XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Thu Aug 4 18:07:54 CEST 2016
Finally!
Login function is now working with the following settings but X-Cache
shows MISS instead of HIT.
#THE RECV FUNCTION
# ##########################################################
sub vcl_recv {
if( req.http.Cookie ~ "xf_(session|user)") {
return (pass);
}
# FETCH FUNCTION
# ##########################################################
sub vcl_backend_response {
# I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
# TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
# TO DO THIS
# ##########################################################
set beresp.http.Vary = "Accept-Encoding";
# IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
# TIME THIS PAGE WILL STAY CACHED (TTL)
# ##########################################################
if (beresp.http.Set-Cookie ~ "xf_(session|user)")
{ set beresp.uncacheable = true;
set beresp.ttl = 1w;
return (deliver);
}
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
set beresp.ttl = 120 s;
# set beresp.ttl = 120s;
set beresp.uncacheable = true;
return (deliver);
}
return (deliver);
}
# DELIVER FUNCTION
# ##########################################################
sub vcl_deliver {
# IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
# IN THE HEADER (GREAT FOR DEBUGGING)
# ##########################################################
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
# IF THIS IS A MISS RETURN THAT IN THE HEADER
# ##########################################################
} else {
set resp.http.X-Cache = "MISS";
}
}
2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>:
> Finally!
> Login function is now working with the following settings but X-Cache
> shows MISS instead of HIT.
>
>
> *#THE RECV FUNCTION*
> *# ##########################################################*
> *sub vcl_recv { *
> * if( req.http.Cookie ~ "xf_(session|user)") {*
> * return (pass);*
> * }*
>
>
> *# FETCH FUNCTION*
> *# ##########################################################*
> *sub vcl_backend_response { *
>
> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
> * # TO DO THIS*
> * # ##########################################################*
> * set beresp.http.Vary = "Accept-Encoding";*
>
> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
> * # ##########################################################*
> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") *
> *{ set beresp.uncacheable = true;*
> * set beresp.ttl = 1w;*
> * return (deliver);*
> * }*
>
> * if (beresp.ttl <= 0s ||*
> * beresp.http.Set-Cookie ||*
> * beresp.http.Vary == "*") {*
> * set beresp.ttl = 120 s;*
> * # set beresp.ttl = 120s;*
> * set beresp.uncacheable = true;*
> * return (deliver);*
> * }*
>
> * return (deliver);*
> *}*
>
> *# DELIVER FUNCTION*
> *# ##########################################################*
> *sub vcl_deliver {*
> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
> * # IN THE HEADER (GREAT FOR DEBUGGING)*
> * # ##########################################################*
> * if (obj.hits > 0) {*
> * set resp.http.X-Cache = "HIT";*
> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
> * # ##########################################################*
> * } else {*
> * set resp.http.X-Cache = "MISS";*
> * }*
> *}*
>
> 2016-08-04 18:02 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>
>> I agree that the order of execution may be getting you here. If you need
>> the WordPress rules then you may need to put additional logic to ensure
>> non-wordpress applications are not negatively affected.
>>
>> What happens if you change the order of these two blocks? Put your
>> Set-Cookie check block before the wp-login check.
>>
>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>> > # ##########################################################
>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> "wordpress_logged_in" ) {
>> > unset beresp.http.set-cookie;
>> > set beresp.ttl = 52w;
>> > # set beresp.grace =1w;
>> > }
>> >
>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>> > set beresp.uncacheable = true;
>> > set beresp.ttl = 1w;
>> > return (deliver);
>> > }
>>
>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei <lagged at gmail.com> wrote:
>>
>>> The log output suggests the xf_ cookie check in vcl_recv is not the
>>> first thing to run as you pasted earlier. Also, looking a bit closer, your
>>> issue the fact that you unset the cookie in vcl_backend_response if it's
>>> not wordpress related. Again, you should really audit your entire VCL, and
>>> remove unneeded stuff, like all the WordPress related rules if you're not
>>> using it.
