XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Thu Aug 4 17:47:37 CEST 2016
Finally!
Login function is now working with the following settings but X-Cache
shows MISS instead of HIT.
*#THE RECV FUNCTION*
*# ##########################################################*
*sub vcl_recv { *
* if( req.http.Cookie ~ "xf_(session|user)") {*
* return (pass);*
* }*
*# FETCH FUNCTION*
*# ##########################################################*
*sub vcl_backend_response { *
* # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
* # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
* # TO DO THIS*
* # ##########################################################*
* set beresp.http.Vary = "Accept-Encoding";*
* # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
* # TIME THIS PAGE WILL STAY CACHED (TTL)*
* # ##########################################################*
*if (beresp.http.Set-Cookie ~ "xf_(session|user)") *
*{ set beresp.uncacheable = true;*
* set beresp.ttl = 1w;*
* return (deliver);*
* }*
* if (beresp.ttl <= 0s ||*
* beresp.http.Set-Cookie ||*
* beresp.http.Vary == "*") {*
* set beresp.ttl = 120 s;*
* # set beresp.ttl = 120s;*
* set beresp.uncacheable = true;*
* return (deliver);*
* }*
* return (deliver);*
*}*
*# DELIVER FUNCTION*
*# ##########################################################*
*sub vcl_deliver {*
* # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
* # IN THE HEADER (GREAT FOR DEBUGGING)*
* # ##########################################################*
* if (obj.hits > 0) {*
* set resp.http.X-Cache = "HIT";*
* # IF THIS IS A MISS RETURN THAT IN THE HEADER*
* # ##########################################################*
* } else {*
* set resp.http.X-Cache = "MISS";*
* }*
*}*
2016-08-04 18:02 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
> I agree that the order of execution may be getting you here. If you need
> the WordPress rules then you may need to put additional logic to ensure
> non-wordpress applications are not negatively affected.
>
> What happens if you change the order of these two blocks? Put your
> Set-Cookie check block before the wp-login check.
>
> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> > # TIME THIS PAGE WILL STAY CACHED (TTL)
> > # ##########################################################
> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
> "wordpress_logged_in" ) {
> > unset beresp.http.set-cookie;
> > set beresp.ttl = 52w;
> > # set beresp.grace =1w;
> > }
> >
> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
> > set beresp.uncacheable = true;
> > set beresp.ttl = 1w;
> > return (deliver);
> > }
>
> On Thu, Aug 4, 2016 at 9:50 AM, Andrei <lagged at gmail.com> wrote:
>
>> The log output suggests the xf_ cookie check in vcl_recv is not the first
>> thing to run as you pasted earlier. Also, looking a bit closer, your issue
>> the fact that you unset the cookie in vcl_backend_response if it's not
>> wordpress related. Again, you should really audit your entire VCL, and
>> remove unneeded stuff, like all the WordPress related rules if you're not
>> using it.
>>
>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com> wrote:
>>
>>> Log message:
>>>
>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"
>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT
>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>> - VCL_call RECV
>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>> est_cookie=WP+Cookie+check
>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>> est_cookie=WP+Cookie+check
>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>> est_cookie=WP+Cookie+check
>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232,
>>> 95.5.187.232
>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch
>>> - ReqHeader Accept-Encoding: gzip
>>> - VCL_Log PPPAASS
>>> - VCL_return pass
>>> - VCL_call HASH
>>> - VCL_return lookup
>>> - VCL_call PASS
>>> - VCL_return fetch
>>> - Link bereq 524435 pass
>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758
>>> - RespProtocol HTTP/1.1
>>> - RespStatus 200
>>> - RespReason OK
>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT
>>> - RespHeader Server: Apache/2
>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip"
>>> - RespHeader Accept-Ranges: bytes
>>> --
>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT
>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>> - VCL_call RECV
>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>> est_cookie=WP+Cookie+check
>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>> pps_times_showed_100=1;
>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>> est_cookie=WP+Cookie+check
>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>> pps_show_100=Th
>>>
>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>
>>>> I assume you reloaded/restarted Varnish after these changes were made.
