XenForo default.vcl settings
Ayberk Kimsesiz
ayberk.kimsesiz at gmail.com
Fri Aug 5 09:44:43 CEST 2016
Hi again,
I deleted all the Wordpress records and only added the following to
xenForo. People can now login to forum but Varnish shows MISS once again.
What kind of setting should i use?
/* SET THE HOST AND PORT OF WORDPRESS
* *********************************************************/
vcl 4.0;
import std;
backend default {
.host = "*****''
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
}
# SET THE ALLOWED IP OF PURGE REQUESTS
# ##########################################################
acl purge {
"localhost";
"127.0.0.1";
}
#THE RECV FUNCTION
# ##########################################################
sub vcl_recv {
# set realIP by trimming CloudFlare IP which will be used for various checks
set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# Purge request check sections for hash_always_miss, purge and ban
# BLOCK IF NOT IP is not in purge acl
# ##########################################################
# Enable smart refreshing using hash_always_miss
if (req.http.Cache-Control ~ "no-cache") {
if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
set req.hash_always_miss = true;
}
}
if (req.method == "PURGE") {
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
purge) {
return(synth(405,"Not allowed."));
}
return (purge);
}
if (req.method == "BAN") {
# Same ACL check as above:
if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4")
~ purge) {
return(synth(403, "Not allowed."));
}
ban("req.http.host == " + req.http.host +
" && req.url == " + req.url);
# Throw a synthetic page so the
# request won't go to the backend.
return(synth(200, "Ban added"));
}
# Unset cloudflare cookies
# Remove has_js and CloudFlare/Google Analytics __* cookies.
set req.http.Cookie = regsuball(req.http.Cookie,
"(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
# For Testing: If you want to test with Varnish passing (not caching)
uncomment
# return( pass );
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
# DO NOT CACHE RSS FEED
if (req.url ~ "/feed(/)?") {
return ( pass );
}
## Do not cache search results, comment these 3 lines if you do want to
cache them
if (req.url ~ "/\?s\=") {
return ( pass );
}
# CLEAN UP THE ENCODING HEADER.
# SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
# VARNISH WILL CREATE SEPARATE CACHES FOR EACH
# DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
# ##########################################################
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unknown algorithm
unset req.http.Accept-Encoding;
}
}
# PIPE ALL NON-STANDARD REQUESTS
# ##########################################################
if (req.method != "GET" &&
req.method != "HEAD" &&
req.method != "PUT" &&
req.method != "POST" &&
req.method != "TRACE" &&
req.method != "OPTIONS" &&
req.method != "DELETE") {
return (pipe);
}
# ONLY CACHE GET AND HEAD REQUESTS
# ##########################################################
if (req.method != "GET" && req.method != "HEAD") {
return (pass);
}
# OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER
# COMMENT OR UNCOMMENT BOTH
# ##########################################################
# IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
# THEN UNSET THE COOKIES
# ##########################################################
# IF BASIC AUTH IS ON THEN DO NOT CACHE
# ##########################################################
if (req.http.Authorization || req.http.Cookie) {
return (pass);
}
# IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
# ##########################################################
return (hash);
# This is for phpmyadmin
if (req.http.Host == "ki1.org") {
return (pass);
}
if (req.http.Host == "mysql.ki1.org") {
return (pass);
}
}
# HIT FUNCTION
# ##########################################################
sub vcl_hit {
# IF THIS IS A PURGE REQUEST THEN DO THE PURGE
# ##########################################################
if (req.method == "PURGE") {
#
# This is now handled in vcl_recv.
#
# purge;
return (synth(200, "Purged."));
}
return (deliver);