>>>
>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <
>>> ayberk.kimsesiz at gmail.com> wrote:
>>>
>>>> Log message:
>>>>
>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"
>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT
>>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>>> - VCL_call RECV
>>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>> est_cookie=WP+Cookie+check
>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>> est_cookie=WP+Cookie+check
>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>> est_cookie=WP+Cookie+check
>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232,
>>>> 95.5.187.232
>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch
>>>> - ReqHeader Accept-Encoding: gzip
>>>> - VCL_Log PPPAASS
>>>> - VCL_return pass
>>>> - VCL_call HASH
>>>> - VCL_return lookup
>>>> - VCL_call PASS
>>>> - VCL_return fetch
>>>> - Link bereq 524435 pass
>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758
>>>> - RespProtocol HTTP/1.1
>>>> - RespStatus 200
>>>> - RespReason OK
>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT
>>>> - RespHeader Server: Apache/2
>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip"
>>>> - RespHeader Accept-Ranges: bytes
>>>> --
>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT
>>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>>> - VCL_call RECV
>>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>> est_cookie=WP+Cookie+check
>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>> pps_times_showed_100=1;
>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>> est_cookie=WP+Cookie+check
>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>> pps_show_100=Th
>>>>
>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>
>>>>> I assume you reloaded/restarted Varnish after these changes were made.
>>>>> If so, can you verify that you do have the cookies set on the request?
>>>>>
>>>>> maybe add this log message right before returning
>>>>>
>>>>> if(req.http.Cookie ~ "xf_(session|user)") {
>>>>> std.log( "PPPAASS Cookie set for forum");
>>>>> return (pass);
>>>>>
>>>>> }
>>>>>
>>>>> Then you can use varnishlog command (below) to verify cookie is found
>>>>>
>>>>> varnishlog | grep -A15 -B15 "PPPAASS"
>>>>>
>>>>>
>>>>> Cheers,
>>>>> Richard
>>>>>
>>>>>
>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <
>>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>> >
>>>>> > First of all, thank you. However the problem continues. Can you
>>>>> examine the codes?
>>>>> >
>>>>> >
>>>>> > /* SET THE HOST AND PORT OF WORDPRESS
>>>>> > * *********************************************************/
>>>>> > vcl 4.0;
>>>>> > import std;
>>>>> >
>>>>> > backend default {
>>>>> > .host = "*******";
>>>>> > .port = "8080";
>>>>> > .connect_timeout = 600s;
>>>>> > .first_byte_timeout = 600s;
>>>>> > .between_bytes_timeout = 600s;
>>>>> > .max_connections = 800;
>>>>> > }
>>>>> >
>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS
>>>>> > # ##########################################################
>>>>> > acl purge {
>>>>> > "localhost";
>>>>> > "127.0.0.1";
>>>>> > }
>>>>> >
>>>>> > #THE RECV FUNCTION
>>>>> > # ##########################################################
>>>>> > sub vcl_recv {
>>>>> >
>>>>> > if(req.http.Cookie ~ "xf_(session|user)") {
>>>>> > return (pass);
>>>>> > }
>>>>> >
>>>>> > # set realIP by trimming CloudFlare IP which will be used for
>>>>> various checks
>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>>> ].*$", "");
>>>>> >
>>>>> > # FORWARD THE IP OF THE REQUEST
>>>>> > if (req.restarts == 0) {
>>>>> > if (req.http.x-forwarded-for) {
>>>>> > set req.http.X-Forwarded-For =
>>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>>> > } else {
>>>>> > set req.http.X-Forwarded-For = client.ip;
>>>>> > }
>>>>> > }
>>>>> >
>>>>> > # Purge request check sections for hash_always_miss, purge and ban
>>>>> > # BLOCK IF NOT IP is not in purge acl
>>>>> > # ##########################################################
>>>>> >
>>>>> > # Enable smart refreshing using hash_always_miss
>>>>> > if (req.http.Cache-Control ~ "no-cache") {
>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~ purge) {
>>>>> > set req.hash_always_miss = true;
>>>>> > }
>>>>> > }
>>>>> >
>>>>> > if (req.method == "PURGE") {
>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~ purge) {
>>>>> > return(synth(405,"Not allowed."));
>>>>> > }
>>>>> > return (purge);
>>>>> >
>>>>> > }
>>>>> > if (req.method == "BAN") {
>>>>> > # Same ACL check as above:
>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~ purge) {
>>>>> > return(synth(403, "Not allowed."));
>>>>> > }
>>>>> > ban("req.http.host == " + req.http.host +
>>>>> > " && req.url == " + req.url);
>>>>> >
>>>>> > # Throw a synthetic page so the
>>>>> > # request won't go to the backend.
