<div dir="ltr"><div>This issue really wore me out :) </div><div><br></div><div>What i want is the ability to login XenForo while Varnish continuing to work, so no MISS. Solutions here prevent Varnish from working. In fact, a very simple matter so again i want your help. To ensure Wordpress leaves cookie control to XenForo will be sufficient.</div><div><br></div><div><b>XenForo's login and register links:</b></div><div><br></div><div><div>/forum/login.php</div><div>/forum/register.php</div></div><div><br></div><div><b>XenForo's cookie control:</b></div><div><br></div><div><div>xf_session</div></div><div><br></div><div><b>Wordpress login and register links:</b></div><div><br></div><div><div>wp-admin</div><div>wp-login</div></div><div><br></div><div><b>Wordpress' cookie control:</b></div><div><br></div><div>wordpress_logged_in<br></div><div><br></div><div><div><i>1- if ( req.http.cookie ~ "wordpress_logged_in" ) {</i></div><div><i> return( pass );</i></div><div><i> }</i></div></div><div><i><br></i></div><div><i>2- if (!(req.url ~ "wp-(login|admin)") </i></div><div><i> && !(req.url ~ "&preview=true" ) </i></div><div><i> ){</i></div><div><i> unset req.http.cookie;</i></div><div><i> }</i></div><div><i><br></i></div><div><i>3- sub vcl_backend_response {</i></div><div><i> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {</i></div><div><i> unset beresp.http.set-cookie;</i></div><div><i> set beresp.ttl = 52w;</i></div><div><i> }</i></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-05 15:36 GMT+03:00 Lane, Richard <span dir="ltr"><<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Can you send more of the log that shows a full /request response of a MISS?<div><br></div><div>This line right here is going to cause most request to be a MISS because it is only checking the existence of Cookie and not a specific cookie.</div><span class=""><div><br></div><div><div style="color:rgb(80,0,80);font-size:12.8px"> # IF BASIC AUTH IS ON THEN DO NOT CACHE</div><div style="color:rgb(80,0,80);font-size:12.8px"> # ##############################<wbr>############################</div><div style="color:rgb(80,0,80);font-size:12.8px"> if (req.http.Authorization || req.http.Cookie) {</div><div style="color:rgb(80,0,80);font-size:12.8px"> return (pass);</div><div style="color:rgb(80,0,80);font-size:12.8px"> }</div></div></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 5, 2016 at 2:44 AM, Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi again,</div><div><br></div><div>I deleted all the Wordpress records and only added the following to xenForo. People can now login to forum but Varnish shows MISS once again. What kind of setting should i use?</div><div><br></div><div><span><div>/* SET THE HOST AND PORT OF WORDPRESS</div><div> * ******************************<wbr>***************************/</div><div>vcl 4.0;</div><div>import std;</div><div><br></div><div>backend default {</div></span><div> .host = "*****''</div><span><div> .port = "8080";</div><div> .connect_timeout = 600s;</div><div> .first_byte_timeout = 600s;</div><div> .between_bytes_timeout = 600s;</div><div> .max_connections = 800;</div><div>}</div><div> </div><div># SET THE ALLOWED IP OF PURGE REQUESTS</div><div># ##############################<wbr>############################</div><div>acl purge {</div><div> "localhost";</div><div> "127.0.0.1";</div><div>}</div><div><br></div><div>#THE RECV FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_recv {</div><div><br></div></span><div><div><div># set realIP by trimming CloudFlare IP which will be used for various checks</div><div>set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-Fo<wbr>r, "[, ].*$", ""); </div><div><br></div><div> # FORWARD THE IP OF THE REQUEST</div><div> if (req.restarts == 0) {</div><div> if (req.http.x-forwarded-for) {</div><div> set req.http.X-Forwarded-For =</div><div> req.http.X-Forwarded-For + ", " + client.ip;</div><div> } else {</div><div> set req.http.X-Forwarded-For = client.ip;</div><div> }</div><div> }</div><div><br></div><div> # Purge request check sections for hash_always_miss, purge and ban</div><div> # BLOCK IF NOT IP is not in purge acl</div><div> # ##############################<wbr>############################</div><div><br></div><div> # Enable smart refreshing using hash_always_miss</div><div>if (req.http.Cache-Control ~ "no-cache") {</div><div> if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {</div><div> set req.hash_always_miss = true;</div><div> }</div><div>}</div><div><br></div><div>if (req.method == "PURGE") {</div><div> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {</div><div> return(synth(405,"Not allowed."));</div><div> }</div><div> return (purge);</div><div><br></div><div> }</div><div>if (req.method == "BAN") {</div><div> # Same ACL check as above:</div><div> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {</div><div> return(synth(403, "Not allowed."));</div><div> }</div><div> ban("req.http.host == " + req.http.host +</div><div> " && req.url == " + req.url);</div><div><br></div><div> # Throw a synthetic page so the</div><div> # request won't go to the backend.</div><div> return(synth(200, "Ban added"));</div><div>}</div><div><br></div><div># Unset cloudflare cookies</div><div># Remove has_js and CloudFlare/Google Analytics __* cookies.</div><div> set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;<wbr>]*", "");</div><div> # Remove a ";" prefix, if present.</div><div> set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");</div><div><br></div><div> # For Testing: If you want to test with Varnish passing (not caching) uncomment</div><div> # return( pass );</div><div><br></div><div> # FORWARD THE IP OF THE REQUEST</div><div> if (req.restarts == 0) {</div><div> if (req.http.x-forwarded-for) {</div><div> set req.http.X-Forwarded-For =</div><div> req.http.X-Forwarded-For + ", " + client.ip;</div><div> } else {</div><div> set req.http.X-Forwarded-For = client.ip;</div><div> }</div><div> }</div><div><br></div><div># DO NOT CACHE RSS FEED</div><div> if (req.url ~ "/feed(/)?") {</div><div> return ( pass ); </div><div>}</div><div><br></div><div>## Do not cache search results, comment these 3 lines if you do want to cache them</div><div><br></div><div>if (req.url ~ "/\?s\=") {</div><div> return ( pass ); </div><div>}</div><div><br></div><div># CLEAN UP THE ENCODING HEADER.</div><div> # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING</div><div> # VARNISH WILL CREATE SEPARATE CACHES FOR EACH</div><div> # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.</div><div> # ##############################<wbr>############################</div><div> if (req.http.Accept-Encoding) {</div><div> if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz<wbr>|mp3|ogg)$") {</div><div> # No point in compressing these</div><div> unset req.http.Accept-Encoding;</div><div> } elsif (req.http.Accept-Encoding ~ "gzip") {</div><div> set req.http.Accept-Encoding = "gzip";</div><div> } elsif (req.http.Accept-Encoding ~ "deflate") {</div><div> set req.http.Accept-Encoding = "deflate";</div><div> } else {</div><div> # unknown algorithm</div><div> unset req.http.Accept-Encoding;</div><div> }</div><div> }</div><div><br></div><div> # PIPE ALL NON-STANDARD REQUESTS</div><div> # ##############################<wbr>############################</div><div> if (req.method != "GET" &&</div><div> req.method != "HEAD" &&</div><div> req.method != "PUT" && </div><div> req.method != "POST" &&</div><div> req.method != "TRACE" &&</div><div> req.method != "OPTIONS" &&</div><div> req.method != "DELETE") {</div><div> return (pipe);</div><div> }</div><div> </div><div> # ONLY CACHE GET AND HEAD REQUESTS</div><div> # ##############################<wbr>############################</div><div> if (req.method != "GET" && req.method != "HEAD") {</div><div> return (pass);</div><div> }</div><div> </div><div> # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER</div><div> # COMMENT OR UNCOMMENT BOTH</div><div> # ##############################<wbr>############################</div><div><br></div><div> </div></div></div><span><div> # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN</div><div> # THEN