>>>> If so, can you verify that you do have the cookies set on the request?
>>>>
>>>> maybe add this log message right before returning
>>>>
>>>> if(req.http.Cookie ~ "xf_(session|user)") {
>>>> std.log( "PPPAASS Cookie set for forum");
>>>> return (pass);
>>>>
>>>> }
>>>>
>>>> Then you can use varnishlog command (below) to verify cookie is found
>>>>
>>>> varnishlog | grep -A15 -B15 "PPPAASS"
>>>>
>>>>
>>>> Cheers,
>>>> Richard
>>>>
>>>>
>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <
>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>> >
>>>> > First of all, thank you. However the problem continues. Can you
>>>> examine the codes?
>>>> >
>>>> >
>>>> > /* SET THE HOST AND PORT OF WORDPRESS
>>>> > * *********************************************************/
>>>> > vcl 4.0;
>>>> > import std;
>>>> >
>>>> > backend default {
>>>> > .host = "*******";
>>>> > .port = "8080";
>>>> > .connect_timeout = 600s;
>>>> > .first_byte_timeout = 600s;
>>>> > .between_bytes_timeout = 600s;
>>>> > .max_connections = 800;
>>>> > }
>>>> >
>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS
>>>> > # ##########################################################
>>>> > acl purge {
>>>> > "localhost";
>>>> > "127.0.0.1";
>>>> > }
>>>> >
>>>> > #THE RECV FUNCTION
>>>> > # ##########################################################
>>>> > sub vcl_recv {
>>>> >
>>>> > if(req.http.Cookie ~ "xf_(session|user)") {
>>>> > return (pass);
>>>> > }
>>>> >
>>>> > # set realIP by trimming CloudFlare IP which will be used for various
>>>> checks
>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[,
>>>> ].*$", "");
>>>> >
>>>> > # FORWARD THE IP OF THE REQUEST
>>>> > if (req.restarts == 0) {
>>>> > if (req.http.x-forwarded-for) {
>>>> > set req.http.X-Forwarded-For =
>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>> > } else {
>>>> > set req.http.X-Forwarded-For = client.ip;
>>>> > }
>>>> > }
>>>> >
>>>> > # Purge request check sections for hash_always_miss, purge and ban
>>>> > # BLOCK IF NOT IP is not in purge acl
>>>> > # ##########################################################
>>>> >
>>>> > # Enable smart refreshing using hash_always_miss
>>>> > if (req.http.Cache-Control ~ "no-cache") {
>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>>> ~ purge) {
>>>> > set req.hash_always_miss = true;
>>>> > }
>>>> > }
>>>> >
>>>> > if (req.method == "PURGE") {
>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~ purge) {
>>>> > return(synth(405,"Not allowed."));
>>>> > }
>>>> > return (purge);
>>>> >
>>>> > }
>>>> > if (req.method == "BAN") {
>>>> > # Same ACL check as above:
>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~ purge) {
>>>> > return(synth(403, "Not allowed."));
>>>> > }
>>>> > ban("req.http.host == " + req.http.host +
>>>> > " && req.url == " + req.url);
>>>> >
>>>> > # Throw a synthetic page so the
>>>> > # request won't go to the backend.
>>>> > return(synth(200, "Ban added"));
>>>> > }
>>>> >
>>>> >
>>>> > # Unset cloudflare cookies
>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
>>>> > set req.http.Cookie = regsuball(req.http.Cookie,
>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
>>>> > # Remove a ";" prefix, if present.
>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
>>>> >
>>>> > # For Testing: If you want to test with Varnish passing (not
>>>> caching) uncomment
>>>> > # return( pass );
>>>> >
>>>> > # FORWARD THE IP OF THE REQUEST
>>>> > if (req.restarts == 0) {
>>>> > if (req.http.x-forwarded-for) {
>>>> > set req.http.X-Forwarded-For =
>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>> > } else {
>>>> > set req.http.X-Forwarded-For = client.ip;
>>>> > }
>>>> > }
>>>> >
>>>> > # DO NOT CACHE RSS FEED
>>>> > if (req.url ~ "/feed(/)?") {
>>>> > return ( pass );
>>>> > }
>>>> >
>>>> > ## Do not cache search results, comment these 3 lines if you do want
>>>> to cache them
>>>> >
>>>> > if (req.url ~ "/\?s\=") {
>>>> > return ( pass );
>>>> > }
>>>> >
>>>> > # CLEAN UP THE ENCODING HEADER.