}
# MISS FUNCTION
# ##########################################################
sub vcl_miss {
if (req.method == "PURGE") {
#
# This is now handled in vcl_recv.
#
# purge;
return (synth(200, "Purged."));
}
return (fetch);
}
# FETCH FUNCTION
# ##########################################################
sub vcl_backend_response {
if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
set beresp.uncacheable = true;
set beresp.ttl = 1w;
return (deliver);
}
# I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
# TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
# TO DO THIS
# ##########################################################
set beresp.http.Vary = "Accept-Encoding";
# IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
# TIME THIS PAGE WILL STAY CACHED (TTL)
# ##########################################################
if (beresp.ttl <= 0s ||
beresp.http.Set-Cookie ||
beresp.http.Vary == "*") {
set beresp.ttl = 120 s;
# set beresp.ttl = 120s;
set beresp.uncacheable = true;
return (deliver);
}
return (deliver);
}
# DELIVER FUNCTION
# ##########################################################
sub vcl_deliver {
# IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
# IN THE HEADER (GREAT FOR DEBUGGING)
# ##########################################################
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
# IF THIS IS A MISS RETURN THAT IN THE HEADER
# ##########################################################
} else {
set resp.http.X-Cache = "MISS";
}
}
*Wordpress: *
Accept-Ranges bytes
Age 0
Cache-Control max-age=3600, public
Connection keep-alive
Content-Encoding gzip
Content-Type text/html
Date Fri, 05 Aug 2016 07:34:11 GMT
Etag 9090a91bf774ce89d892f8dd7fedd527
Expires Fri, 05 Aug 2016 08:34:11 GMT
Last-Modified Thu, 01 Jan 1970 00:00:00 GMT
Pragma public
Server Apache/2
Transfer-Encoding chunked
Vary Accept-Encoding
Via 1.1 varnish-v4
X-Cache MISS
X-Powered-By W3 Total Cache/0.9.4.1
X-Varnish 3048080
*xenForo*
Accept-Ranges bytes
Age 0
Cache-control private, max-age=0
Connection keep-alive
Content-Encoding gzip
Content-Length 11721
Content-Type text/html; charset=UTF-8
Date Fri, 05 Aug 2016 07:35:03 GMT
Expires Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified Fri, 05 Aug 2016 07:35:03 GMT
Server Apache/2
Vary Accept-Encoding
Via 1.1 varnish-v4
X-Cache MISS
X-Frame-Options SAMEORIGIN
X-Powered-By PHP/5.5.34
X-Varnish 3277302
2016-08-04 23:54 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>:
> I added the code but it FAILED. In fact, i want to make people to be able
> to login and register to /forum.
> When i use these codes that works but MISS appears at the same time.
>
> # FETCH FUNCTION
> # ##########################################################
> sub vcl_backend_response {
>
> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
> # TO DO THIS
> # ##########################################################
> set beresp.http.Vary = "Accept-Encoding";
>
> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
> # TIME THIS PAGE WILL STAY CACHED (TTL)
> # ##########################################################
> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") *
> *{ set beresp.uncacheable = true;*
> * set beresp.ttl = 1w;*
> * return (deliver);*
> * }*
>
> if (beresp.ttl <= 0s ||
> beresp.http.Set-Cookie ||
> beresp.http.Vary == "*") {
> set beresp.ttl = 120 s;
> # set beresp.ttl = 120s;
> set beresp.uncacheable = true;
> return (deliver);
> }
>
> return (deliver);
> }
>
> # DELIVER FUNCTION
> # ##########################################################
> sub vcl_deliver {
> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
> # IN THE HEADER (GREAT FOR DEBUGGING)
> # ##########################################################
> if (obj.hits > 0) {
> set resp.http.X-Cache = "HIT";
> # IF THIS IS A MISS RETURN THAT IN THE HEADER
> # ##########################################################
> } else {
> set resp.http.X-Cache = "MISS";
> }
> }
>
> 2016-08-04 22:50 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>
>> This was what I was talking about when I said you may need additional
>> logic to handle both.
>>
>> You will need to add the cookie check along with the path for forum to
>> that pass block. So something like...
>>
>> if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') {
>> return (pass);
>> }
>>
>> On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz <
>> ayberk.kimsesiz at gmail.com> wrote:
>>
>>> Yes, i want /forum to be MISS, there is no problem. However, Wordpress
>>> (homepage) shows MISS too.
>>>
>>> 2016-08-04 22:34 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>
>>>> If you PASS then your request will not be cached. Varnish marks these
>>>> non-cached items as a MISS since they go to the backend each time and
>>>> therefore a miss and not a hit on cache.
>>>>
>>>> What were you expecting? Is this still requests with the forum cookies?
>>>>
>>>> If you want to cache request from logged in users you will need to add
>>>> the specific user cookies to the hash so each user served their cached copy.
>>>>
>>>> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz <
>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>
>>>>> If i use the given settings MISS appears in the Header.