UNSET THE COOKIES</div><div> # ##############################<wbr>############################</div><div><br></div><div><br></div></span><div><div><div> # IF BASIC AUTH IS ON THEN DO NOT CACHE</div><div> # ##############################<wbr>############################</div><div> if (req.http.Authorization || req.http.Cookie) {</div><div> return (pass);</div><div> }</div><div> </div><div> # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED</div><div> # ##############################<wbr>############################</div><div> return (hash);</div><div> # This is for phpmyadmin</div><div>if (req.http.Host == "<a href="http://ki1.org" target="_blank">ki1.org</a>") {</div><div>return (pass);</div><div>}</div><div><br></div><div>if (req.http.Host == "<a href="http://mysql.ki1.org" target="_blank">mysql.ki1.org</a>") {</div><div>return (pass);</div><div>}</div><div><br></div><div>}</div><div><br></div><div># HIT FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_hit {</div><div> # IF THIS IS A PURGE REQUEST THEN DO THE PURGE</div><div> # ##############################<wbr>############################</div><div> if (req.method == "PURGE") {</div><div> #</div><div> # This is now handled in vcl_recv.</div><div> #</div><div> # purge;</div><div> return (synth(200, "Purged."));</div><div> }</div><div> return (deliver);</div><div>}</div><div><br></div><div># MISS FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_miss {</div><div> if (req.method == "PURGE") {</div><div> #</div><div> # This is now handled in vcl_recv.</div><div> #</div><div> # purge;</div><div> return (synth(200, "Purged."));</div><div> }</div><div> return (fetch);</div><div>}</div><div><br></div><div># FETCH FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_backend_response {</div></div></div><div><div><div> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {</div><div> set beresp.uncacheable = true;</div><div> set beresp.ttl = 1w;</div><div> return (deliver);</div><div> }</div><div><br></div><div> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC </div><div> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT</div><div> # TO DO THIS</div><div> # ##############################<wbr>############################</div><div> set beresp.http.Vary = "Accept-Encoding";</div><div><br></div><div> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF </div><div> # TIME THIS PAGE WILL STAY CACHED (TTL)</div><div> # ##############################<wbr>############################</div><div><br></div><div><br></div><div> if (beresp.ttl <= 0s ||</div><div> beresp.http.Set-Cookie ||</div><div> beresp.http.Vary == "*") {</div><div> set beresp.ttl = 120 s;</div><div> # set beresp.ttl = 120s;</div><div> set beresp.uncacheable = true;</div><div> return (deliver);</div><div> }</div><div><br></div><div> return (deliver);</div><div>}</div><div><br></div><div># DELIVER FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_deliver {</div><div> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT </div><div> # IN THE HEADER (GREAT FOR DEBUGGING)</div><div> # ##############################<wbr>############################</div><div> if (obj.hits > 0) {</div><div> set resp.http.X-Cache = "HIT";</div><div> # IF THIS IS A MISS RETURN THAT IN THE HEADER</div><div> # ##############################<wbr>############################</div><div> } else {</div><div> set resp.http.X-Cache = "MISS";</div><div> }</div><div>}</div></div></div></div><div><br></div><div><br></div><div><b>Wordpress: </b></div><div><br></div><div>Accept-Ranges<span style="white-space:pre-wrap"> </span>bytes</div><div>Age<span style="white-space:pre-wrap"> </span>0</div><div>Cache-Control<span style="white-space:pre-wrap"> </span>max-age=3600, public</div><div>Connection<span style="white-space:pre-wrap"> </span>keep-alive</div><div>Content-Encoding<span style="white-space:pre-wrap"> </span>gzip</div><div>Content-Type<span style="white-space:pre-wrap"> </span>text/html</div><div>Date<span style="white-space:pre-wrap"> </span>Fri, 05 Aug 2016 07:34:11 GMT</div><div>Etag<span style="white-space:pre-wrap"> </span>9090a91bf774ce89d892f8dd7fedd5<wbr>27</div><div>Expires<span style="white-space:pre-wrap"> </span>Fri, 05 Aug 2016 08:34:11 GMT</div><div>Last-Modified<span style="white-space:pre-wrap"> </span>Thu, 01 Jan 1970 00:00:00 GMT</div><div>Pragma<span style="white-space:pre-wrap"> </span>public</div><div>Server<span style="white-space:pre-wrap"> </span>Apache/2</div><div>Transfer-Encoding<span style="white-space:pre-wrap"> </span>chunked</div><span><div>Vary<span style="white-space:pre-wrap"> </span>Accept-Encoding</div><div>Via<span style="white-space:pre-wrap"> </span>1.1 varnish-v4</div><div>X-Cache<span style="white-space:pre-wrap"> </span>MISS</div></span><div>X-Powered-By<span style="white-space:pre-wrap"> </span>W3 Total Cache/<a href="http://0.9.4.1" target="_blank">0.9.4.1</a></div><div>X-Varnish<span style="white-space:pre-wrap"> </span>3048080</div><div><br></div><div><b>xenForo</b></div><span><div><br></div><div>Accept-Ranges<span style="white-space:pre-wrap"> </span>bytes</div><div>Age<span style="white-space:pre-wrap"> </span>0</div><div>Cache-control<span style="white-space:pre-wrap"> </span>private, max-age=0</div></span><div>Connection<span style="white-space:pre-wrap"> </span>keep-alive</div><div>Content-Encoding<span style="white-space:pre-wrap"> </span>gzip</div><div>Content-Length<span style="white-space:pre-wrap"> </span>11721</div><div>Content-Type<span style="white-space:pre-wrap"> </span>text/html; charset=UTF-8</div><div>Date<span style="white-space:pre-wrap"> </span>Fri, 05 Aug 2016 07:35:03 GMT</div><span><div>Expires<span style="white-space:pre-wrap"> </span>Thu, 19 Nov 1981 08:52:00 GMT</div></span><div>Last-Modified<span style="white-space:pre-wrap"> </span>Fri, 05 Aug 2016 07:35:03 GMT</div><span><div>Server<span style="white-space:pre-wrap"> </span>Apache/2</div><div>Vary<span style="white-space:pre-wrap"> </span>Accept-Encoding</div><div>Via<span style="white-space:pre-wrap"> </span>1.1 varnish-v4</div><div>X-Cache<span style="white-space:pre-wrap"> </span>MISS</div></span><div>X-Frame-Options<span style="white-space:pre-wrap"> </span>SAMEORIGIN</div><div>X-Powered-By<span style="white-space:pre-wrap"> </span>PHP/5.5.34</div><div>X-Varnish<span style="white-space:pre-wrap"> </span>3277302</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 23:54 GMT+03:00 Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div>I added the code but it FAILED. In fact, i want to make people to be able to login and register to /forum.</div><div>When i use these codes that works but MISS appears at the same time.<br></div></div><div><div><div><br></div><div># FETCH FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_backend_response { </div><div><br></div><div> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC </div><div> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT</div><div> # TO DO THIS</div><div> # ##############################<wbr>############################</div><div> set beresp.http.Vary = "Accept-Encoding";</div><div><br></div><div> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF </div><div> # TIME THIS PAGE WILL STAY CACHED (TTL)</div><div> # ##############################<wbr>############################</div><div><b>if (beresp.http.Set-Cookie ~ "xf_(session|user)") </b></div><div><b>{ set beresp.uncacheable = true;</b></div><div><b> set beresp.ttl = 1w;</b></div><div><b> return (deliver);</b></div><div><b> }</b></div><div><br></div><div> if (beresp.ttl <= 0s ||</div><div> beresp.http.Set-Cookie ||</div><div> beresp.http.Vary == "*") {</div><div> set beresp.ttl = 120 s;</div><div> # set beresp.ttl = 120s;</div><div> set beresp.uncacheable = true;</div><div> return (deliver);</div><div> }</div><div><br></div><div> return (deliver);</div><div>}</div><div><br></div><div># DELIVER FUNCTION</div><div># ##############################<wbr>############################</div><div>sub vcl_deliver {</div><div> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT </div><div> # IN THE HEADER (GREAT FOR DEBUGGING)</div><div> # ##############################<wbr>############################</div><div> if (obj.hits > 0) {</div><div> set resp.http.X-Cache = "HIT";</div><div> # IF THIS IS A MISS RETURN THAT IN THE HEADER</div><div> # ##############################<wbr>############################</div><div> } else {</div><div> set resp.http.X-Cache = "MISS";</div><div> }</div><div>}</div></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 22:50 GMT+03:00 Lane, Richard <span dir="ltr"><<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">This was what I was talking about when I said you may need additional logic to handle both.