>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>> ACCEPT-ENCODING
>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
>>>> > # ##########################################################
>>>> > if (req.http.Accept-Encoding) {
>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
>>>> > # No point in compressing these
>>>> > unset req.http.Accept-Encoding;
>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") {
>>>> > set req.http.Accept-Encoding = "gzip";
>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") {
>>>> > set req.http.Accept-Encoding = "deflate";
>>>> > } else {
>>>> > # unknown algorithm
>>>> > unset req.http.Accept-Encoding;
>>>> > }
>>>> > }
>>>> >
>>>> > # PIPE ALL NON-STANDARD REQUESTS
>>>> > # ##########################################################
>>>> > if (req.method != "GET" &&
>>>> > req.method != "HEAD" &&
>>>> > req.method != "PUT" &&
>>>> > req.method != "POST" &&
>>>> > req.method != "TRACE" &&
>>>> > req.method != "OPTIONS" &&
>>>> > req.method != "DELETE") {
>>>> > return (pipe);
>>>> > }
>>>> >
>>>> > # ONLY CACHE GET AND HEAD REQUESTS
>>>> > # ##########################################################
>>>> > if (req.method != "GET" && req.method != "HEAD") {
>>>> > return (pass);
>>>> > }
>>>> >
>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO,
>>>> EITHER
>>>> > # COMMENT OR UNCOMMENT BOTH
>>>> > # ##########################################################
>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) {
>>>> > return( pass );
>>>> > }
>>>> >
>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
>>>> > # THEN UNSET THE COOKIES
>>>> > # ##########################################################
>>>> > if (!(req.url ~ "wp-(login|admin)")
>>>> > && !(req.url ~ "&preview=true" )
>>>> > ){
>>>> > unset req.http.cookie;
>>>> > }
>>>> >
>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE
>>>> > # ##########################################################
>>>> > if (req.http.Authorization || req.http.Cookie) {
>>>> > return (pass);
>>>> > }
>>>> >
>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
>>>> > # ##########################################################
>>>> > return (hash);
>>>> > # This is for phpmyadmin
>>>> > if (req.http.Host == "ki1.org") {
>>>> > return (pass);
>>>> > }
>>>> >
>>>> > if (req.http.Host == "mysql.ki1.org") {
>>>> > return (pass);
>>>> > }
>>>> >
>>>> > }
>>>> >
>>>> > # HIT FUNCTION
>>>> > # ##########################################################
>>>> > sub vcl_hit {
>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
>>>> > # ##########################################################
>>>> > if (req.method == "PURGE") {
>>>> > #
>>>> > # This is now handled in vcl_recv.
>>>> > #
>>>> > # purge;
>>>> > return (synth(200, "Purged."));
>>>> > }
>>>> > return (deliver);
>>>> > }
>>>> >
>>>> > # MISS FUNCTION
>>>> > # ##########################################################
>>>> > sub vcl_miss {
>>>> > if (req.method == "PURGE") {
>>>> > #
>>>> > # This is now handled in vcl_recv.