>>>>>
>>>>> Accept-Ranges bytes
>>>>> Age 0
>>>>> Cache-control private, max-age=0
>>>>> Content-Encoding gzip
>>>>> Content-Length 10075
>>>>> Content-Type text/html; charset=UTF-8
>>>>> Date Thu, 04 Aug 2016 18:30:52 GMT
>>>>> Expires Thu, 19 Nov 1981 08:52:00 GMT
>>>>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT
>>>>> Server Apache/2
>>>>> Vary Accept-Encoding
>>>>> Via 1.1 varnish-v4
>>>>> X-Cache MISS
>>>>>
>>>>> What do you suggest me to do?
>>>>>
>>>>>
>>>>>
>>>>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>> :
>>>>>
>>>>>> Finally!
>>>>>> Login function is now working with the following settings but
>>>>>> X-Cache shows MISS instead of HIT.
>>>>>>
>>>>>> #THE RECV FUNCTION
>>>>>> # ##########################################################
>>>>>> sub vcl_recv {
>>>>>> if( req.http.Cookie ~ "xf_(session|user)") {
>>>>>> return (pass);
>>>>>> }
>>>>>>
>>>>>> # FETCH FUNCTION
>>>>>> # ##########################################################
>>>>>> sub vcl_backend_response {
>>>>>>
>>>>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>>>>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
>>>>>> # TO DO THIS
>>>>>> # ##########################################################
>>>>>> set beresp.http.Vary = "Accept-Encoding";
>>>>>>
>>>>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>>>> # TIME THIS PAGE WILL STAY CACHED (TTL)
>>>>>> # ##########################################################
>>>>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)")
>>>>>> { set beresp.uncacheable = true;
>>>>>> set beresp.ttl = 1w;
>>>>>> return (deliver);
>>>>>> }
>>>>>>
>>>>>> if (beresp.ttl <= 0s ||
>>>>>> beresp.http.Set-Cookie ||
>>>>>> beresp.http.Vary == "*") {
>>>>>> set beresp.ttl = 120 s;
>>>>>> # set beresp.ttl = 120s;
>>>>>> set beresp.uncacheable = true;
>>>>>> return (deliver);
>>>>>> }
>>>>>>
>>>>>> return (deliver);
>>>>>> }
>>>>>>
>>>>>> # DELIVER FUNCTION
>>>>>> # ##########################################################
>>>>>> sub vcl_deliver {
>>>>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>>>>>> # IN THE HEADER (GREAT FOR DEBUGGING)
>>>>>> # ##########################################################
>>>>>> if (obj.hits > 0) {
>>>>>> set resp.http.X-Cache = "HIT";
>>>>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER
>>>>>> # ##########################################################
>>>>>> } else {
>>>>>> set resp.http.X-Cache = "MISS";
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com
>>>>>> >:
>>>>>>
>>>>>>> Finally!
>>>>>>> Login function is now working with the following settings but
>>>>>>> X-Cache shows MISS instead of HIT.
>>>>>>>
>>>>>>>
>>>>>>> *#THE RECV FUNCTION*
>>>>>>> *# ##########################################################*
>>>>>>> *sub vcl_recv { *
>>>>>>> * if( req.http.Cookie ~ "xf_(session|user)") {*
>>>>>>> * return (pass);*
>>>>>>> * }*
>>>>>>>
>>>>>>>
>>>>>>> *# FETCH FUNCTION*
>>>>>>> *# ##########################################################*
>>>>>>> *sub vcl_backend_response { *
>>>>>>>
>>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC *
>>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT*
>>>>>>> * # TO DO THIS*
>>>>>>> * # ##########################################################*
>>>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>>>>
>>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF *
>>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>>> * # ##########################################################*
>>>>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") *
>>>>>>> *{ set beresp.uncacheable = true;*
>>>>>>> * set beresp.ttl = 1w;*
>>>>>>> * return (deliver);*
>>>>>>> * }*
>>>>>>>
>>>>>>> * if (beresp.ttl <= 0s ||*
>>>>>>> * beresp.http.Set-Cookie ||*
>>>>>>> * beresp.http.Vary == "*") {*
>>>>>>> * set beresp.ttl = 120 s;*
>>>>>>> * # set beresp.ttl = 120s;*
>>>>>>> * set beresp.uncacheable = true;*
>>>>>>> * return (deliver);*
>>>>>>> * }*
>>>>>>>
>>>>>>> * return (deliver);*
>>>>>>> *}*
>>>>>>>
>>>>>>> *# DELIVER FUNCTION*
>>>>>>> *# ##########################################################*
>>>>>>> *sub vcl_deliver {*
>>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT *
>>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>>> * # ##########################################################*
>>>>>>> * if (obj.hits > 0) {*
>>>>>>> * set resp.http.X-Cache = "HIT";*
>>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>>> * # ##########################################################*
>>>>>>> * } else {*
>>>>>>> * set resp.http.X-Cache = "MISS";*
>>>>>>> * }*
>>>>>>> *}*
>>>>>>>
>>>>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>>>>
>>>>>>>> I agree that the order of execution may be getting you here. If you
>>>>>>>> need the WordPress rules then you may need to put additional logic to
>>>>>>>> ensure non-wordpress applications are not negatively affected.