<div><br></div><div>You will need to add the cookie check along with the path for forum to that pass block. So something like...</div><div><br></div><div><div style="color:rgb(80,0,80);font-size:12.8px"><span style="font-size:12.8px"> if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') {</span></div><div style="color:rgb(80,0,80);font-size:12.8px"><span style="font-size:12.8px"> return (pass);</span></div><div style="color:rgb(80,0,80);font-size:12.8px"><span style="font-size:12.8px"> }</span></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yes, i want /forum to be MISS, there is no problem. However, Wordpress (homepage) shows MISS too.<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 22:34 GMT+03:00 Lane, Richard <span dir="ltr"><<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">If you PASS then your request will not be cached. Varnish marks these non-cached items as a MISS since they go to the backend each time and therefore a miss and not a hit on cache.<div><br></div><div>What were you expecting? Is this still requests with the forum cookies?</div><div><br></div><div>If you want to cache request from logged in users you will need to add the specific user cookies to the hash so each user served their cached copy.</div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>If i use the given settings MISS appears in the Header.</div><div><br></div><div><div>Accept-Ranges<span style="white-space:pre-wrap"> </span>bytes</div><div>Age<span style="white-space:pre-wrap"> </span>0</div><div>Cache-control<span style="white-space:pre-wrap"> </span>private, max-age=0</div><div>Content-Encoding <span style="white-space:pre-wrap"> </span>gzip</div><div>Content-Length<span style="white-space:pre-wrap"> </span>10075</div><div>Content-Type<span style="white-space:pre-wrap"> </span>text/html; charset=UTF-8</div><div>Date<span style="white-space:pre-wrap"> </span>Thu, 04 Aug 2016 18:30:52 GMT</div><div>Expires<span style="white-space:pre-wrap"> </span>Thu, 19 Nov 1981 08:52:00 GMT</div><div>Last-Modified<span style="white-space:pre-wrap"> </span>Thu, 04 Aug 2016 18:30:52 GMT</div><div>Server<span style="white-space:pre-wrap"> </span>Apache/2</div><div>Vary<span style="white-space:pre-wrap"> </span>Accept-Encoding</div><div>Via<span style="white-space:pre-wrap"> </span>1.1 varnish-v4</div><div>X-Cache<span style="white-space:pre-wrap"> </span>MISS</div></div><div><br></div><div>What do you suggest me to do?<br></div><div><br></div><div><br></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div style="font-size:12.8px">Finally!</div><span style="font-size:12.8px">Login function is now working with the following settings but X-Cache shows MISS instead of HIT.</span><div><span style="font-size:12.8px"><br></span></div><div><div><span style="font-size:12.8px">#THE RECV FUNCTION</span></div><div><span style="font-size:12.8px"># ##############################<wbr>############################</span></div><div><span style="font-size:12.8px">sub vcl_recv { </span></div><div><span style="font-size:12.8px"> if( req.http.Cookie ~ "xf_(session|user)") {</span></div><div><span style="font-size:12.8px"> return (pass);</span></div><div><span style="font-size:12.8px"> }</span></div><div><span style="font-size:12.8px"><br></span></div><div><div><span style="font-size:12.8px"># FETCH FUNCTION</span></div><div><span style="font-size:12.8px"># ##############################<wbr>############################</span></div><div><span style="font-size:12.8px">sub vcl_backend_response { </span></div><div><br></div><div><span style="font-size:12.8px"> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC </span></div><div><span style="font-size:12.8px"> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT</span></div><div><span style="font-size:12.8px"> # TO DO THIS</span></div><div><span style="font-size:12.8px"> # ##############################<wbr>############################</span></div><div><span style="font-size:12.8px"> set beresp.http.Vary = "Accept-Encoding";</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF </span></div><div><span style="font-size:12.8px"> # TIME THIS PAGE WILL STAY CACHED (TTL)</span></div><div><span style="font-size:12.8px"> # ##############################<wbr>############################</span></div><div><span style="font-size:12.8px">if (beresp.http.Set-Cookie ~ "xf_(session|user)") </span></div><div><span style="font-size:12.8px">{ set beresp.uncacheable = true;</span></div><div><span style="font-size:12.8px"> set beresp.ttl = 1w;</span></div><div><span style="font-size:12.8px"> return (deliver);</span></div><div><span style="font-size:12.8px"> }</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> if (beresp.ttl <= 0s ||</span></div><div><span style="font-size:12.8px"> beresp.http.Set-Cookie ||</span></div><div><span style="font-size:12.8px"> beresp.http.Vary == "*") {</span></div><div><span style="font-size:12.8px"> set beresp.ttl = 120 s;</span></div><div><span style="font-size:12.8px"> # set beresp.ttl = 120s;</span></div><div><span style="font-size:12.8px"> set beresp.uncacheable = true;</span></div><div><span style="font-size:12.8px"> return (deliver);</span></div><div><span style="font-size:12.8px"> }</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"> return (deliver);</span></div><div><span style="font-size:12.8px">}</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px"># DELIVER FUNCTION</span></div><div><span style="font-size:12.8px"># ##############################<wbr>############################</span></div><div><span style="font-size:12.8px">sub vcl_deliver {</span></div><div><span style="font-size:12.8px"> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT </span></div><div><span style="font-size:12.8px"> # IN THE HEADER (GREAT FOR DEBUGGING)</span></div><div><span style="font-size:12.8px"> # ##############################<wbr>############################</span></div><div><span style="font-size:12.8px"> if (obj.hits > 0) {</span></div><div><span style="font-size:12.8px"> set resp.http.X-Cache = "HIT";</span></div><div><span style="font-size:12.8px"> # IF THIS IS A MISS RETURN THAT IN THE HEADER</span></div><div><span style="font-size:12.8px"> # ##############################<wbr>############################</span></div><div><span style="font-size:12.8px"> } else {</span></div><div><span style="font-size:12.8px"> set resp.http.X-Cache = "MISS";</span></div><div><span style="font-size:12.8px"> }</span></div><div><span style="font-size:12.8px">}</span></div></div></div></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Finally!</div>Login function is now working with the following settings but X-Cache shows MISS instead of HIT.