XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Thu Aug 4 15:09:43 CEST 2016
Users can't login or register to domain.com/forum with the current
settings. So we need to make a change related to *xf_user *and *xf_session*
but how?
2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
> If you want Varnish to ignore request for a path you need to tell it to
> pass. In your example you have a rule for the RSS feed. You can do the same
> for /forum/ in your vcl_recv block.
>
> *# DO NOT CACHE RSS FEED*
> * if (req.url ~ "/feed(/)?") {*
> * return ( pass ); *
> *}*
>
> *# DO NOT CACHE FORUM*
> if (req.url ~ "/forum(/)?") {
> return ( pass );
> }
>
> Cheers,
> Richard
>
>
>>
>> Message: 1
>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>> To: varnish-misc <varnish-misc at varnish-cache.org>
>> Subject: XenForo default.vcl settings
>> Message-ID:
>> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.
>> gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> Hi,
>>
>> Could you please share the appropriate Default.vcl settings for XenForo
>> Forums? No one can register to the forum at the moment. My current
>> Default.vcl settings are as follows.
>>
>> Forum address: domain.com/forum
>>
>> */* SET THE HOST AND PORT OF WORDPRESS*
>> * * *********************************************************/*
>> *vcl 4.0;*
>> *import std;*
>>
>> *backend default {*
>> * .host = "*******";*
>> * .port = "8080";*
>> * .connect_timeout = 600s;*
>> * .first_byte_timeout = 600s;*
>> * .between_bytes_timeout = 600s;*
>> * .max_connections = 800;*
>> *}*
>>
>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>> *# ##########################################################*
>> *acl purge {*
>> * "localhost";*
>> * "127.0.0.1";*
>> *}*
>>
>> *#THE RECV FUNCTION*
>> *# ##########################################################*
>> *sub vcl_recv {*
>>
>> *# set realIP by trimming CloudFlare IP which will be used for various
>> checks*
>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
>> ""); *
>>
>> * # FORWARD THE IP OF THE REQUEST*
>> * if (req.restarts == 0) {*
>> * if (req.http.x-forwarded-for) {*
>> * set req.http.X-Forwarded-For =*
>> * req.http.X-Forwarded-For + ", " + client.ip;*
>> * } else {*
>> * set req.http.X-Forwarded-For = client.ip;*
>> * }*
>> * }*
>>
>> * # Purge request check sections for hash_always_miss, purge and ban*
>> * # BLOCK IF NOT IP is not in purge acl*
>> * # ##########################################################*
>>
>> * # Enable smart refreshing using hash_always_miss*
>> *if (req.http.Cache-Control ~ "no-cache") {*
>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>> purge) {*
>> * set req.hash_always_miss = true;*
>> * }*
>> *}*
>>
>> *if (req.method == "PURGE") {*
>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>> purge) {*
>> * return(synth(405,"Not allowed."));*
>> * }*
>> * return (purge);*
>>
>> * }*
>> *if (req.method == "BAN") {*
>> * # Same ACL check as above:*
>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> "1.2.3.4")
>> ~ purge) {*
>> * return(synth(403, "Not allowed."));*
>> * }*
>> * ban("req.http.host == " + req.http.host +*
>> * " && req.url == " + req.url);*
>>
>> * # Throw a synthetic page so the*
>> * # request won't go to the backend.*
>> * return(synth(200, "Ban added"));*
>> *}*
>>
>>
>> *# Unset cloudflare cookies*
>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>> * set req.http.Cookie = regsuball(req.http.Cookie,
>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>> * # Remove a ";" prefix, if present.*
>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>>
>> * # For Testing: If you want to test with Varnish passing (not caching)
>> uncomment*
>> * # return( pass );*
>>
>> * # FORWARD THE IP OF THE REQUEST*
>> * if (req.restarts == 0) {*
>> * if (req.http.x-forwarded-for) {*
>> * set req.http.X-Forwarded-For =*
>> * req.http.X-Forwarded-For + ", " + client.ip;*
>> * } else {*
>> * set req.http.X-Forwarded-For = client.ip;*
>> * }*
>> * }*
>>
>> *# DO NOT CACHE RSS FEED*
>> * if (req.url ~ "/feed(/)?") {*
>> * return ( pass ); *
>> *}*
>>
>> *## Do not cache search results, comment these 3 lines if you do want to
>> cache them*
>>
>> *if (req.url ~ "/\?s\=") {*
>> * return ( pass ); *
>> *}*
>>
>> *# CLEAN UP THE ENCODING HEADER.*
>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING*
>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>> * # ##########################################################*
>> * if (req.http.Accept-Encoding) {*