>>>>>>>>
>>>>>>>> What happens if you change the order of these two blocks? Put your
>>>>>>>> Set-Cookie check block before the wp-login check.
>>>>>>>>
>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>>>>>>>> > # ##########################################################
>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~
>>>>>>>> "wordpress_logged_in" ) {
>>>>>>>> > unset beresp.http.set-cookie;
>>>>>>>> > set beresp.ttl = 52w;
>>>>>>>> > # set beresp.grace =1w;
>>>>>>>> > }
>>>>>>>> >
>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>>>>>> > set beresp.uncacheable = true;
>>>>>>>> > set beresp.ttl = 1w;
>>>>>>>> > return (deliver);
>>>>>>>> > }
>>>>>>>>
>>>>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei <lagged at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not
>>>>>>>>> the first thing to run as you pasted earlier. Also, looking a bit closer,
>>>>>>>>> your issue the fact that you unset the cookie in vcl_backend_response if
>>>>>>>>> it's not wordpress related. Again, you should really audit your entire VCL,
>>>>>>>>> and remove unneeded stuff, like all the WordPress related rules if you're
>>>>>>>>> not using it.
>>>>>>>>>
>>>>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz <
>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> Log message:
>>>>>>>>>>
>>>>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS"
>>>>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip"
>>>>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18
>>>>>>>>>> GMT
>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>>>>>>>>> - VCL_call RECV
>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>>>>>>>> est_cookie=WP+Cookie+check
>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>>>>>>>> est_cookie=WP+Cookie+check
>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>>>>>>>> est_cookie=WP+Cookie+check
>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232,
>>>>>>>>>> 95.5.187.232
>>>>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch
>>>>>>>>>> - ReqHeader Accept-Encoding: gzip
>>>>>>>>>> - VCL_Log PPPAASS
>>>>>>>>>> - VCL_return pass
>>>>>>>>>> - VCL_call HASH
>>>>>>>>>> - VCL_return lookup
>>>>>>>>>> - VCL_call PASS
>>>>>>>>>> - VCL_return fetch
>>>>>>>>>> - Link bereq 524435 pass
>>>>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758
>>>>>>>>>> - RespProtocol HTTP/1.1
>>>>>>>>>> - RespStatus 200
>>>>>>>>>> - RespReason OK
>>>>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT
>>>>>>>>>> - RespHeader Server: Apache/2
>>>>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT
>>>>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip"
>>>>>>>>>> - RespHeader Accept-Ranges: bytes
>>>>>>>>>> --
>>>>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51
>>>>>>>>>> GMT
>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232
>>>>>>>>>> - VCL_call RECV
>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232
>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232
>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232
>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla
>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session=
>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>>>>>>>> est_cookie=WP+Cookie+check
>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29;
>>>>>>>>>> pps_times_showed_100=1;
>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t
>>>>>>>>>> est_cookie=WP+Cookie+check
>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73;
>>>>>>>>>> pps_show_100=Th
>>>>>>>>>>
>>>>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <rlane at ahbelo.com>:
>>>>>>>>>>
>>>>>>>>>>> I assume you reloaded/restarted Varnish after these changes were
>>>>>>>>>>> made. If so, can you verify that you do have the cookies set on the request?
>>>>>>>>>>>
>>>>>>>>>>> maybe add this log message right before returning
>>>>>>>>>>>
>>>>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> std.log( "PPPAASS Cookie set for forum");
>>>>>>>>>>> return (pass);
>>>>>>>>>>>
>>>>>>>>>>> }
>>>>>>>>>>>
>>>>>>>>>>> Then you can use varnishlog command (below) to verify cookie is
>>>>>>>>>>> found
>>>>>>>>>>>
>>>>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS"
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Cheers,
>>>>>>>>>>> Richard
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <
>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>>>>>>>> >
>>>>>>>>>>> > First of all, thank you. However the problem continues. Can
>>>>>>>>>>> you examine the codes?