>>>> > #
>>>> > # purge;
>>>> > return (synth(200, "Purged."));
>>>> > }
>>>> > return (fetch);
>>>> > }
>>>> >
>>>> > # FETCH FUNCTION
>>>> > # ##########################################################
>>>> > sub vcl_backend_response {
>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
>>>> > # TO DO THIS
>>>> > # ##########################################################
>>>> > set beresp.http.Vary = "Accept-Encoding";
>>>> >
>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>>>> > # ##########################################################
>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>> "wordpress_logged_in" ) {
>>>> > unset beresp.http.set-cookie;
>>>> > set beresp.ttl = 52w;
>>>> > # set beresp.grace =1w;
>>>> > }
>>>> >
>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>> > set beresp.uncacheable = true;
>>>> > set beresp.ttl = 1w;
>>>> > return (deliver);
>>>> > }
>>>> >
>>>> >
>>>> > if (beresp.ttl <= 0s ||
>>>> > beresp.http.Set-Cookie ||
>>>> > beresp.http.Vary == "*") {
>>>> > set beresp.ttl = 120 s;
>>>> > # set beresp.ttl = 120s;
>>>> > set beresp.uncacheable = true;
>>>> > return (deliver);
>>>> > }
>>>> >
>>>> > return (deliver);
>>>> > }
>>>> >
>>>> > # DELIVER FUNCTION
>>>> > # ##########################################################
>>>> > sub vcl_deliver {
>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>>>> > # IN THE HEADER (GREAT FOR DEBUGGING)
>>>> > # ##########################################################
>>>> > if (obj.hits > 0) {
>>>> > set resp.http.X-Cache = "HIT";
>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER
>>>> > # ##########################################################
>>>> > } else {
>>>> > set resp.http.X-Cache = "MISS";
>>>> > }
>>>> > }
>>>> >
>>>> >
>>>> >
>>>> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>>>> >>
>>>> >> correction:
>>>> >>
>>>> >> sub vcl_recv {
>>>> >> if(req.http.Cookie ~ "xf_(session|user)") {
>>>> >> return (pass);
>>>> >> }
>>>> >> }
>>>> >>
>>>> >> sub vcl_backend_response {
>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>> >> set beresp.uncacheable = true;
>>>> >> set beresp.ttl = 1w;
>>>> >> return (deliver);
>>>> >> }
>>>> >> }
>>>> >>
>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com> wrote:
>>>> >>>
>>>> >>> Hello,
>>>> >>>
>>>> >>> Aside from the provided VCL being for WordPress, while you're
>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick
>>>> fix is:
>>>> >>>
>>>> >>> sub vcl_recv {
>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") {
>>>> >>> return (pass);
>>>> >>> }
>>>> >>> }
>>>> >>>
>>>> >>> sub vcl_backend_response {
>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") {
>>>> >>> set beresp.uncacheable = true;
>>>> >>> set beresp.ttl = 1w;
>>>> >>> return (deliver);
>>>> >>> }
>>>> >>> }
>>>> >>>
>>>> >>> However, I suggest auditing your VCL, and only including rules
>>>> specific to the application(s) which you are running.
>>>> >>>
>>>> >>>
>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>> >>>>
>>>> >>>> Users can't login or register to domain.com/forum with the
>>>> current settings. So we need to make a change related to xf_user and
>>>> xf_session but how?
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>> >>>>>
>>>> >>>>> If you want Varnish to ignore request for a path you need to tell
>>>> it to pass. In your example you have a rule for the RSS feed. You can do
>>>> the same for /forum/ in your vcl_recv block.
>>>> >>>>>
>>>> >>>>> *# DO NOT CACHE RSS FEED*
>>>> >>>>> * if (req.url ~ "/feed(/)?") {*
>>>> >>>>> * return ( pass ); *
>>>> >>>>> *}*
>>>> >>>>>
>>>> >>>>> *# DO NOT CACHE FORUM*
>>>> >>>>> if (req.url ~ "/forum(/)?") {
>>>> >>>>> return ( pass );
>>>> >>>>> }
>>>> >>>>>
>>>> >>>>> Cheers,
>>>> >>>>> Richard
>>>> >>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Message: 1
>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>> >>>>>> Subject: XenForo default.vcl settings
>>>> >>>>>> Message-ID:
>>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe
>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com>
>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>> >>>>>>
>>>> >>>>>> Hi,
>>>> >>>>>>
>>>> >>>>>> Could you please share the appropriate Default.vcl settings for
>>>> XenForo
>>>> >>>>>> Forums? No one can register to the forum at the moment. My
>>>> current
>>>> >>>>>> Default.vcl settings are as follows.