>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>> * # No point in compressing these*
>> * unset req.http.Accept-Encoding;*
>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>> * set req.http.Accept-Encoding = "gzip";*
>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>> * set req.http.Accept-Encoding = "deflate";*
>> * } else {*
>> * # unknown algorithm*
>> * unset req.http.Accept-Encoding;*
>> * }*
>> * }*
>>
>> * # PIPE ALL NON-STANDARD REQUESTS*
>> * # ##########################################################*
>> * if (req.method != "GET" &&*
>> * req.method != "HEAD" &&*
>> * req.method != "PUT" && *
>> * req.method != "POST" &&*
>> * req.method != "TRACE" &&*
>> * req.method != "OPTIONS" &&*
>> * req.method != "DELETE") {*
>> * return (pipe);*
>> * }*
>>
>> * # ONLY CACHE GET AND HEAD REQUESTS*
>> * # ##########################################################*
>> * if (req.method != "GET" && req.method != "HEAD") {*
>> * return (pass);*
>> * }*
>>
>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>> EITHER*
>> * # COMMENT OR UNCOMMENT BOTH*
>> * # ##########################################################*
>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>> * return( pass );*
>> * }*
>>
>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>> * # THEN UNSET THE COOKIES*
>> * # ##########################################################*
>> * if (!(req.url ~ "wp-(login|admin)") *
>> * && !(req.url ~ "&preview=true" ) *
>> * ){*
>> * unset req.http.cookie;*
>> * }*
>>
>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>> * # ##########################################################*
>> * if (req.http.Authorization || req.http.Cookie) {*
>> * return (pass);*
>> * }*
>>
>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>> * # ##########################################################*
>> * return (hash);*
>> * # This is for phpmyadmin*
>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>> *return (pass);*
>> *}*
>>
>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>> *return (pass);*
>> *}*
>>
>> *}*
>>
>> *# HIT FUNCTION*
>> *# ##########################################################*
>> *sub vcl_hit {*
>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>> * # ##########################################################*
>> * if (req.method == "PURGE") {*
>> * #*
>> * # This is now handled in vcl_recv.*
>> * #*
>> * # purge;*
>> * return (synth(200, "Purged."));*
>> * }*
>> * return (deliver);*
>> *}*
>>
>> *# MISS FUNCTION*
>> *# ##########################################################*
>> *sub vcl_miss {*
>> * if (req.method == "PURGE") {*
>> * #*
>> * # This is now handled in vcl_recv.*
>> * #*
>> * # purge;*
>> * return (synth(200, "Purged."));*
>> * }*
>> * return (fetch);*
>> *}*
>>
>> *# FETCH FUNCTION*
>> *# ##########################################################*
>> *sub vcl_backend_response {*
>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>> * # TO DO THIS*
>> * # ##########################################################*
>> * set beresp.http.Vary = "Accept-Encoding";*
>>
>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>> * # ##########################################################*
>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> "wordpress_logged_in" ) {*
>> * unset beresp.http.set-cookie;*
>> * set beresp.ttl = 52w;*
>> *# set beresp.grace =1w;*
>> * }*
>>
>> * if (beresp.ttl <= 0s ||*
>> * beresp.http.Set-Cookie ||*
>> * beresp.http.Vary == "*") {*
>> * set beresp.ttl = 120 s;*
>> * # set beresp.ttl = 120s;*
>> * set beresp.uncacheable = true;*
>> * return (deliver);*
>> * }*
>>
>> * return (deliver);*
>> *}*
>>
>> *# DELIVER FUNCTION*
>> *# ##########################################################*
>> *sub vcl_deliver {*
>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>> * # ##########################################################*
>> * if (obj.hits > 0) {*
>> * set resp.http.X-Cache = "HIT";*
>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>> * # ##########################################################*
>> * } else {*
>> * set resp.http.X-Cache = "MISS";*
>> * }*
>> *}*
>>
>>
>> Thanks,
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>> attachments/20160803/d572e4b2/attachment-0001.html>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>> To: varnish-misc <varnish-misc at varnish-cache.org>
>> Subject: Re: XenForo default.vcl settings
>> Message-ID:
>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.
>> gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> I need to add the followings to default.vcl for Xenforo. However,
>> solutions
>> in the Xenforo forums for this didn't work. Can you please help?
>>
>> xf_session_admin
>> xf_user
>> xf_session
>>
>> Or how can i block Varnish in a way that it doesn't work in *
>> domain.com/forum
>> <http://domain.com/forum>*
>>
>>
>>
>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>:
>>
>> > Hi,
>> >
>> > Could you please share the appropriate Default.vcl settings for XenForo
>> > Forums? No one can register to the forum at the moment. My current
>> > Default.vcl settings are as follows.
>> >
>> > Forum address: domain.com/forum
>> >
>> > */* SET THE HOST AND PORT OF WORDPRESS*
>> > * * *********************************************************/*
>> > *vcl 4.0;*
>> > *import std;*
>> >
>> > *backend default {*
>> > * .host = "*******";*
>> > * .port = "8080";*
>> > * .connect_timeout = 600s;*
>> > * .first_byte_timeout = 600s;*
>> > * .between_bytes_timeout = 600s;*
>> > * .max_connections = 800;*
>> > *}*
>> >
>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>> > *# ##########################################################*
>> > *acl purge {*
>> > * "localhost";*
>> > * "127.0.0.1";*
>> > *}*
>> >
>> > *#THE RECV FUNCTION*
>> > *# ##########################################################*
>> > *sub vcl_recv {*
>> >
>> > *# set realIP by trimming CloudFlare IP which will be used for various
>> > checks*
>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$",
>> > ""); *
>> >
>> > * # FORWARD THE IP OF THE REQUEST*
>> > * if (req.restarts == 0) {*
>> > * if (req.http.x-forwarded-for) {*
>> > * set req.http.X-Forwarded-For =*
>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>> > * } else {*
>> > * set req.http.X-Forwarded-For = client.ip;*
>> > * }*
>> > * }*
>> >
>> > * # Purge request check sections for hash_always_miss, purge and ban*
>> > * # BLOCK IF NOT IP is not in purge acl*
>> > * # ##########################################################*
>> >
>> > * # Enable smart refreshing using hash_always_miss*
>> > *if (req.http.Cache-Control ~ "no-cache") {*
>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>> > purge) {*
>> > * set req.hash_always_miss = true;*
>> > * }*
>> > *}*
>> >
>> > *if (req.method == "PURGE") {*
>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>> ~
>> > purge) {*
>> > * return(synth(405,"Not allowed."));*
>> > * }*
>> > * return (purge);*
>> >
>> > * }*
>> > *if (req.method == "BAN") {*
>> > * # Same ACL check as above:*
>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>> > "1.2.3.4") ~ purge) {*
>> > * return(synth(403, "Not allowed."));*
>> > * }*
>> > * ban("req.http.host == " + req.http.host +*
>> > * " && req.url == " + req.url);*
>> >
>> > * # Throw a synthetic page so the*
>> > * # request won't go to the backend.*
>> > * return(synth(200, "Ban added"));*
>> > *}*
>> >
>> >
>> > *# Unset cloudflare cookies*
>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>> > * # Remove a ";" prefix, if present.*
>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");*
>> >
>> > * # For Testing: If you want to test with Varnish passing (not caching)
>> > uncomment*
>> > * # return( pass );*
>> >
>> > * # FORWARD THE IP OF THE REQUEST*
>> > * if (req.restarts == 0) {*
>> > * if (req.http.x-forwarded-for) {*
>> > * set req.http.X-Forwarded-For =*
>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>> > * } else {*
>> > * set req.http.X-Forwarded-For = client.ip;*
>> > * }*
>> > * }*
>> >
>> > *# DO NOT CACHE RSS FEED*
>> > * if (req.url ~ "/feed(/)?") {*
>> > * return ( pass ); *
>> > *}*
>> >
>> > *## Do not cache search results, comment these 3 lines if you do want to
>> > cache them*
>> >
>> > *if (req.url ~ "/\?s\=") {*
>> > * return ( pass ); *
>> > *}*
>> >
>> > *# CLEAN UP THE ENCODING HEADER.*
>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>> ACCEPT-ENCODING*
>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>> > * # ##########################################################*
>> > * if (req.http.Accept-Encoding) {*
>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>> > * # No point in compressing these*
>> > * unset req.http.Accept-Encoding;*
>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>> > * set req.http.Accept-Encoding = "gzip";*
>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>> > * set req.http.Accept-Encoding = "deflate";*
>> > * } else {*
>> > * # unknown algorithm*
>> > * unset req.http.Accept-Encoding;*
