") {*
>> >>>>>> > *      set req.http.Accept-Encoding = "gzip";*
>> >>>>>> > *    } elsif (req.http.Accept-Encoding ~ "deflate") {*
>> >>>>>> > *      set req.http.Accept-Encoding = "deflate";*
>> >>>>>> > *    } else {*
>> >>>>>> > *      # unknown algorithm*
>> >>>>>> > *      unset req.http.Accept-Encoding;*
>> >>>>>> > *    }*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # PIPE ALL NON-STANDARD REQUESTS*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (req.method != "GET" &&*
>> >>>>>> > *    req.method != "HEAD" &&*
>> >>>>>> > *    req.method != "PUT" && *
>> >>>>>> > *    req.method != "POST" &&*
>> >>>>>> > *    req.method != "TRACE" &&*
>> >>>>>> > *    req.method != "OPTIONS" &&*
>> >>>>>> > *    req.method != "DELETE") {*
>> >>>>>> > *      return (pipe);*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # ONLY CACHE GET AND HEAD REQUESTS*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (req.method != "GET" && req.method != "HEAD") {*
>> >>>>>> > *    return (pass);*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>> FETCH TOO,
>> >>>>>> > EITHER*
>> >>>>>> > *  # COMMENT OR UNCOMMENT BOTH*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>> >>>>>> > *    return( pass );*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>> >>>>>> > *  # THEN UNSET THE COOKIES*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (!(req.url ~ "wp-(login|admin)") *
>> >>>>>> > *    && !(req.url ~ "&preview=true" ) *
>> >>>>>> > *  ){*
>> >>>>>> > *    unset req.http.cookie;*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (req.http.Authorization || req.http.Cookie) {*
>> >>>>>> > *    return (pass);*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  return (hash);*
>> >>>>>> > *  # This is for phpmyadmin*
>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>> >>>>>> > *return (pass);*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>> >>>>>> > *return (pass);*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# HIT FUNCTION*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *sub vcl_hit {*
>> >>>>>> > *  # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (req.method == "PURGE") {*
>> >>>>>> > *    #*
>> >>>>>> > *    # This is now handled in vcl_recv.*
>> >>>>>> > *    #*
>> >>>>>> > *    # purge;*
>> >>>>>> > *    return (synth(200, "Purged."));*
>> >>>>>> > *  }*
>> >>>>>> > *  return (deliver);*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# MISS FUNCTION*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *sub vcl_miss {*
>> >>>>>> > *  if (req.method == "PURGE") {*
>> >>>>>> > *    #*
>> >>>>>> > *    # This is now handled in vcl_recv.*
>> >>>>>> > *    #*
>> >>>>>> > *    # purge;*
>> >>>>>> > *    return (synth(200, "Purged."));*
>> >>>>>> > *  }*
>> >>>>>> > *  return (fetch);*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# FETCH FUNCTION*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *sub vcl_backend_response {*
>> >>>>>> > *  # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>> >>>>>> > *  # TENDANCY TO SET VARY USER-AGENT.  YOU MAY OR MAY NOT WANT*
>> >>>>>> > *  # TO DO THIS*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  set beresp.http.Vary = "Accept-Encoding";*
>> >>>>>> >
>> >>>>>> > *  # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>> >>>>>> > *  # TIME THIS PAGE WILL STAY CACHED (TTL)*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> >>>>>> > "wordpress_logged_in" ) {*
>> >>>>>> > *    unset beresp.http.set-cookie;*
>> >>>>>> > *    set beresp.ttl = 52w;*
>> >>>>>> > *#    set beresp.grace =1w;*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  if (beresp.ttl <= 0s ||*
>> >>>>>> > *    beresp.http.Set-Cookie ||*
>> >>>>>> > *    beresp.http.Vary == "*") {*
>> >>>>>> > *      set beresp.ttl = 120 s;*
>> >>>>>> > *      # set beresp.ttl = 120s;*
>> >>>>>> > *      set beresp.uncacheable = true;*
>> >>>>>> > *      return (deliver);*
>> >>>>>> > *  }*
>> >>>>>> >
>> >>>>>> > *  return (deliver);*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> > *# DELIVER FUNCTION*
>> >>>>>> > *# ##########################################################*
>> >>>>>> > *sub vcl_deliver {*
>> >>>>>> > *  # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>> >>>>>> > *  # IN THE HEADER (GREAT FOR DEBUGGING)*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  if (obj.hits > 0) {*
>> >>>>>> > *    set resp.http.X-Cache = "HIT";*
>> >>>>>> > *  # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>> >>>>>> > *  # ##########################################################*
>> >>>>>> > *  } else {*
>> >>>>>> > *    set resp.http.X-Cache = "MISS";*
>> >>>>>> > *  }*
>> >>>>>> > *}*
>> >>>>>> >
>> >>>>>> >
>> >>>>>> > Thanks,
>> >>>>>> >
>> >>>>>> -------------- next part --------------
>> >>>>>> An HTML attachment was scrubbed...
>> >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>> attachments/20160804/4e3f064a/attachment.html>
>> >>>>>>
>> >>>>>> ------------------------------
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> varnish-misc mailing list
>> >>>>>> varnish-misc at varnish-cache.org
>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> >>>>>>
>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>> >>>>>> *********************************************
>> >>>>>
>> >>>>>
>> >>>>>
>> >>>>> _______________________________________________
>> >>>>> varnish-misc mailing list
>> >>>>> varnish-misc at varnish-cache.org
>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> >>>>
>> >>>>
>> >>>>
>> >>>> _______________________________________________
>> >>>> varnish-misc mailing list
>> >>>> varnish-misc at varnish-cache.org
>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> >>>
>> >>>
>> >>
>> >
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/db412ec1/attachment-0001.html>


More information about the varnish-misc mailing list