>>>> >>>>>>
>>>> >>>>>> Forum address: domain.com/forum
>>>> >>>>>>
>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>> >>>>>> * * *********************************************************/*
>>>> >>>>>> *vcl 4.0;*
>>>> >>>>>> *import std;*
>>>> >>>>>>
>>>> >>>>>> *backend default {*
>>>> >>>>>> * .host = "*******";*
>>>> >>>>>> * .port = "8080";*
>>>> >>>>>> * .connect_timeout = 600s;*
>>>> >>>>>> * .first_byte_timeout = 600s;*
>>>> >>>>>> * .between_bytes_timeout = 600s;*
>>>> >>>>>> * .max_connections = 800;*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *acl purge {*
>>>> >>>>>> * "localhost";*
>>>> >>>>>> * "127.0.0.1";*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *#THE RECV FUNCTION*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *sub vcl_recv {*
>>>> >>>>>>
>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for
>>>> various
>>>> >>>>>> checks*
>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>> "[, ].*$",
>>>> >>>>>> ""); *
>>>> >>>>>>
>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>> >>>>>> * if (req.restarts == 0) {*
>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>> >>>>>> * } else {*
>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>> >>>>>> * }*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and
>>>> ban*
>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>>
>>>> >>>>>> * # Enable smart refreshing using hash_always_miss*
>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~
>>>> >>>>>> purge) {*
>>>> >>>>>> * set req.hash_always_miss = true;*
>>>> >>>>>> * }*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *if (req.method == "PURGE") {*
>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~
>>>> >>>>>> purge) {*
>>>> >>>>>> * return(synth(405,"Not allowed."));*
>>>> >>>>>> * }*
>>>> >>>>>> * return (purge);*
>>>> >>>>>>
>>>> >>>>>> * }*
>>>> >>>>>> *if (req.method == "BAN") {*
>>>> >>>>>> * # Same ACL check as above:*
>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4")
>>>> >>>>>> ~ purge) {*
>>>> >>>>>> * return(synth(403, "Not allowed."));*
>>>> >>>>>> * }*
>>>> >>>>>> * ban("req.http.host == " + req.http.host +*
>>>> >>>>>> * " && req.url == " + req.url);*
>>>> >>>>>>
>>>> >>>>>> * # Throw a synthetic page so the*
>>>> >>>>>> * # request won't go to the backend.*
>>>> >>>>>> * return(synth(200, "Ban added"));*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> *# Unset cloudflare cookies*
>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>> >>>>>> * # Remove a ";" prefix, if present.*
>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>>> "");*
>>>> >>>>>>
>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not
>>>> caching)
>>>> >>>>>> uncomment*
>>>> >>>>>> * # return( pass );*
>>>> >>>>>>
>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>> >>>>>> * if (req.restarts == 0) {*
>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>> >>>>>> * } else {*
>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>> >>>>>> * }*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> *# DO NOT CACHE RSS FEED*
>>>> >>>>>> * if (req.url ~ "/feed(/)?") {*
>>>> >>>>>> * return ( pass ); *
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do
>>>> want to
>>>> >>>>>> cache them*
>>>> >>>>>>
>>>> >>>>>> *if (req.url ~ "/\?s\=") {*
>>>> >>>>>> * return ( pass ); *
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>> ACCEPT-ENCODING*
>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (req.http.Accept-Encoding) {*
>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {*
>>>> >>>>>> * # No point in compressing these*
>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>> >>>>>> * } else {*
>>>> >>>>>> * # unknown algorithm*
>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>> >>>>>> * }*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (req.method != "GET" &&*
>>>> >>>>>> * req.method != "HEAD" &&*
>>>> >>>>>> * req.method != "PUT" && *
>>>> >>>>>> * req.method != "POST" &&*
>>>> >>>>>> * req.method != "TRACE" &&*
>>>> >>>>>> * req.method != "OPTIONS" &&*
>>>> >>>>>> * req.method != "DELETE") {*
>>>> >>>>>> * return (pipe);*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>> >>>>>> * return (pass);*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>>> FETCH TOO,
>>>> >>>>>> EITHER*