>>>>> > return(synth(200, "Ban added"));
>>>>> > }
>>>>> >
>>>>> >
>>>>> > # Unset cloudflare cookies
>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
>>>>> > set req.http.Cookie = regsuball(req.http.Cookie,
>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
>>>>> > # Remove a ";" prefix, if present.
>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>>>>> >
>>>>> > # For Testing: If you want to test with Varnish passing (not
>>>>> caching) uncomment
>>>>> > # return( pass );
>>>>> >
>>>>> > # FORWARD THE IP OF THE REQUEST
>>>>> > if (req.restarts == 0) {
>>>>> > if (req.http.x-forwarded-for) {
>>>>> > set req.http.X-Forwarded-For =
>>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>>> > } else {
>>>>> > set req.http.X-Forwarded-For = client.ip;
>>>>> > }
>>>>> > }
>>>>> >
>>>>> > # DO NOT CACHE RSS FEED
>>>>> > if (req.url ~ "/feed(/)?") {
>>>>> > return ( pass );
>>>>> > }
>>>>> >
>>>>> > ## Do not cache search results, comment these 3 lines if you do want
>>>>> to cache them
>>>>> >
>>>>> > if (req.url ~ "/\?s\=") {
>>>>> > return ( pass );
>>>>> > }
>>>>> >
>>>>> > # CLEAN UP THE ENCODING HEADER.
>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>> ACCEPT-ENCODING
>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
>>>>> > # ##########################################################
>>>>> > if (req.http.Accept-Encoding) {
>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
>>>>> > # No point in compressing these
>>>>> > unset req.http.Accept-Encoding;
>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") {
>>>>> > set req.http.Accept-Encoding = "gzip";
>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") {
>>>>> > set req.http.Accept-Encoding = "deflate";
>>>>> > } else {
>>>>> > # unknown algorithm
>>>>> > unset req.http.Accept-Encoding;
>>>>> > }
>>>>> > }
>>>>> >
>>>>> > # PIPE ALL NON-STANDARD REQUESTS
>>>>> > # ##########################################################
>>>>> > if (req.method != "GET" &&
>>>>> > req.method != "HEAD" &&
>>>>> > req.method != "PUT" &&
>>>>> > req.method != "POST" &&
>>>>> > req.method != "TRACE" &&
>>>>> > req.method != "OPTIONS" &&
>>>>> > req.method != "DELETE") {
>>>>> > return (pipe);
>>>>> > }
>>>>> >
>>>>> > # ONLY CACHE GET AND HEAD REQUESTS
>>>>> > # ##########################################################
>>>>> > if (req.method != "GET" && req.method != "HEAD") {
>>>>> > return (pass);
>>>>> > }
>>>>> >
>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH
>>>>> TOO, EITHER
>>>>> > # COMMENT OR UNCOMMENT BOTH
>>>>> > # ##########################################################
>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) {
>>>>> > return( pass );
>>>>> > }
>>>>> >
>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
>>>>> > # THEN UNSET THE COOKIES
>>>>> > # ##########################################################
>>>>> > if (!(req.url ~ "wp-(login|admin)")
>>>>> > && !(req.url ~ "&preview=true" )
>>>>> > ){
>>>>> > unset req.http.cookie;
>>>>> > }
>>>>> >
>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE
>>>>> > # ##########################################################
>>>>> > if (req.http.Authorization || req.http.Cookie) {
>>>>> > return (pass);
>>>>> > }
>>>>> >
>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
>>>>> > # ##########################################################
>>>>> > return (hash);
>>>>> > # This is for phpmyadmin
>>>>> > if (req.http.Host == "ki1.org") {
>>>>> > return (pass);
>>>>> > }
>>>>> >
>>>>> > if (req.http.Host == "mysql.ki1.org") {
>>>>> > return (pass);
>>>>> > }
>>>>> >
>>>>> > }
>>>>> >
>>>>> > # HIT FUNCTION
>>>>> > # ##########################################################
>>>>> > sub vcl_hit {
>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
>>>>> > # ##########################################################
>>>>> > if (req.method == "PURGE") {
>>>>> > #
>>>>> > # This is now handled in vcl_recv.