<div><br><div><br></div><div><span><div><i>#THE RECV FUNCTION</i></div><div><i># ##############################<wbr>############################</i></div><div><i>sub vcl_recv { </i></div></span><span><div><i> if( req.http.Cookie ~ "xf_(session|user)") {</i></div><div><i> return (pass);</i></div><div><i> }</i></div><div><i><br></i></div><div><i><br></i></div></span><div><span><div><i># FETCH FUNCTION</i></div><div><i># ##############################<wbr>############################</i></div><div><i>sub vcl_backend_response { </i></div><div><i><br></i></div><div><i> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC </i></div><div><i> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT</i></div><div><i> # TO DO THIS</i></div><div><i> # ##############################<wbr>############################</i></div><div><i> set beresp.http.Vary = "Accept-Encoding";</i></div><div><i><br></i></div><div><i> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF </i></div><div><i> # TIME THIS PAGE WILL STAY CACHED (TTL)</i></div><div><i> # ##############################<wbr>############################</i></div></span><span><div><i>if (beresp.http.Set-Cookie ~ "xf_(session|user)") </i></div><div><i>{ set beresp.uncacheable = true;</i></div><div><i> set beresp.ttl = 1w;</i></div><div><i> return (deliver);</i></div><div><i> }</i></div><div><i><br></i></div><div><i> if (beresp.ttl <= 0s ||</i></div><div><i> beresp.http.Set-Cookie ||</i></div><div><i> beresp.http.Vary == "*") {</i></div><div><i> set beresp.ttl = 120 s;</i></div><div><i> # set beresp.ttl = 120s;</i></div><div><i> set beresp.uncacheable = true;</i></div><div><i> return (deliver);</i></div><div><i> }</i></div><div><i><br></i></div><div><i> return (deliver);</i></div><div><i>}</i></div><div><i><br></i></div><div><i># DELIVER FUNCTION</i></div><div><i># ##############################<wbr>############################</i></div><div><i>sub vcl_deliver {</i></div><div><i> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT </i></div><div><i> # IN THE HEADER (GREAT FOR DEBUGGING)</i></div><div><i> # ##############################<wbr>############################</i></div><div><i> if (obj.hits > 0) {</i></div><div><i> set resp.http.X-Cache = "HIT";</i></div><div><i> # IF THIS IS A MISS RETURN THAT IN THE HEADER</i></div><div><i> # ##############################<wbr>############################</i></div><div><i> } else {</i></div><div><i> set resp.http.X-Cache = "MISS";</i></div><div><i> }</i></div><div><i>}</i></div></span></div></div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 18:02 GMT+03:00 Lane, Richard <span dir="ltr"><<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I agree that the order of execution may be getting you here. If you need the WordPress rules then you may need to put additional logic to ensure non-wordpress applications are not negatively affected.<div><br></div><div>What happens if you change the order of these two blocks? Put your Set-Cookie check block before the wp-login check.</div><span><div><br></div><div><span style="color:rgb(80,0,80);font-size:12.8px">> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF </span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> # TIME THIS PAGE WILL STAY CACHED (TTL)</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> # ##############################</span><span style="color:rgb(80,0,80);font-size:12.8px"><wbr>############################</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> unset beresp.http.set-cookie;</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> set beresp.ttl = 52w;</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> # set beresp.grace =1w;</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> }</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> </span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> set beresp.uncacheable = true;</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> set beresp.ttl = 1w;</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> return (deliver);</span><br style="color:rgb(80,0,80);font-size:12.8px"><span style="color:rgb(80,0,80);font-size:12.8px">> }</span><br></div></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 4, 2016 at 9:50 AM, Andrei <span dir="ltr"><<a href="mailto:lagged@gmail.com" target="_blank">lagged@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">The log output suggests the xf_ cookie check in vcl_recv is not the first thing to run as you pasted earlier. Also, looking a bit closer, your issue the fact that you unset the cookie in vcl_backend_response if it's not wordpress related. Again, you should really audit your entire VCL, and remove unneeded stuff, like all the WordPress related rules if you're not using it.</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <span dir="ltr"><<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Log message: <div><br></div><div><div>[root@ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"</div><div>- ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"</div><div>- ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT</div><div>- ReqHeader X-Forwarded-For: 95.5.187.232</div><div>- VCL_call RECV</div><div>- ReqHeader X-Actual-IP: 95.5.187.232</div><div>- ReqUnset X-Forwarded-For: 95.5.187.232</div><div>- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232</div><div>- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; __gads=ID=83a3a88cd0381f62:T=1<wbr>470300206:S=ALNI_MawbfRUla wFoW2XT0IpqCIsH5v7bQ; xf_session=</div><div>- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f<wbr>0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check</div><div>- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f<wbr>0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check</div><div>- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f<wbr>0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check</div><div>- ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232</div><div>- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, 95.5.187.232</div><div>- ReqUnset Accept-Encoding: gzip, deflate, sdch</div><div>- ReqHeader Accept-Encoding: gzip</div><div>- VCL_Log PPPAASS</div><div>- VCL_return pass</div><div>- VCL_call HASH</div><div>- VCL_return lookup</div><div>- VCL_call PASS</div><div>- VCL_return fetch</div><div>- Link bereq 524435 pass</div><div>- Timestamp Fetch: 1470321283.617655 0.005758 0.005758</div><div>- RespProtocol HTTP/1.1</div><div>- RespStatus 200</div><div>- RespReason OK</div><div>- RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT</div><div>- RespHeader Server: Apache/2</div><div>- RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT</div><div>- RespHeader ETag: "1787d-5392dab8f2b4e-gzip"</div><div>- RespHeader Accept-Ranges: bytes</div><div>--</div><div>- ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT</div><div>- ReqHeader X-Forwarded-For: 95.5.187.232</div><div>- VCL_call RECV</div><div>- ReqHeader X-Actual-IP: 95.5.187.232</div><div>- ReqUnset X-Forwarded-For: 95.5.187.232</div><div>- ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232</div><div>- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; __gads=ID=83a3a88cd0381f62:T=1<wbr>470300206:S=ALNI_MawbfRUla wFoW2XT0IpqCIsH5v7bQ; xf_session=</div><div>- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f<wbr>0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check</div><div>- ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%<wbr>3A38%20GMT+0300%20%28Turkey%20<wbr>Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f<wbr>0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check</div><div>- ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s<wbr>7hdd73; pps_show_100=Th </div></div></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">2016-08-04 17:24 GMT+03:00 Lane, Richard <span dir="ltr"><<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I assume you reloaded/restarted Varnish after these changes were made. If so, can you verify that you do have the cookies set on the request?<br><br>maybe add this log message right before returning<span><br><br>if(req.http.Cookie ~ "xf_(session|user)") {<br></span> std.log( "PPPAASS Cookie set for forum");<br> return (pass);<br><br> }<br><br>Then you can use varnishlog command (below) to verify cookie is found<br><br>varnishlog | grep -A15 -B15 "PPPAASS"<div><br></div><div><br></div><div>Cheers,</div><div>Richard<div><div><br><br>On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>> wrote:<br>><br>> First of all, thank you. However the problem continues. Can you examine the codes?