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS
>>>>>>>>>>> > * *********************************************************/
>>>>>>>>>>> > vcl 4.0;
>>>>>>>>>>> > import std;
>>>>>>>>>>> >
>>>>>>>>>>> > backend default {
>>>>>>>>>>> > .host = "*******";
>>>>>>>>>>> > .port = "8080";
>>>>>>>>>>> > .connect_timeout = 600s;
>>>>>>>>>>> > .first_byte_timeout = 600s;
>>>>>>>>>>> > .between_bytes_timeout = 600s;
>>>>>>>>>>> > .max_connections = 800;
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > acl purge {
>>>>>>>>>>> > "localhost";
>>>>>>>>>>> > "127.0.0.1";
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > #THE RECV FUNCTION
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > sub vcl_recv {
>>>>>>>>>>> >
>>>>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> > return (pass);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for
>>>>>>>>>>> various checks
>>>>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>>>>>>>>> "[, ].*$", "");
>>>>>>>>>>> >
>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST
>>>>>>>>>>> > if (req.restarts == 0) {
>>>>>>>>>>> > if (req.http.x-forwarded-for) {
>>>>>>>>>>> > set req.http.X-Forwarded-For =
>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>>>>>>>>> > } else {
>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip;
>>>>>>>>>>> > }
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # Purge request check sections for hash_always_miss, purge
>>>>>>>>>>> and ban
>>>>>>>>>>> > # BLOCK IF NOT IP is not in purge acl
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> >
>>>>>>>>>>> > # Enable smart refreshing using hash_always_miss
>>>>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") {
>>>>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>>>>>>> "1.2.3.4") ~ purge) {
>>>>>>>>>>> > set req.hash_always_miss = true;
>>>>>>>>>>> > }
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > if (req.method == "PURGE") {
>>>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP,
>>>>>>>>>>> "1.2.3.4") ~ purge) {
>>>>>>>>>>> > return(synth(405,"Not allowed."));
>>>>>>>>>>> > }
>>>>>>>>>>> > return (purge);
>>>>>>>>>>> >
>>>>>>>>>>> > }
>>>>>>>>>>> > if (req.method == "BAN") {
>>>>>>>>>>> > # Same ACL check as above:
>>>>>>>>>>> > if (!client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {
>>>>>>>>>>> > return(synth(403, "Not allowed."));
>>>>>>>>>>> > }
>>>>>>>>>>> > ban("req.http.host == " + req.http.host +
>>>>>>>>>>> > " && req.url == " + req.url);
>>>>>>>>>>> >
>>>>>>>>>>> > # Throw a synthetic page so the
>>>>>>>>>>> > # request won't go to the backend.
>>>>>>>>>>> > return(synth(200, "Ban added"));
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > # Unset cloudflare cookies
>>>>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies.
>>>>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
>>>>>>>>>>> > # Remove a ";" prefix, if present.
>>>>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*",
>>>>>>>>>>> "");
>>>>>>>>>>> >
>>>>>>>>>>> > # For Testing: If you want to test with Varnish passing (not
>>>>>>>>>>> caching) uncomment
>>>>>>>>>>> > # return( pass );
>>>>>>>>>>> >
>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST
>>>>>>>>>>> > if (req.restarts == 0) {
>>>>>>>>>>> > if (req.http.x-forwarded-for) {
>>>>>>>>>>> > set req.http.X-Forwarded-For =
>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip;
>>>>>>>>>>> > } else {
>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip;
>>>>>>>>>>> > }
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # DO NOT CACHE RSS FEED
>>>>>>>>>>> > if (req.url ~ "/feed(/)?") {
>>>>>>>>>>> > return ( pass );
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > ## Do not cache search results, comment these 3 lines if you
>>>>>>>>>>> do want to cache them
>>>>>>>>>>> >
>>>>>>>>>>> > if (req.url ~ "/\?s\=") {
>>>>>>>>>>> > return ( pass );
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # CLEAN UP THE ENCODING HEADER.