>> > * }*
>> > * }*
>> >
>> > * # PIPE ALL NON-STANDARD REQUESTS*
>> > * # ##########################################################*
>> > * if (req.method != "GET" &&*
>> > * req.method != "HEAD" &&*
>> > * req.method != "PUT" && *
>> > * req.method != "POST" &&*
>> > * req.method != "TRACE" &&*
>> > * req.method != "OPTIONS" &&*
>> > * req.method != "DELETE") {*
>> > * return (pipe);*
>> > * }*
>> >
>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>> > * # ##########################################################*
>> > * if (req.method != "GET" && req.method != "HEAD") {*
>> > * return (pass);*
>> > * }*
>> >
>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>> > EITHER*
>> > * # COMMENT OR UNCOMMENT BOTH*
>> > * # ##########################################################*
>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>> > * return( pass );*
>> > * }*
>> >
>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>> > * # THEN UNSET THE COOKIES*
>> > * # ##########################################################*
>> > * if (!(req.url ~ "wp-(login|admin)") *
>> > * && !(req.url ~ "&preview=true" ) *
>> > * ){*
>> > * unset req.http.cookie;*
>> > * }*
>> >
>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>> > * # ##########################################################*
>> > * if (req.http.Authorization || req.http.Cookie) {*
>> > * return (pass);*
>> > * }*
>> >
>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>> > * # ##########################################################*
>> > * return (hash);*
>> > * # This is for phpmyadmin*
>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>> > *return (pass);*
>> > *}*
>> >
>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>> > *return (pass);*
>> > *}*
>> >
>> > *}*
>> >
>> > *# HIT FUNCTION*
>> > *# ##########################################################*
>> > *sub vcl_hit {*
>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>> > * # ##########################################################*
>> > * if (req.method == "PURGE") {*
>> > * #*
>> > * # This is now handled in vcl_recv.*
>> > * #*
>> > * # purge;*
>> > * return (synth(200, "Purged."));*
>> > * }*
>> > * return (deliver);*
>> > *}*
>> >
>> > *# MISS FUNCTION*
>> > *# ##########################################################*
>> > *sub vcl_miss {*
>> > * if (req.method == "PURGE") {*
>> > * #*
>> > * # This is now handled in vcl_recv.*
>> > * #*
>> > * # purge;*
>> > * return (synth(200, "Purged."));*
>> > * }*
>> > * return (fetch);*
>> > *}*
>> >
>> > *# FETCH FUNCTION*
>> > *# ##########################################################*
>> > *sub vcl_backend_response {*
>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>> > * # TO DO THIS*
>> > * # ##########################################################*
>> > * set beresp.http.Vary = "Accept-Encoding";*
>> >
>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>> > * # ##########################################################*
>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>> > "wordpress_logged_in" ) {*
>> > * unset beresp.http.set-cookie;*
>> > * set beresp.ttl = 52w;*
>> > *# set beresp.grace =1w;*
>> > * }*
>> >
>> > * if (beresp.ttl <= 0s ||*
>> > * beresp.http.Set-Cookie ||*
>> > * beresp.http.Vary == "*") {*
>> > * set beresp.ttl = 120 s;*
>> > * # set beresp.ttl = 120s;*
>> > * set beresp.uncacheable = true;*
>> > * return (deliver);*
>> > * }*
>> >
>> > * return (deliver);*
>> > *}*
>> >
>> > *# DELIVER FUNCTION*
>> > *# ##########################################################*
>> > *sub vcl_deliver {*
>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>> > * # ##########################################################*
>> > * if (obj.hits > 0) {*
>> > * set resp.http.X-Cache = "HIT";*
>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>> > * # ##########################################################*
>> > * } else {*
>> > * set resp.http.X-Cache = "MISS";*
>> > * }*
>> > *}*
>> >
>> >
>> > Thanks,
>> >
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/
>> attachments/20160804/4e3f064a/attachment.html>
>>
>> ------------------------------
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc at varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>> End of varnish-misc Digest, Vol 125, Issue 14
>> *********************************************
>>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/e791cc0e/attachment-0001.html>
More information about the varnish-misc
mailing list