<br>><br>><br>> /* SET THE HOST AND PORT OF WORDPRESS<br>> * ******************************<wbr>***************************/<br>> vcl 4.0;<br>> import std;<br>><br>> backend default {<br>> .host = "*******";<br>> .port = "8080";<br>> .connect_timeout = 600s;<br>> .first_byte_timeout = 600s;<br>> .between_bytes_timeout = 600s;<br>> .max_connections = 800;<br>> }<br>> <br>> # SET THE ALLOWED IP OF PURGE REQUESTS<br>> # ##############################<wbr>############################<br>> acl purge {<br>> "localhost";<br>> "127.0.0.1";<br>> }<br>><br>> #THE RECV FUNCTION<br>> # ##############################<wbr>############################<br>> sub vcl_recv { <br>><br>> if(req.http.Cookie ~ "xf_(session|user)") {<br>> return (pass);<br>> }<br>><br>> # set realIP by trimming CloudFlare IP which will be used for various checks<br>> set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-Fo<wbr>r, "[, ].*$", ""); <br>><br>> # FORWARD THE IP OF THE REQUEST<br>> if (req.restarts == 0) {<br>> if (req.http.x-forwarded-for) {<br>> set req.http.X-Forwarded-For =<br>> req.http.X-Forwarded-For + ", " + client.ip;<br>> } else {<br>> set req.http.X-Forwarded-For = client.ip;<br>> }<br>> }<br>><br>> # Purge request check sections for hash_always_miss, purge and ban<br>> # BLOCK IF NOT IP is not in purge acl<br>> # ##############################<wbr>############################<br>><br>> # Enable smart refreshing using hash_always_miss<br>> if (req.http.Cache-Control ~ "no-cache") {<br>> if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {<br>> set req.hash_always_miss = true;<br>> }<br>> }<br>><br>> if (req.method == "PURGE") {<br>> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {<br>> return(synth(405,"Not allowed."));<br>> }<br>> return (purge);<br>><br>> }<br>> if (req.method == "BAN") {<br>> # Same ACL check as above:<br>> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {<br>> return(synth(403, "Not allowed."));<br>> }<br>> ban("req.http.host == " + req.http.host +<br>> " && req.url == " + req.url);<br>><br>> # Throw a synthetic page so the<br>> # request won't go to the backend.<br>> return(synth(200, "Ban added"));<br>> }<br>><br>><br>> # Unset cloudflare cookies<br>> # Remove has_js and CloudFlare/Google Analytics __* cookies.<br>> set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;<wbr>]*", "");<br>> # Remove a ";" prefix, if present.<br>> set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");<br>><br>> # For Testing: If you want to test with Varnish passing (not caching) uncomment<br>> # return( pass );<br>><br>> # FORWARD THE IP OF THE REQUEST<br>> if (req.restarts == 0) {<br>> if (req.http.x-forwarded-for) {<br>> set req.http.X-Forwarded-For =<br>> req.http.X-Forwarded-For + ", " + client.ip;<br>> } else {<br>> set req.http.X-Forwarded-For = client.ip;<br>> }<br>> }<br>><br>> # DO NOT CACHE RSS FEED<br>> if (req.url ~ "/feed(/)?") {<br>> return ( pass ); <br>> }<br>><br>> ## Do not cache search results, comment these 3 lines if you do want to cache them<br>><br>> if (req.url ~ "/\?s\=") {<br>> return ( pass ); <br>> }<br>><br>> # CLEAN UP THE ENCODING HEADER.<br>> # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING<br>> # VARNISH WILL CREATE SEPARATE CACHES FOR EACH<br>> # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.<br>> # ##############################<wbr>############################<br>> if (req.http.Accept-Encoding) {<br>> if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz<wbr>|mp3|ogg)$") {<br>> # No point in compressing these<br>> unset req.http.Accept-Encoding;<br>> } elsif (req.http.Accept-Encoding ~ "gzip") {<br>> set req.http.Accept-Encoding = "gzip";<br>> } elsif (req.http.Accept-Encoding ~ "deflate") {<br>> set req.http.Accept-Encoding = "deflate";<br>> } else {<br>> # unknown algorithm<br>> unset req.http.Accept-Encoding;<br>> }<br>> }<br>><br>> # PIPE ALL NON-STANDARD REQUESTS<br>> # ##############################<wbr>############################<br>> if (req.method != "GET" &&<br>> req.method != "HEAD" &&<br>> req.method != "PUT" && <br>> req.method != "POST" &&<br>> req.method != "TRACE" &&<br>> req.method != "OPTIONS" &&<br>> req.method != "DELETE") {<br>> return (pipe);<br>> }<br>> <br>> # ONLY CACHE GET AND HEAD REQUESTS<br>> # ##############################<wbr>############################<br>> if (req.method != "GET" && req.method != "HEAD") {<br>> return (pass);<br>> }<br>> <br>> # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER<br>> # COMMENT OR UNCOMMENT BOTH<br>> # ##############################<wbr>############################<br>> if ( req.http.cookie ~ "wordpress_logged_in" ) {<br>> return( pass );<br>> }<br>> <br>> # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN<br>> # THEN UNSET THE COOKIES<br>> # ##############################<wbr>############################<br>> if (!(req.url ~ "wp-(login|admin)") <br>> && !(req.url ~ "&preview=true" ) <br>> ){<br>> unset req.http.cookie;<br>> }<br>><br>> # IF BASIC AUTH IS ON THEN DO NOT CACHE<br>> # ##############################<wbr>############################<br>> if (req.http.Authorization || req.http.Cookie) {<br>> return (pass);<br>> }<br>> <br>> # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED<br>> # ##############################<wbr>############################<br>> return (hash);<br>> # This is for phpmyadmin<br>> if (req.http.Host == "<a href="http://ki1.org" target="_blank">ki1.org</a>") {<br>> return (pass);<br>> }<br>><br>> if (req.http.Host == "<a href="http://mysql.ki1.org" target="_blank">mysql.ki1.org</a>") {<br>> return (pass);<br>> }<br>><br>> }<br>><br>> # HIT FUNCTION<br>> # ##############################<wbr>############################<br>> sub vcl_hit {<br>> # IF THIS IS A PURGE REQUEST THEN DO THE PURGE<br>> # ##############################<wbr>############################<br>> if (req.method == "PURGE") {<br>> #<br>> # This is now handled in vcl_recv.<br>> #<br>> # purge;<br>> return (synth(200, "Purged."));<br>> }<br>> return (deliver);<br>> }<br>><br>> # MISS FUNCTION<br>> # ##############################<wbr>############################<br>> sub vcl_miss {<br>> if (req.method == "PURGE") {<br>> #<br>> # This is now handled in vcl_recv.<br>> #<br>> # purge;<br>> return (synth(200, "Purged."));<br>> }<br>> return (fetch);<br>> }<br>><br>> # FETCH FUNCTION<br>> # ##############################<wbr>############################<br>> sub vcl_backend_response {<br>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC <br>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT<br>> # TO DO THIS<br>> # ##############################<wbr>############################<br>> set beresp.http.Vary = "Accept-Encoding";<br>><br>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF <br>> # TIME THIS PAGE WILL STAY CACHED (TTL)<br>> # ##############################<wbr>############################<br>> if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {<br>> unset beresp.http.set-cookie;<br>> set beresp.ttl = 52w;<br>> # set beresp.grace =1w;<br>> }<br>> <br>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {<br>> set beresp.uncacheable = true;<br>> set beresp.ttl = 1w;<br>> return (deliver);<br>> }<br>> <br>><br>> if (beresp.ttl <= 0s ||<br>> beresp.http.Set-Cookie ||<br>> beresp.http.Vary == "*") {<br>> set beresp.ttl = 120 s;<br>> # set beresp.ttl = 120s;<br>> set beresp.uncacheable = true;<br>> return (deliver);<br>> }<br>><br>> return (deliver);<br>> }<br>><br>> # DELIVER FUNCTION<br>> # ##############################<wbr>############################<br>> sub vcl_deliver {<br>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT <br>> # IN THE HEADER (GREAT FOR DEBUGGING)<br>> # ##############################<wbr>############################<br>> if (obj.hits > 0) {<br>> set resp.http.X-Cache = "HIT";<br>> # IF THIS IS A MISS RETURN THAT IN THE HEADER<br>> # ##############################<wbr>############################<br>> } else {<br>> set resp.http.X-Cache = "MISS";<br>> }<br>> }<br>><br>><br>><br>> 2016-08-04 16:36 GMT+03:00 Andrei <<a href="mailto:lagged@gmail.com" target="_blank">lagged@gmail.com</a>>:<br>>><br>>> correction:<br>>><br>>> sub vcl_recv {<br>>> if(req.http.Cookie ~ "xf_(session|user)") {<br>>> return (pass);<br>>> }<br>>> }<br>>><br>>> sub vcl_backend_response {<br>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {<br>>> set beresp.uncacheable = true;<br>>> set beresp.ttl = 1w;<br>>> return (deliver);<br>>> }<br>>> }<br>>><br>>> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <<a href="mailto:lagged@gmail.com" target="_blank">lagged@gmail.com</a>> wrote:<br>>>><br>>>> Hello,<br>>>><br>>>> Aside from the provided VCL being for WordPress, while you're running XenForo, the xf_ cookies are being dropped by your config. A quick fix is:<br>>>><br>>>> sub vcl_recv {<br>>>> if( req.http.Cookie ~ "xf_(session|user)") {<br>>>> return (pass);<br>>>> }<br>>>> }<br>>>><br>>>> sub vcl_backend_response {<br>>>> if (req.http.Cookie ~ "xf_(session|user)") {<br>>>> set beresp.uncacheable = true;<br>>>> set beresp.ttl = 1w;<br>>>> return (deliver);<br>>>> }<br>>>> }<br>>>><br>>>> However, I suggest auditing your VCL, and only including rules specific to the application(s) which you are running.