>>>>> > #
>>>>> > # purge;
>>>>> > return (synth(200, "Purged."));
>>>>> > }
>>>>> > return (deliver);
>>>>> > }
>>>>> >
>>>>> > # MISS FUNCTION
>>>>> > # ##########################################################
>>>>> > sub vcl_miss {
>>>>> > if (req.method == "PURGE") {
>>>>> > #
>>>>> > # This is now handled in vcl_recv.
>>>>> > #
>>>>> > # purge;
>>>>> > return (synth(200, "Purged."));
>>>>> > }
>>>>> > return (fetch);
>>>>> > }
>>>>> >
>>>>> > # FETCH FUNCTION
>>>>> > # ##########################################################
>>>>> > sub vcl_backend_response {
>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
>>>>> > # TO DO THIS
>>>>> > # ##########################################################
>>>>> > set beresp.http.Vary = "Accept-Encoding";
>>>>> >
>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>>>>> > # ##########################################################
>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>> "wordpress_logged_in" ) {
>>>>> > unset beresp.http.set-cookie;
>>>>> > set beresp.ttl = 52w;
>>>>> > # set beresp.grace =1w;
>>>>> > }
>>>>> >
>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>>> > set beresp.uncacheable = true;
>>>>> > set beresp.ttl = 1w;
>>>>> > return (deliver);
>>>>> > }
>>>>> >
>>>>> >
>>>>> > if (beresp.ttl <= 0s ||
>>>>> > beresp.http.Set-Cookie ||
>>>>> > beresp.http.Vary == "*") {
>>>>> > set beresp.ttl = 120 s;
>>>>> > # set beresp.ttl = 120s;
>>>>> > set beresp.uncacheable = true;
>>>>> > return (deliver);
>>>>> > }
>>>>> >
>>>>> > return (deliver);
>>>>> > }
>>>>> >
>>>>> > # DELIVER FUNCTION
>>>>> > # ##########################################################
>>>>> > sub vcl_deliver {
>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING)
>>>>> > # ##########################################################
>>>>> > if (obj.hits > 0) {
>>>>> > set resp.http.X-Cache = "HIT";
>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER
>>>>> > # ##########################################################
>>>>> > } else {
>>>>> > set resp.http.X-Cache = "MISS";
>>>>> > }
>>>>> > }
>>>>> >
>>>>> >
>>>>> >
>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>>>>> >>
>>>>> >> correction:
>>>>> >>
>>>>> >> sub vcl_recv {
>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") {
>>>>> >> return (pass);
>>>>> >> }
>>>>> >> }
>>>>> >>
>>>>> >> sub vcl_backend_response {
>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>>> >> set beresp.uncacheable = true;
>>>>> >> set beresp.ttl = 1w;
>>>>> >> return (deliver);
>>>>> >> }
>>>>> >> }
>>>>> >>
>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>>>>> >>>
>>>>> >>> Hello,
>>>>> >>>
>>>>> >>> Aside from the provided VCL being for WordPress, while you're
>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick
>>>>> fix is:
>>>>> >>>
>>>>> >>> sub vcl_recv {
>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") {
>>>>> >>> return (pass);
>>>>> >>> }
>>>>> >>> }
>>>>> >>>
>>>>> >>> sub vcl_backend_response {
>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") {
>>>>> >>> set beresp.uncacheable = true;
>>>>> >>> set beresp.ttl = 1w;
>>>>> >>> return (deliver);
>>>>> >>> }
>>>>> >>> }
>>>>> >>>
>>>>> >>> However, I suggest auditing your VCL, and only including rules
>>>>> specific to the application(s) which you are running.
>>>>> >>>
>>>>> >>>
>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>> >>>>
>>>>> >>>> Users can't login or register to domain.com/forum with the
>>>>> current settings. So we need to make a change related to xf_user and
>>>>> xf_session but how?
>>>>> >>>>
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>> >>>>>
>>>>> >>>>> If you want Varnish to ignore request for a path you need to
>>>>> tell it to pass. In your example you have a rule for the RSS feed. You can
>>>>> do the same for /forum/ in your vcl_recv block.