>>>>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>>>>>>>> ACCEPT-ENCODING
>>>>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
>>>>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (req.http.Accept-Encoding) {
>>>>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
>>>>>>>>>>> > # No point in compressing these
>>>>>>>>>>> > unset req.http.Accept-Encoding;
>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") {
>>>>>>>>>>> > set req.http.Accept-Encoding = "gzip";
>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") {
>>>>>>>>>>> > set req.http.Accept-Encoding = "deflate";
>>>>>>>>>>> > } else {
>>>>>>>>>>> > # unknown algorithm
>>>>>>>>>>> > unset req.http.Accept-Encoding;
>>>>>>>>>>> > }
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (req.method != "GET" &&
>>>>>>>>>>> > req.method != "HEAD" &&
>>>>>>>>>>> > req.method != "PUT" &&
>>>>>>>>>>> > req.method != "POST" &&
>>>>>>>>>>> > req.method != "TRACE" &&
>>>>>>>>>>> > req.method != "OPTIONS" &&
>>>>>>>>>>> > req.method != "DELETE") {
>>>>>>>>>>> > return (pipe);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") {
>>>>>>>>>>> > return (pass);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN
>>>>>>>>>>> FETCH TOO, EITHER
>>>>>>>>>>> > # COMMENT OR UNCOMMENT BOTH
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) {
>>>>>>>>>>> > return( pass );
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
>>>>>>>>>>> > # THEN UNSET THE COOKIES
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (!(req.url ~ "wp-(login|admin)")
>>>>>>>>>>> > && !(req.url ~ "&preview=true" )
>>>>>>>>>>> > ){
>>>>>>>>>>> > unset req.http.cookie;
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (req.http.Authorization || req.http.Cookie) {
>>>>>>>>>>> > return (pass);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > return (hash);
>>>>>>>>>>> > # This is for phpmyadmin
>>>>>>>>>>> > if (req.http.Host == "ki1.org") {
>>>>>>>>>>> > return (pass);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > if (req.http.Host == "mysql.ki1.org") {
>>>>>>>>>>> > return (pass);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # HIT FUNCTION
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > sub vcl_hit {
>>>>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (req.method == "PURGE") {
>>>>>>>>>>> > #
>>>>>>>>>>> > # This is now handled in vcl_recv.
>>>>>>>>>>> > #
>>>>>>>>>>> > # purge;
>>>>>>>>>>> > return (synth(200, "Purged."));
>>>>>>>>>>> > }
>>>>>>>>>>> > return (deliver);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # MISS FUNCTION
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > sub vcl_miss {
>>>>>>>>>>> > if (req.method == "PURGE") {
>>>>>>>>>>> > #
>>>>>>>>>>> > # This is now handled in vcl_recv.
>>>>>>>>>>> > #
>>>>>>>>>>> > # purge;
>>>>>>>>>>> > return (synth(200, "Purged."));
>>>>>>>>>>> > }
>>>>>>>>>>> > return (fetch);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # FETCH FUNCTION
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > sub vcl_backend_response {
>>>>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
>>>>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
>>>>>>>>>>> > # TO DO THIS
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > set beresp.http.Vary = "Accept-Encoding";
>>>>>>>>>>> >
>>>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
>>>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL)
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie
>>>>>>>>>>> ~ "wordpress_logged_in" ) {
>>>>>>>>>>> > unset beresp.http.set-cookie;
>>>>>>>>>>> > set beresp.ttl = 52w;
>>>>>>>>>>> > # set beresp.grace =1w;
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> > set beresp.uncacheable = true;
>>>>>>>>>>> > set beresp.ttl = 1w;
>>>>>>>>>>> > return (deliver);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > if (beresp.ttl <= 0s ||
>>>>>>>>>>> > beresp.http.Set-Cookie ||
>>>>>>>>>>> > beresp.http.Vary == "*") {
>>>>>>>>>>> > set beresp.ttl = 120 s;
>>>>>>>>>>> > # set beresp.ttl = 120s;
>>>>>>>>>>> > set beresp.uncacheable = true;
>>>>>>>>>>> > return (deliver);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > return (deliver);
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> > # DELIVER FUNCTION
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > sub vcl_deliver {
>>>>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
>>>>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING)
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > if (obj.hits > 0) {
>>>>>>>>>>> > set resp.http.X-Cache = "HIT";
>>>>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER
>>>>>>>>>>> > # ##########################################################
>>>>>>>>>>> > } else {
>>>>>>>>>>> > set resp.http.X-Cache = "MISS";
>>>>>>>>>>> > }
>>>>>>>>>>> > }
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> >
>>>>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei <lagged at gmail.com>:
>>>>>>>>>>> >>
>>>>>>>>>>> >> correction:
>>>>>>>>>>> >>