<br>>>><br>>>><br>>>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>> wrote:<br>>>>><br>>>>> Users can't login or register to <a href="http://domain.com/forum" target="_blank">domain.com/forum</a> with the current settings. So we need to make a change related to xf_user and xf_session but how?<br>>>>><br>>>>><br>>>>><br>>>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <<a href="mailto:rlane@ahbelo.com" target="_blank">rlane@ahbelo.com</a>>:<br>>>>>><br>>>>>> If you want Varnish to ignore request for a path you need to tell it to pass. In your example you have a rule for the RSS feed. You can do the same for /forum/ in your vcl_recv block.<br>>>>>><br>>>>>> *# DO NOT CACHE RSS FEED*<br>>>>>> * if (req.url ~ "/feed(/)?") {*<br>>>>>> * return ( pass ); *<br>>>>>> *}*<br>>>>>><br>>>>>> *# DO NOT CACHE FORUM*<br>>>>>> if (req.url ~ "/forum(/)?") {<br>>>>>> return ( pass ); <br>>>>>> }<br>>>>>><br>>>>>> Cheers,<br>>>>>> Richard<br>>>>>><br>>>>>>><br>>>>>>><br>>>>>>> Message: 1<br>>>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300<br>>>>>>> From: Ayberk Kimsesiz <<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>><br>>>>>>> To: varnish-misc <<a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.or<wbr>g</a>><br>>>>>>> Subject: XenForo default.vcl settings<br>>>>>>> Message-ID:<br>>>>>>> <<a href="mailto:CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q@mail.gmail.com" target="_blank">CAPQGzE29n1QOmHarn9L-9ztquGfe<wbr>u-AwNJUaDrHm_w-5BXmA_Q@mail.gm<wbr>ail.com</a>><br>>>>>>> Content-Type: text/plain; charset="utf-8"<br>>>>>>><br>>>>>>> Hi,<br>>>>>>><br>>>>>>> Could you please share the appropriate Default.vcl settings for XenForo<br>>>>>>> Forums? No one can register to the forum at the moment. My current<br>>>>>>> Default.vcl settings are as follows.<br>>>>>>><br>>>>>>> Forum address: <a href="http://domain.com/forum" target="_blank">domain.com/forum</a><br>>>>>>><br>>>>>>> */* SET THE HOST AND PORT OF WORDPRESS*<br>>>>>>> * * ******************************<wbr>***************************/*<br>>>>>>> *vcl 4.0;*<br>>>>>>> *import std;*<br>>>>>>><br>>>>>>> *backend default {*<br>>>>>>> * .host = "*******";*<br>>>>>>> * .port = "8080";*<br>>>>>>> * .connect_timeout = 600s;*<br>>>>>>> * .first_byte_timeout = 600s;*<br>>>>>>> * .between_bytes_timeout = 600s;*<br>>>>>>> * .max_connections = 800;*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *acl purge {*<br>>>>>>> * "localhost";*<br>>>>>>> * "127.0.0.1";*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *#THE RECV FUNCTION*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *sub vcl_recv {*<br>>>>>>><br>>>>>>> *# set realIP by trimming CloudFlare IP which will be used for various<br>>>>>>> checks*<br>>>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-Fo<wbr>r, "[, ].*$",<br>>>>>>> ""); *<br>>>>>>><br>>>>>>> * # FORWARD THE IP OF THE REQUEST*<br>>>>>>> * if (req.restarts == 0) {*<br>>>>>>> * if (req.http.x-forwarded-for) {*<br>>>>>>> * set req.http.X-Forwarded-For =*<br>>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*<br>>>>>>> * } else {*<br>>>>>>> * set req.http.X-Forwarded-For = client.ip;*<br>>>>>>> * }*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # Purge request check sections for hash_always_miss, purge and ban*<br>>>>>>> * # BLOCK IF NOT IP is not in purge acl*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>><br>>>>>>> * # Enable smart refreshing using hash_always_miss*<br>>>>>>> *if (req.http.Cache-Control ~ "no-cache") {*<br>>>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~<br>>>>>>> purge) {*<br>>>>>>> * set req.hash_always_miss = true;*<br>>>>>>> * }*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *if (req.method == "PURGE") {*<br>>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~<br>>>>>>> purge) {*<br>>>>>>> * return(synth(405,"Not allowed."));*<br>>>>>>> * }*<br>>>>>>> * return (purge);*<br>>>>>>><br>>>>>>> * }*<br>>>>>>> *if (req.method == "BAN") {*<br>>>>>>> * # Same ACL check as above:*<br>>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")<br>>>>>>> ~ purge) {*<br>>>>>>> * return(synth(403, "Not allowed."));*<br>>>>>>> * }*<br>>>>>>> * ban("req.http.host == " + req.http.host +*<br>>>>>>> * " && req.url == " + req.url);*<br>>>>>>><br>>>>>>> * # Throw a synthetic page so the*<br>>>>>>> * # request won't go to the backend.*<br>>>>>>> * return(synth(200, "Ban added"));*<br>>>>>>> *}*<br>>>>>>><br>>>>>>><br>>>>>>> *# Unset cloudflare cookies*<br>>>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*<br>>>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,<br>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;<wbr>]*", "");*<br>>>>>>> * # Remove a ";" prefix, if present.*<br>>>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*<br>>>>>>><br>>>>>>> * # For Testing: If you want to test with Varnish passing (not caching)<br>>>>>>> uncomment*<br>>>>>>> * # return( pass );*<br>>>>>>><br>>>>>>> * # FORWARD THE IP OF THE REQUEST*<br>>>>>>> * if (req.restarts == 0) {*<br>>>>>>> * if (req.http.x-forwarded-for) {*<br>>>>>>> * set req.http.X-Forwarded-For =*<br>>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*<br>>>>>>> * } else {*<br>>>>>>> * set req.http.X-Forwarded-For = client.ip;*<br>>>>>>> * }*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> *# DO NOT CACHE RSS FEED*<br>>>>>>> * if (req.url ~ "/feed(/)?") {*<br>>>>>>> * return ( pass ); *<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *## Do not cache search results, comment these 3 lines if you do want to<br>>>>>>> cache them*<br>>>>>>><br>>>>>>> *if (req.url ~ "/\?s\=") {*<br>>>>>>> * return ( pass ); *<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# CLEAN UP THE ENCODING HEADER.*<br>>>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING*<br>>>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*<br>>>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (req.http.Accept-Encoding) {*<br>>>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz<wbr>|mp3|ogg)$") {*<br>>>>>>> * # No point in compressing these*<br>>>>>>> * unset req.http.Accept-Encoding;*<br>>>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*<br>>>>>>> * set req.http.Accept-Encoding = "gzip";*<br>>>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*<br>>>>>>> * set req.http.Accept-Encoding = "deflate";*<br>>>>>>> * } else {*<br>>>>>>> * # unknown algorithm*<br>>>>>>> * unset req.http.Accept-Encoding;*<br>>>>>>> * }*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # PIPE ALL NON-STANDARD REQUESTS*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (req.method != "GET" &&*<br>>>>>>> * req.method != "HEAD" &&*<br>>>>>>> * req.method != "PUT" && *<br>>>>>>> * req.method != "POST" &&*<br>>>>>>> * req.method != "TRACE" &&*<br>>>>>>> * req.method != "OPTIONS" &&*<br>>>>>>> * req.method != "DELETE") {*<br>>>>>>> * return (pipe);*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (req.method != "GET" && req.method != "HEAD") {*<br>>>>>>> * return (pass);*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,<br>>>>>>> EITHER*<br>>>>>>> * # COMMENT OR UNCOMMENT BOTH*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*<br>>>>>>> * return( pass );*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*<br>>>>>>> * # THEN UNSET THE COOKIES*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (!(req.url ~ "wp-(login|admin)") *<br>>>>>>> * && !(req.url ~ "&preview=true" ) *<br>>>>>>> * ){*<br>>>>>>> * unset req.http.cookie;*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (req.http.Authorization || req.http.Cookie) {*<br>>>>>>> * return (pass);*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * return (hash);*<br>>>>>>> * # This is for phpmyadmin*<br>>>>>>> *if (req.http.Host == "<a href="http://ki1.org" target="_blank">ki1.org</a> <<a href="http://ki1.org" target="_blank">http://ki1.org</a>>") {*<br>>>>>>> *return (pass);*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *if (req.http.Host == "<a href="http://mysql.ki1.org" target="_blank">mysql.ki1.org</a> <<a href="http://mysql.ki1.org" target="_blank">http://mysql.ki1.org</a>>") {*<br>>>>>>> *return (pass);*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# HIT FUNCTION*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *sub vcl_hit {*<br>>>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (req.method == "PURGE") {*<br>>>>>>> * #*<br>>>>>>> * # This is now handled in vcl_recv.*<br>>>>>>> * #*<br>>>>>>> * # purge;*<br>>>>>>> * return (synth(200, "Purged."));*<br>>>>>>> * }*<br>>>>>>> * return (deliver);*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# MISS FUNCTION*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *sub vcl_miss {*<br>>>>>>> * if (req.method == "PURGE") {*<br>>>>>>> * #*<br>>>>>>> * # This is now handled in vcl_recv.*<br>>>>>>> * #*<br>>>>>>> * # purge;*<br>>>>>>> * return (synth(200, "Purged."));*<br>>>>>>> * }*<br>>>>>>> * return (fetch);*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# FETCH FUNCTION*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *sub vcl_backend_response {*<br>>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *<br>>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*<br>>>>>>> * # TO DO THIS*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * set beresp.http.Vary = "Accept-Encoding";*<br>>>>>>><br>>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *<br>>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~<br>>>>>>> "wordpress_logged_in" ) {*<br>>>>>>> * unset beresp.http.set-cookie;*<br>>>>>>> * set beresp.ttl = 52w;*<br>>>>>>> *# set beresp.grace =1w;*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * if (beresp.ttl <= 0s ||*<br>>>>>>> * beresp.http.Set-Cookie ||*<br>>>>>>> * beresp.http.Vary == "*") {*<br>>>>>>> * set beresp.ttl = 120 s;*<br>>>>>>> * # set beresp.ttl = 120s;*<br>>>>>>> * set beresp.uncacheable = true;*<br>>>>>>> * return (deliver);*<br>>>>>>> * }*<br>>>>>>><br>>>>>>> * return (deliver);*<br>>>>>>> *}*<br>>>>>>><br>>>>>>> *# DELIVER FUNCTION*<br>>>>>>> *# ##############################<wbr>############################*<br>>>>>>> *sub vcl_deliver {*<br>>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *<br>>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * if (obj.hits > 0) {*<br>>>>>>> * set resp.http.X-Cache = "HIT";*<br>>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*<br>>>>>>> * # ##############################<wbr>############################*<br>>>>>>> * } else {*<br>>>>>>> * set resp.http.X-Cache = "MISS";*<br>>>>>>> * }*<br>>>>>>> *}*<br>>>>>>><br>>>>>>><br>>>>>>> Thanks,<br>>>>>>> -------------- next part --------------<br>>>>>>> An HTML attachment was scrubbed...<br>>>>>>> URL: <<a href="https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/attachment-0001.html" target="_blank">https://www.varnish-cache.org<wbr>/lists/pipermail/varnish-misc/<wbr>attachments/20160803/d572e4b2/<wbr>attachment-0001.html</a>><br>>>>>>><br>>>>>>> ------------------------------<br>>>>>>><br>>>>>>> Message: 2<br>>>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300<br>>>>>>> From: Ayberk Kimsesiz <<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>><br>>>>>>> To: varnish-misc <<a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.or<wbr>g</a>><br>>>>>>> Subject: Re: XenForo default.vcl settings<br>>>>>>> Message-ID:<br>>>>>>> <<a href="mailto:CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA@mail.gmail.com" target="_blank">CAPQGzE39XkXy_44z5oUXBO5q5sF5<wbr>CvQmNP5k771DPi4O3i1ofA@mail.gm<wbr>ail.com</a>><br>>>>>>> Content-Type: text/plain; charset="utf-8"<br>>>>>>><br>>>>>>> I need to add the followings to default.vcl for Xenforo. However, solutions<br>>>>>>> in the Xenforo forums for this didn't work. Can you please help?<br>>>>>>><br>>>>>>> xf_session_admin<br>>>>>>> xf_user<br>>>>>>> xf_session<br>>>>>>><br>>>>>>> Or how can i block Varnish in a way that it doesn't work in *<a href="http://domain.com/forum" target="_blank">domain.com/forum</a><br>>>>>>> <<a href="http://domain.com/forum" target="_blank">http://domain.com/forum</a>>*<br>>>>>>><br>>>>>>><br>>>>>>><br>>>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <<a href="mailto:ayberk.kimsesiz@gmail.com" target="_blank">ayberk.kimsesiz@gmail.com</a>>:<br>>>>>>><br>>>>>>> > Hi,<br>>>>>>> ><br>>>>>>> > Could you please share the appropriate Default.vcl settings for XenForo<br>>>>>>> > Forums? No one can register to the forum at the moment. My current<br>>>>>>> > Default.vcl settings are as follows.<br>>>>>>> ><br>>>>>>> > Forum address: <a href="http://domain.com/forum" target="_blank">domain.com/forum</a><br>>>>>>> ><br>>>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*<br>>>>>>> > * * ******************************<wbr>***************************/*<br>>>>>>> > *vcl 4.0;*<br>>>>>>> > *import std;*<br>>>>>>> ><br>>>>>>> > *backend default {*<br>>>>>>> > * .host = "*******";*<br>>>>>>> > * .port = "8080";*<br>>>>>>> > * .connect_timeout = 600s;*<br>>>>>>> > * .first_byte_timeout = 600s;*<br>>>>>>> > * .between_bytes_timeout = 600s;*<br>>>>>>> > * .max_connections = 800;*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *acl purge {*<br>>>>>>> > * "localhost";*<br>>>>>>> > * "127.0.0.1";*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *#THE RECV FUNCTION*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *sub vcl_recv {*<br>>>>>>> ><br>>>>>>> > *# set realIP by trimming CloudFlare IP which will be used for various<br>>>>>>> > checks*<br>>>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-Fo<wbr>r, "[, ].*$",<br>>>>>>> > ""); *<br>>>>>>> ><br>>>>>>> > * # FORWARD THE IP OF THE REQUEST*<br>>>>>>> > * if (req.restarts == 0) {*<br>>>>>>> > * if (req.http.x-forwarded-for) {*<br>>>>>>> > * set req.http.X-Forwarded-For =*<br>>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*<br>>>>>>> > * } else {*<br>>>>>>> > * set req.http.X-Forwarded-For = client.ip;*<br>>>>>>> > * }*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # Purge request check sections for hash_always_miss, purge and ban*<br>>>>>>> > * # BLOCK IF NOT IP is not in purge acl*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> ><br>>>>>>> > * # Enable smart refreshing using hash_always_miss*<br>>>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*<br>>>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~<br>>>>>>> > purge) {*<br>>>>>>> > * set req.hash_always_miss = true;*<br>>>>>>> > * }*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *if (req.method == "PURGE") {*<br>>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~<br>>>>>>> > purge) {*<br>>>>>>> > * return(synth(405,"Not allowed."));*<br>>>>>>> > * }*<br>>>>>>> > * return (purge);*<br>>>>>>> ><br>>>>>>> > * }*<br>>>>>>> > *if (req.method == "BAN") {*<br>>>>>>> > * # Same ACL check as above:*<br>>>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,<br>>>>>>> > "1.2.3.4") ~ purge) {*<br>>>>>>> > * return(synth(403, "Not allowed."));*<br>>>>>>> > * }*<br>>>>>>> > * ban("req.http.host == " + req.http.host +*<br>>>>>>> > * " && req.url == " + req.url);*<br>>>>>>> ><br>>>>>>> > * # Throw a synthetic page so the*<br>>>>>>> > * # request won't go to the backend.