>>>>> >>>>>
>>>>> >>>>> *# DO NOT CACHE RSS FEED*
>>>>> >>>>> * if (req.url ~ "/feed(/)?") {*
>>>>> >>>>> * return ( pass ); *
>>>>> >>>>> *}*
>>>>> >>>>>
>>>>> >>>>> *# DO NOT CACHE FORUM*
>>>>> >>>>> if (req.url ~ "/forum(/)?") {
>>>>> >>>>> return ( pass );
>>>>> >>>>> }
>>>>> >>>>>
>>>>> >>>>> Cheers,
>>>>> >>>>> Richard
>>>>> >>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> Message: 1
>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>> >>>>>> Subject: XenForo default.vcl settings
>>>>> >>>>>> Message-ID:
>>>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe
>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com>
>>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>>> >>>>>>
>>>>> >>>>>> Hi,
>>>>> >>>>>>
>>>>> >>>>>> Could you please share the appropriate Default.vcl settings for
>>>>> XenForo
>>>>> >>>>>> Forums? No one can register to the forum at the moment. My
>>>>> current
>>>>> >>>>>> Default.vcl settings are as follows.
>>>>> >>>>>>
>>>>> >>>>>> Forum address: domain.com/forum
>>>>> >>>>>>
>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>>> >>>>>> * * *********************************************************/*
>>>>> >>>>>> *vcl 4.0;*
>>>>> >>>>>> *import std;*
>>>>> >>>>>>
>>>>> >>>>>> *backend default {*
>>>>> >>>>>> * .host = "*******";*
>>>>> >>>>>> * .port = "8080";*
>>>>> >>>>>> * .connect_timeout = 600s;*
>>>>> >>>>>> * .first_byte_timeout = 600s;*
>>>>> >>>>>> * .between_bytes_timeout = 600s;*
>>>>> >>>>>> * .max_connections = 800;*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *acl purge {*
>>>>> >>>>>> * "localhost";*
>>>>> >>>>>> * "127.0.0.1";*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *#THE RECV FUNCTION*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *sub vcl_recv {*
>>>>> >>>>>>
>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for
>>>>> various
>>>>> >>>>>> checks*
>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>>> "[, ].*$",
>>>>> >>>>>> ""); *
>>>>> >>>>>>
>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>> >>>>>> * if (req.restarts == 0) {*
>>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> >>>>>> * } else {*
>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>> >>>>>> * }*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge
>>>>> and ban*
>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>>> >>>>>> * # ##########################################################*
>>>>> >>>>>>
>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss*
>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> >>>>>> purge) {*
>>>>> >>>>>> * set req.hash_always_miss = true;*
>>>>> >>>>>> * }*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *if (req.method == "PURGE") {*
>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> >>>>>> purge) {*
>>>>> >>>>>> * return(synth(405,"Not allowed."));*
>>>>> >>>>>> * }*
>>>>> >>>>>> * return (purge);*
>>>>> >>>>>>
>>>>> >>>>>> * }*
>>>>> >>>>>> *if (req.method == "BAN") {*
>>>>> >>>>>> * # Same ACL check as above:*
>>>>> >>>>>> * if (!client.ip ~ purge ||
>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>>>> >>>>>> ~ purge) {*
>>>>> >>>>>> * return(synth(403, "Not allowed."));*
>>>>> >>>>>> * }*
>>>>> >>>>>> * ban("req.http.host == " + req.http.host +*
>>>>> >>>>>> * " && req.url == " + req.url);*
>>>>> >>>>>>
>>>>> >>>>>> * # Throw a synthetic page so the*
>>>>> >>>>>> * # request won't go to the backend.*
>>>>> >>>>>> * return(synth(200, "Ban added"));*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> *# Unset cloudflare cookies*
>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>> >>>>>> * # Remove a ";" prefix, if present.*
>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>>>> "");*
>>>>> >>>>>>
>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not
>>>>> caching)
>>>>> >>>>>> uncomment*
>>>>> >>>>>> * # return( pass );*
>>>>> >>>>>>
>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>> >>>>>> * if (req.restarts == 0) {*
>>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> >>>>>> * } else {*
>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>> >>>>>> * }*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> *# DO NOT CACHE RSS FEED*
>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>> >>>>>> * return ( pass ); *
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you
>>>>> do want to
>>>>> >>>>>> cache them*
>>>>> >>>>>>
>>>>> >>>>>> *if (req.url ~ "/\?s\=") {*
>>>>> >>>>>> * return ( pass ); *
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>> ACCEPT-ENCODING*