>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>> >>>>>> * return( pass );*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>> >>>>>> * # THEN UNSET THE COOKIES*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>> >>>>>> * && !(req.url ~ "&preview=true" ) *
>>>> >>>>>> * ){*
>>>> >>>>>> * unset req.http.cookie;*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>> >>>>>> * return (pass);*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * return (hash);*
>>>> >>>>>> * # This is for phpmyadmin*
>>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>> >>>>>> *return (pass);*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {*
>>>> >>>>>> *return (pass);*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# HIT FUNCTION*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *sub vcl_hit {*
>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (req.method == "PURGE") {*
>>>> >>>>>> * #*
>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>> >>>>>> * #*
>>>> >>>>>> * # purge;*
>>>> >>>>>> * return (synth(200, "Purged."));*
>>>> >>>>>> * }*
>>>> >>>>>> * return (deliver);*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# MISS FUNCTION*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *sub vcl_miss {*
>>>> >>>>>> * if (req.method == "PURGE") {*
>>>> >>>>>> * #*
>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>> >>>>>> * #*
>>>> >>>>>> * # purge;*
>>>> >>>>>> * return (synth(200, "Purged."));*
>>>> >>>>>> * }*
>>>> >>>>>> * return (fetch);*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# FETCH FUNCTION*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *sub vcl_backend_response {*
>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>> >>>>>> * # TO DO THIS*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>> >>>>>>
>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>> >>>>>> "wordpress_logged_in" ) {*
>>>> >>>>>> * unset beresp.http.set-cookie;*
>>>> >>>>>> * set beresp.ttl = 52w;*
>>>> >>>>>> *# set beresp.grace =1w;*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * if (beresp.ttl <= 0s ||*
>>>> >>>>>> * beresp.http.Set-Cookie ||*
>>>> >>>>>> * beresp.http.Vary == "*") {*
>>>> >>>>>> * set beresp.ttl = 120 s;*
>>>> >>>>>> * # set beresp.ttl = 120s;*
>>>> >>>>>> * set beresp.uncacheable = true;*
>>>> >>>>>> * return (deliver);*
>>>> >>>>>> * }*
>>>> >>>>>>
>>>> >>>>>> * return (deliver);*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>> *# DELIVER FUNCTION*
>>>> >>>>>> *# ##########################################################*
>>>> >>>>>> *sub vcl_deliver {*
>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * if (obj.hits > 0) {*
>>>> >>>>>> * set resp.http.X-Cache = "HIT";*
>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>> >>>>>> * # ##########################################################*
>>>> >>>>>> * } else {*
>>>> >>>>>> * set resp.http.X-Cache = "MISS";*
>>>> >>>>>> * }*
>>>> >>>>>> *}*
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> Thanks,
>>>> >>>>>> -------------- next part --------------
>>>> >>>>>> An HTML attachment was scrubbed...
>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/
>>>> attachment-0001.html>
>>>> >>>>>>
>>>> >>>>>> ------------------------------
>>>> >>>>>>
>>>> >>>>>> Message: 2
>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>> >>>>>> Subject: Re: XenForo default.vcl settings
>>>> >>>>>> Message-ID:
>>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5
>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com>
>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>> >>>>>>
>>>> >>>>>> I need to add the followings to default.vcl for Xenforo.
>>>> However, solutions
>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please help?
>>>> >>>>>>
>>>> >>>>>> xf_session_admin
>>>> >>>>>> xf_user
>>>> >>>>>> xf_session
>>>> >>>>>>
>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in *
>>>> domain.com/forum
>>>> >>>>>> <http://domain.com/forum>*
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>>
>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
>>>> ayberk.kimsesiz at gmail.com>:
>>>> >>>>>>
>>>> >>>>>> > Hi,
>>>> >>>>>> >
>>>> >>>>>> > Could you please share the appropriate Default.vcl settings
>>>> for XenForo
>>>> >>>>>> > Forums? No one can register to the forum at the moment. My
>>>> current
>>>> >>>>>> > Default.vcl settings are as follows.