*<br>>>>>>> > * return(synth(200, "Ban added"));*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> ><br>>>>>>> > *# Unset cloudflare cookies*<br>>>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*<br>>>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,<br>>>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;<wbr>]*", "");*<br>>>>>>> > * # Remove a ";" prefix, if present.*<br>>>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*<br>>>>>>> ><br>>>>>>> > * # For Testing: If you want to test with Varnish passing (not caching)<br>>>>>>> > uncomment*<br>>>>>>> > * # return( pass );*<br>>>>>>> ><br>>>>>>> > * # FORWARD THE IP OF THE REQUEST*<br>>>>>>> > * if (req.restarts == 0) {*<br>>>>>>> > * if (req.http.x-forwarded-for) {*<br>>>>>>> > * set req.http.X-Forwarded-For =*<br>>>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*<br>>>>>>> > * } else {*<br>>>>>>> > * set req.http.X-Forwarded-For = client.ip;*<br>>>>>>> > * }*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > *# DO NOT CACHE RSS FEED*<br>>>>>>> > * if (req.url ~ "/feed(/)?") {*<br>>>>>>> > * return ( pass ); *<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *## Do not cache search results, comment these 3 lines if you do want to<br>>>>>>> > cache them*<br>>>>>>> ><br>>>>>>> > *if (req.url ~ "/\?s\=") {*<br>>>>>>> > * return ( pass ); *<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# CLEAN UP THE ENCODING HEADER.*<br>>>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING*<br>>>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*<br>>>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (req.http.Accept-Encoding) {*<br>>>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz<wbr>|mp3|ogg)$") {*<br>>>>>>> > * # No point in compressing these*<br>>>>>>> > * unset req.http.Accept-Encoding;*<br>>>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*<br>>>>>>> > * set req.http.Accept-Encoding = "gzip";*<br>>>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*<br>>>>>>> > * set req.http.Accept-Encoding = "deflate";*<br>>>>>>> > * } else {*<br>>>>>>> > * # unknown algorithm*<br>>>>>>> > * unset req.http.Accept-Encoding;*<br>>>>>>> > * }*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (req.method != "GET" &&*<br>>>>>>> > * req.method != "HEAD" &&*<br>>>>>>> > * req.method != "PUT" && *<br>>>>>>> > * req.method != "POST" &&*<br>>>>>>> > * req.method != "TRACE" &&*<br>>>>>>> > * req.method != "OPTIONS" &&*<br>>>>>>> > * req.method != "DELETE") {*<br>>>>>>> > * return (pipe);*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*<br>>>>>>> > * return (pass);*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,<br>>>>>>> > EITHER*<br>>>>>>> > * # COMMENT OR UNCOMMENT BOTH*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*<br>>>>>>> > * return( pass );*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*<br>>>>>>> > * # THEN UNSET THE COOKIES*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (!(req.url ~ "wp-(login|admin)") *<br>>>>>>> > * && !(req.url ~ "&preview=true" ) *<br>>>>>>> > * ){*<br>>>>>>> > * unset req.http.cookie;*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (req.http.Authorization || req.http.Cookie) {*<br>>>>>>> > * return (pass);*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * return (hash);*<br>>>>>>> > * # This is for phpmyadmin*<br>>>>>>> > *if (req.http.Host == "<a href="http://ki1.org" target="_blank">ki1.org</a> <<a href="http://ki1.org" target="_blank">http://ki1.org</a>>") {*<br>>>>>>> > *return (pass);*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *if (req.http.Host == "<a href="http://mysql.ki1.org" target="_blank">mysql.ki1.org</a> <<a href="http://mysql.ki1.org" target="_blank">http://mysql.ki1.org</a>>") {*<br>>>>>>> > *return (pass);*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# HIT FUNCTION*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *sub vcl_hit {*<br>>>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (req.method == "PURGE") {*<br>>>>>>> > * #*<br>>>>>>> > * # This is now handled in vcl_recv.*<br>>>>>>> > * #*<br>>>>>>> > * # purge;*<br>>>>>>> > * return (synth(200, "Purged."));*<br>>>>>>> > * }*<br>>>>>>> > * return (deliver);*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# MISS FUNCTION*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *sub vcl_miss {*<br>>>>>>> > * if (req.method == "PURGE") {*<br>>>>>>> > * #*<br>>>>>>> > * # This is now handled in vcl_recv.*<br>>>>>>> > * #*<br>>>>>>> > * # purge;*<br>>>>>>> > * return (synth(200, "Purged."));*<br>>>>>>> > * }*<br>>>>>>> > * return (fetch);*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# FETCH FUNCTION*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *sub vcl_backend_response {*<br>>>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *<br>>>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*<br>>>>>>> > * # TO DO THIS*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * set beresp.http.Vary = "Accept-Encoding";*<br>>>>>>> ><br>>>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *<br>>>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~<br>>>>>>> > "wordpress_logged_in" ) {*<br>>>>>>> > * unset beresp.http.set-cookie;*<br>>>>>>> > * set beresp.ttl = 52w;*<br>>>>>>> > *# set beresp.grace =1w;*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * if (beresp.ttl <= 0s ||*<br>>>>>>> > * beresp.http.Set-Cookie ||*<br>>>>>>> > * beresp.http.Vary == "*") {*<br>>>>>>> > * set beresp.ttl = 120 s;*<br>>>>>>> > * # set beresp.ttl = 120s;*<br>>>>>>> > * set beresp.uncacheable = true;*<br>>>>>>> > * return (deliver);*<br>>>>>>> > * }*<br>>>>>>> ><br>>>>>>> > * return (deliver);*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> > *# DELIVER FUNCTION*<br>>>>>>> > *# ##############################<wbr>############################*<br>>>>>>> > *sub vcl_deliver {*<br>>>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *<br>>>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * if (obj.hits > 0) {*<br>>>>>>> > * set resp.http.X-Cache = "HIT";*<br>>>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*<br>>>>>>> > * # ##############################<wbr>############################*<br>>>>>>> > * } else {*<br>>>>>>> > * set resp.http.X-Cache = "MISS";*<br>>>>>>> > * }*<br>>>>>>> > *}*<br>>>>>>> ><br>>>>>>> ><br>>>>>>> > Thanks,<br>>>>>>> ><br>>>>>>> -------------- next part --------------<br>>>>>>> An HTML attachment was scrubbed...<br>>>>>>> URL: <<a href="https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/attachment.html" target="_blank">https://www.varnish-cache.org<wbr>/lists/pipermail/varnish-misc/<wbr>attachments/20160804/4e3f064a/<wbr>attachment.html</a>><br>>>>>>><br>>>>>>> ------------------------------<br>>>>>>><br>>>>>>> ______________________________<wbr>_________________<br>>>>>>> varnish-misc mailing list<br>>>>>>> <a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.org</a><br>>>>>>> <a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" target="_blank">https://www.varnish-cache.org/<wbr>lists/mailman/listinfo/varnish<wbr>-misc</a><br>>>>>>><br>>>>>>> End of varnish-misc Digest, Vol 125, Issue 14<br>>>>>>> ******************************<wbr>***************<br>>>>>><br>>>>>><br>>>>>><br>>>>>> ______________________________<wbr>_________________<br>>>>>> varnish-misc mailing list<br>>>>>> <a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.org</a><br>>>>>> <a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" target="_blank">https://www.varnish-cache.org/<wbr>lists/mailman/listinfo/varnish<wbr>-misc</a><br>>>>><br>>>>><br>>>>><br>>>>> ______________________________<wbr>_________________<br>>>>> varnish-misc mailing list<br>>>>> <a href="mailto:varnish-misc@varnish-cache.org" target="_blank">varnish-misc@varnish-cache.org</a><br>>>>> <a href="https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc" target="_blank">https://www.varnish-cache.org/<wbr>lists/mailman/listinfo/varnish<wbr>-misc</a><br>>>><br>>>><br>>><br>><br></div></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>