>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (req.http.Accept-Encoding) {*
>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>>>> {*
>>>>> >>>>>> * # No point in compressing these*
>>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>>> >>>>>> * } else {*
>>>>> >>>>>> * # unknown algorithm*
>>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>>> >>>>>> * }*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (req.method != "GET" &&*
>>>>> >>>>>> * req.method != "HEAD" &&*
>>>>> >>>>>> * req.method != "PUT" && *
>>>>> >>>>>> * req.method != "POST" &&*
>>>>> >>>>>> * req.method != "TRACE" &&*
>>>>> >>>>>> * req.method != "OPTIONS" &&*
>>>>> >>>>>> * req.method != "DELETE") {*
>>>>> >>>>>> * return (pipe);*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>>> >>>>>> * return (pass);*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>>>> FETCH TOO,
>>>>> >>>>>> EITHER*
>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>> >>>>>> * return( pass );*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>>> >>>>>> * # THEN UNSET THE COOKIES*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) *
>>>>> >>>>>> * ){*
>>>>> >>>>>> * unset req.http.cookie;*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>>> >>>>>> * return (pass);*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * return (hash);*
>>>>> >>>>>> * # This is for phpmyadmin*
>>>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>> >>>>>> *return (pass);*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>")
>>>>> {*
>>>>> >>>>>> *return (pass);*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# HIT FUNCTION*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *sub vcl_hit {*
>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (req.method == "PURGE") {*
>>>>> >>>>>> * #*
>>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>>> >>>>>> * #*
>>>>> >>>>>> * # purge;*
>>>>> >>>>>> * return (synth(200, "Purged."));*
>>>>> >>>>>> * }*
>>>>> >>>>>> * return (deliver);*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# MISS FUNCTION*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *sub vcl_miss {*
>>>>> >>>>>> * if (req.method == "PURGE") {*
>>>>> >>>>>> * #*
>>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>>> >>>>>> * #*
>>>>> >>>>>> * # purge;*
>>>>> >>>>>> * return (synth(200, "Purged."));*
>>>>> >>>>>> * }*
>>>>> >>>>>> * return (fetch);*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# FETCH FUNCTION*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *sub vcl_backend_response {*
>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>> >>>>>> * # TO DO THIS*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>> >>>>>>
>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>> >>>>>> "wordpress_logged_in" ) {*
>>>>> >>>>>> * unset beresp.http.set-cookie;*
>>>>> >>>>>> * set beresp.ttl = 52w;*
>>>>> >>>>>> *# set beresp.grace =1w;*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * if (beresp.ttl <= 0s ||*
>>>>> >>>>>> * beresp.http.Set-Cookie ||*
>>>>> >>>>>> * beresp.http.Vary == "*") {*
>>>>> >>>>>> * set beresp.ttl = 120 s;*
>>>>> >>>>>> * # set beresp.ttl = 120s;*
>>>>> >>>>>> * set beresp.uncacheable = true;*
>>>>> >>>>>> * return (deliver);*
>>>>> >>>>>> * }*
>>>>> >>>>>>
>>>>> >>>>>> * return (deliver);*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>> *# DELIVER FUNCTION*
>>>>> >>>>>> *# ##########################################################*
>>>>> >>>>>> *sub vcl_deliver {*
>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * if (obj.hits > 0) {*
>>>>> >>>>>> * set resp.http.X-Cache = "HIT";*
>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>> >>>>>> * # ##############################
>>>>> ############################*
>>>>> >>>>>> * } else {*
>>>>> >>>>>> * set resp.http.X-Cache = "MISS";*
>>>>> >>>>>> * }*
>>>>> >>>>>> *}*
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> Thanks,
>>>>> >>>>>> -------------- next part --------------
>>>>> >>>>>> An HTML attachment was scrubbed...
>>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/
>>>>> attachment-0001.html>
>>>>> >>>>>>
>>>>> >>>>>> ------------------------------
>>>>> >>>>>>
>>>>> >>>>>> Message: 2
>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>> >>>>>> Subject: Re: XenForo default.vcl settings
>>>>> >>>>>> Message-ID:
>>>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5
>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com>
>>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>>> >>>>>>
>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo.