>>>> >>>>>> >
>>>> >>>>>> > Forum address: domain.com/forum
>>>> >>>>>> >
>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>> >>>>>> > * * ******************************
>>>> ***************************/*
>>>> >>>>>> > *vcl 4.0;*
>>>> >>>>>> > *import std;*
>>>> >>>>>> >
>>>> >>>>>> > *backend default {*
>>>> >>>>>> > * .host = "*******";*
>>>> >>>>>> > * .port = "8080";*
>>>> >>>>>> > * .connect_timeout = 600s;*
>>>> >>>>>> > * .first_byte_timeout = 600s;*
>>>> >>>>>> > * .between_bytes_timeout = 600s;*
>>>> >>>>>> > * .max_connections = 800;*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *acl purge {*
>>>> >>>>>> > * "localhost";*
>>>> >>>>>> > * "127.0.0.1";*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *#THE RECV FUNCTION*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *sub vcl_recv {*
>>>> >>>>>> >
>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for
>>>> various
>>>> >>>>>> > checks*
>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>> "[, ].*$",
>>>> >>>>>> > ""); *
>>>> >>>>>> >
>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>> >>>>>> > * if (req.restarts == 0) {*
>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>> >>>>>> > * } else {*
>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>> >>>>>> > * }*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge
>>>> and ban*
>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> >
>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~
>>>> >>>>>> > purge) {*
>>>> >>>>>> > * set req.hash_always_miss = true;*
>>>> >>>>>> > * }*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *if (req.method == "PURGE") {*
>>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>> "1.2.3.4") ~
>>>> >>>>>> > purge) {*
>>>> >>>>>> > * return(synth(405,"Not allowed."));*
>>>> >>>>>> > * }*
>>>> >>>>>> > * return (purge);*
>>>> >>>>>> >
>>>> >>>>>> > * }*
>>>> >>>>>> > *if (req.method == "BAN") {*
>>>> >>>>>> > * # Same ACL check as above:*
>>>> >>>>>> > * if (!client.ip ~ purge ||
>>>> !std.ip(req.http.X-Actual-IP,
>>>> >>>>>> > "1.2.3.4") ~ purge) {*
>>>> >>>>>> > * return(synth(403, "Not allowed."));*
>>>> >>>>>> > * }*
>>>> >>>>>> > * ban("req.http.host == " + req.http.host +*
>>>> >>>>>> > * " && req.url == " + req.url);*
>>>> >>>>>> >
>>>> >>>>>> > * # Throw a synthetic page so the*
>>>> >>>>>> > * # request won't go to the backend.*
>>>> >>>>>> > * return(synth(200, "Ban added"));*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> >
>>>> >>>>>> > *# Unset cloudflare cookies*
>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.*
>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>> >>>>>> > * # Remove a ";" prefix, if present.*
>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>>> "");*
>>>> >>>>>> >
>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing
>>>> (not caching)
>>>> >>>>>> > uncomment*
>>>> >>>>>> > * # return( pass );*
>>>> >>>>>> >
>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>> >>>>>> > * if (req.restarts == 0) {*
>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>> >>>>>> > * } else {*
>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>> >>>>>> > * }*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > *# DO NOT CACHE RSS FEED*
>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>> >>>>>> > * return ( pass ); *
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if you
>>>> do want to
>>>> >>>>>> > cache them*
>>>> >>>>>> >
>>>> >>>>>> > *if (req.url ~ "/\?s\=") {*
>>>> >>>>>> > * return ( pass ); *
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>> ACCEPT-ENCODING*
>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (req.http.Accept-Encoding) {*
>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>>> {*
>>>> >>>>>> > * # No point in compressing these*
>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>> >>>>>> > * } else {*
>>>> >>>>>> > * # unknown algorithm*
>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>> >>>>>> > * }*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (req.method != "GET" &&*
>>>> >>>>>> > * req.method != "HEAD" &&*
>>>> >>>>>> > * req.method != "PUT" && *
>>>> >>>>>> > * req.method != "POST" &&*
>>>> >>>>>> > * req.method != "TRACE" &&*
>>>> >>>>>> > * req.method != "OPTIONS" &&*
>>>> >>>>>> > * req.method != "DELETE") {*