>>>>> However, solutions
>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>>>> >>>>>>
>>>>> >>>>>> xf_session_admin
>>>>> >>>>>> xf_user
>>>>> >>>>>> xf_session
>>>>> >>>>>>
>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in *
>>>>> domain.com/forum
>>>>> >>>>>> <http://domain.com/forum>*
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>>
>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
>>>>> ayberk.kimsesiz at gmail.com>:
>>>>> >>>>>>
>>>>> >>>>>> > Hi,
>>>>> >>>>>> >
>>>>> >>>>>> > Could you please share the appropriate Default.vcl settings
>>>>> for XenForo
>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My
>>>>> current
>>>>> >>>>>> > Default.vcl settings are as follows.
>>>>> >>>>>> >
>>>>> >>>>>> > Forum address: domain.com/forum
>>>>> >>>>>> >
>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>>> >>>>>> > * * ******************************
>>>>> ***************************/*
>>>>> >>>>>> > *vcl 4.0;*
>>>>> >>>>>> > *import std;*
>>>>> >>>>>> >
>>>>> >>>>>> > *backend default {*
>>>>> >>>>>> > * .host = "*******";*
>>>>> >>>>>> > * .port = "8080";*
>>>>> >>>>>> > * .connect_timeout = 600s;*
>>>>> >>>>>> > * .first_byte_timeout = 600s;*
>>>>> >>>>>> > * .between_bytes_timeout = 600s;*
>>>>> >>>>>> > * .max_connections = 800;*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *acl purge {*
>>>>> >>>>>> > * "localhost";*
>>>>> >>>>>> > * "127.0.0.1";*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *#THE RECV FUNCTION*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *sub vcl_recv {*
>>>>> >>>>>> >
>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used
>>>>> for various
>>>>> >>>>>> > checks*
>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>>> "[, ].*$",
>>>>> >>>>>> > ""); *
>>>>> >>>>>> >
>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>> >>>>>> > * if (req.restarts == 0) {*
>>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> >>>>>> > * } else {*
>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge
>>>>> and ban*
>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> >
>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> >>>>>> > purge) {*
>>>>> >>>>>> > * set req.hash_always_miss = true;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *if (req.method == "PURGE") {*
>>>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>> "1.2.3.4") ~
>>>>> >>>>>> > purge) {*
>>>>> >>>>>> > * return(synth(405,"Not allowed."));*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * return (purge);*
>>>>> >>>>>> >
>>>>> >>>>>> > * }*
>>>>> >>>>>> > *if (req.method == "BAN") {*
>>>>> >>>>>> > * # Same ACL check as above:*
>>>>> >>>>>> > * if (!client.ip ~ purge ||
>>>>> !std.ip(req.http.X-Actual-IP,
>>>>> >>>>>> > "1.2.3.4") ~ purge) {*
>>>>> >>>>>> > * return(synth(403, "Not allowed."));*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +*
>>>>> >>>>>> > * " && req.url == " + req.url);*
>>>>> >>>>>> >
>>>>> >>>>>> > * # Throw a synthetic page so the*
>>>>> >>>>>> > * # request won't go to the backend.*
>>>>> >>>>>> > * return(synth(200, "Ban added"));*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> >
>>>>> >>>>>> > *# Unset cloudflare cookies*
>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>> >>>>>> > * # Remove a ";" prefix, if present.*
>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>>>> "");*
>>>>> >>>>>> >
>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing
>>>>> (not caching)
>>>>> >>>>>> > uncomment*
>>>>> >>>>>> > * # return( pass );*
>>>>> >>>>>> >
>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>> >>>>>> > * if (req.restarts == 0) {*
>>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>> >>>>>> > * } else {*
>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > *# DO NOT CACHE RSS FEED*
>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>>> >>>>>> > * return ( pass ); *
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if you
>>>>> do want to
>>>>> >>>>>> > cache them*
>>>>> >>>>>> >
>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {*
>>>>> >>>>>> > * return ( pass ); *
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>> ACCEPT-ENCODING*
>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (req.http.Accept-Encoding) {*
>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>>>> {*
>>>>> >>>>>> > * # No point in compressing these*
>>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>>> >>>>>> > * } else {*
>>>>> >>>>>> > * # unknown algorithm*
>>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (req.method != "GET" &&*
>>>>> >>>>>> > * req.method != "HEAD" &&*
>>>>> >>>>>> > * req.method != "PUT" && *
>>>>> >>>>>> > * req.method != "POST" &&*
>>>>> >>>>>> > * req.method != "TRACE" &&*
>>>>> >>>>>> > * req.method != "OPTIONS" &&*
>>>>> >>>>>> > * req.method != "DELETE") {*
>>>>> >>>>>> > * return (pipe);*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>>> >>>>>> > * return (pass);*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>>>> FETCH TOO,
>>>>> >>>>>> > EITHER*
>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>> >>>>>> > * return( pass );*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR
>>>>> WP-LOGIN*
>>>>> >>>>>> > * # THEN UNSET THE COOKIES*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>>> >>>>>> > * ){*
>>>>> >>>>>> > * unset req.http.cookie;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>>> >>>>>> > * return (pass);*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * return (hash);*
>>>>> >>>>>> > * # This is for phpmyadmin*
>>>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>> >>>>>> > *return (pass);*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>")
>>>>> {*
>>>>> >>>>>> > *return (pass);*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# HIT FUNCTION*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *sub vcl_hit {*
>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>>> >>>>>> > * #*
>>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>>> >>>>>> > * #*
>>>>> >>>>>> > * # purge;*
>>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * return (deliver);*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# MISS FUNCTION*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *sub vcl_miss {*
>>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>>> >>>>>> > * #*
>>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>>> >>>>>> > * #*
>>>>> >>>>>> > * # purge;*
>>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > * return (fetch);*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# FETCH FUNCTION*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *sub vcl_backend_response {*
>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT
>>>>> WANT*
>>>>> >>>>>> > * # TO DO THIS*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>>> >>>>>> >
>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>>> *
>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") &&
>>>>> !bereq.http.cookie ~
>>>>> >>>>>> > "wordpress_logged_in" ) {*
>>>>> >>>>>> > * unset beresp.http.set-cookie;*
>>>>> >>>>>> > * set beresp.ttl = 52w;*
>>>>> >>>>>> > *# set beresp.grace =1w;*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * if (beresp.ttl <= 0s ||*
>>>>> >>>>>> > * beresp.http.Set-Cookie ||*
>>>>> >>>>>> > * beresp.http.Vary == "*") {*
>>>>> >>>>>> > * set beresp.ttl = 120 s;*
>>>>> >>>>>> > * # set beresp.ttl = 120s;*
>>>>> >>>>>> > * set beresp.uncacheable = true;*
>>>>> >>>>>> > * return (deliver);*
>>>>> >>>>>> > * }*
>>>>> >>>>>> >
>>>>> >>>>>> > * return (deliver);*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> > *# DELIVER FUNCTION*
>>>>> >>>>>> > *# ##############################
>>>>> ############################*
>>>>> >>>>>> > *sub vcl_deliver {*
>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * if (obj.hits > 0) {*
>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";*
>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>> >>>>>> > * # ##############################
>>>>> ############################*
>>>>> >>>>>> > * } else {*
>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";*
>>>>> >>>>>> > * }*
>>>>> >>>>>> > *}*
>>>>> >>>>>> >
>>>>> >>>>>> >
>>>>> >>>>>> > Thanks,
>>>>> >>>>>> >
>>>>> >>>>>> -------------- next part --------------
>>>>> >>>>>> An HTML attachment was scrubbed...
>>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/
>>>>> attachment.html>
>>>>> >>>>>>
>>>>> >>>>>> ------------------------------
>>>>> >>>>>>
>>>>> >>>>>> _______________________________________________
>>>>> >>>>>> varnish-misc mailing list
>>>>> >>>>>> varnish-misc at varnish-cache.org
>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish
>>>>> -misc
>>>>> >>>>>>
>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>>> >>>>>> *********************************************
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>>
>>>>> >>>>> _______________________________________________
>>>>> >>>>> varnish-misc mailing list
>>>>> >>>>> varnish-misc at varnish-cache.org
>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish
>>>>> -misc
>>>>> >>>>
>>>>> >>>>
>>>>> >>>>
>>>>> >>>> _______________________________________________
>>>>> >>>> varnish-misc mailing list
>>>>> >>>> varnish-misc at varnish-cache.org
>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>> >>>
>>>>> >>>
>>>>> >>
>>>>> >
>>>>>
>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/6d7439d8/attachment-0001.html>
More information about the varnish-misc
mailing list