>>>> >>>>>> > * return (pipe);*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>> >>>>>> > * return (pass);*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>>> FETCH TOO,
>>>> >>>>>> > EITHER*
>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>> >>>>>> > * return( pass );*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN*
>>>> >>>>>> > * # THEN UNSET THE COOKIES*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>> >>>>>> > * ){*
>>>> >>>>>> > * unset req.http.cookie;*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>> >>>>>> > * return (pass);*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * return (hash);*
>>>> >>>>>> > * # This is for phpmyadmin*
>>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>> >>>>>> > *return (pass);*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>")
>>>> {*
>>>> >>>>>> > *return (pass);*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# HIT FUNCTION*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *sub vcl_hit {*
>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>> >>>>>> > * #*
>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>> >>>>>> > * #*
>>>> >>>>>> > * # purge;*
>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>> >>>>>> > * }*
>>>> >>>>>> > * return (deliver);*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# MISS FUNCTION*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *sub vcl_miss {*
>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>> >>>>>> > * #*
>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>> >>>>>> > * #*
>>>> >>>>>> > * # purge;*
>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>> >>>>>> > * }*
>>>> >>>>>> > * return (fetch);*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# FETCH FUNCTION*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *sub vcl_backend_response {*
>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>> >>>>>> > * # TO DO THIS*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>> >>>>>> >
>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie
>>>> ~
>>>> >>>>>> > "wordpress_logged_in" ) {*
>>>> >>>>>> > * unset beresp.http.set-cookie;*
>>>> >>>>>> > * set beresp.ttl = 52w;*
>>>> >>>>>> > *# set beresp.grace =1w;*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * if (beresp.ttl <= 0s ||*
>>>> >>>>>> > * beresp.http.Set-Cookie ||*
>>>> >>>>>> > * beresp.http.Vary == "*") {*
>>>> >>>>>> > * set beresp.ttl = 120 s;*
>>>> >>>>>> > * # set beresp.ttl = 120s;*
>>>> >>>>>> > * set beresp.uncacheable = true;*
>>>> >>>>>> > * return (deliver);*
>>>> >>>>>> > * }*
>>>> >>>>>> >
>>>> >>>>>> > * return (deliver);*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> > *# DELIVER FUNCTION*
>>>> >>>>>> > *# ##########################################################*
>>>> >>>>>> > *sub vcl_deliver {*
>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * if (obj.hits > 0) {*
>>>> >>>>>> > * set resp.http.X-Cache = "HIT";*
>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>> >>>>>> > * # ##############################
>>>> ############################*
>>>> >>>>>> > * } else {*
>>>> >>>>>> > * set resp.http.X-Cache = "MISS";*
>>>> >>>>>> > * }*
>>>> >>>>>> > *}*
>>>> >>>>>> >
>>>> >>>>>> >
>>>> >>>>>> > Thanks,
>>>> >>>>>> >
>>>> >>>>>> -------------- next part --------------
>>>> >>>>>> An HTML attachment was scrubbed...
>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/
>>>> attachment.html>
>>>> >>>>>>
>>>> >>>>>> ------------------------------
>>>> >>>>>>
>>>> >>>>>> _______________________________________________
>>>> >>>>>> varnish-misc mailing list
>>>> >>>>>> varnish-misc at varnish-cache.org
>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish
>>>> -misc
>>>> >>>>>>
>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>> >>>>>> *********************************************
>>>> >>>>>
>>>> >>>>>
>>>> >>>>>
>>>> >>>>> _______________________________________________
>>>> >>>>> varnish-misc mailing list
>>>> >>>>> varnish-misc at varnish-cache.org
>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> _______________________________________________
>>>> >>>> varnish-misc mailing list
>>>> >>>> varnish-misc at varnish-cache.org
>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>> >>>
>>>> >>>
>>>> >>
>>>> >
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/94c65c5c/attachment-0001.html>
More information about the varnish-misc
mailing list