>>>>>>>>>>> >> sub vcl_recv {
>>>>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> >> return (pass);
>>>>>>>>>>> >> }
>>>>>>>>>>> >> }
>>>>>>>>>>> >>
>>>>>>>>>>> >> sub vcl_backend_response {
>>>>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> >> set beresp.uncacheable = true;
>>>>>>>>>>> >> set beresp.ttl = 1w;
>>>>>>>>>>> >> return (deliver);
>>>>>>>>>>> >> }
>>>>>>>>>>> >> }
>>>>>>>>>>> >>
>>>>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <lagged at gmail.com>
>>>>>>>>>>> wrote:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Hello,
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> Aside from the provided VCL being for WordPress, while
>>>>>>>>>>> you're running XenForo, the xf_ cookies are being dropped by your config. A
>>>>>>>>>>> quick fix is:
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> sub vcl_recv {
>>>>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> >>> return (pass);
>>>>>>>>>>> >>> }
>>>>>>>>>>> >>> }
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> sub vcl_backend_response {
>>>>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") {
>>>>>>>>>>> >>> set beresp.uncacheable = true;
>>>>>>>>>>> >>> set beresp.ttl = 1w;
>>>>>>>>>>> >>> return (deliver);
>>>>>>>>>>> >>> }
>>>>>>>>>>> >>> }
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> However, I suggest auditing your VCL, and only including
>>>>>>>>>>> rules specific to the application(s) which you are running.
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz <
>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote:
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> Users can't login or register to domain.com/forum with the
>>>>>>>>>>> current settings. So we need to make a change related to xf_user and
>>>>>>>>>>> xf_session but how?
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <rlane at ahbelo.com
>>>>>>>>>>> >:
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>> If you want Varnish to ignore request for a path you need
>>>>>>>>>>> to tell it to pass. In your example you have a rule for the RSS feed. You
>>>>>>>>>>> can do the same for /forum/ in your vcl_recv block.
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED*
>>>>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {*
>>>>>>>>>>> >>>>> * return ( pass ); *
>>>>>>>>>>> >>>>> *}*
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>> *# DO NOT CACHE FORUM*
>>>>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") {
>>>>>>>>>>> >>>>> return ( pass );
>>>>>>>>>>> >>>>> }
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>> Cheers,
>>>>>>>>>>> >>>>> Richard
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Message: 1
>>>>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300
>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>>>>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>>>>>>> >>>>>> Subject: XenForo default.vcl settings
>>>>>>>>>>> >>>>>> Message-ID:
>>>>>>>>>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe
>>>>>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com>
>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Hi,
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl
>>>>>>>>>>> settings for XenForo
>>>>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment.
>>>>>>>>>>> My current
>>>>>>>>>>> >>>>>> Default.vcl settings are as follows.
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Forum address: domain.com/forum
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>>>>>>> >>>>>> * * ******************************
>>>>>>>>>>> ***************************/*
>>>>>>>>>>> >>>>>> *vcl 4.0;*
>>>>>>>>>>> >>>>>> *import std;*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *backend default {*
>>>>>>>>>>> >>>>>> * .host = "*******";*
>>>>>>>>>>> >>>>>> * .port = "8080";*
>>>>>>>>>>> >>>>>> * .connect_timeout = 600s;*
>>>>>>>>>>> >>>>>> * .first_byte_timeout = 600s;*
>>>>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;*
>>>>>>>>>>> >>>>>> * .max_connections = 800;*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *acl purge {*
>>>>>>>>>>> >>>>>> * "localhost";*
>>>>>>>>>>> >>>>>> * "127.0.0.1";*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *#THE RECV FUNCTION*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *sub vcl_recv {*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be
>>>>>>>>>>> used for various
>>>>>>>>>>> >>>>>> checks*
>>>>>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For,
>>>>>>>>>>> "[, ].*$",
>>>>>>>>>>> >>>>>> ""); *
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {*
>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>>>>>>> >>>>>> * } else {*
>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss,
>>>>>>>>>>> purge and ban*
>>>>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss*
>>>>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>>>>>>> >>>>>> * if (client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>>>>>>>>>>> >>>>>> purge) {*
>>>>>>>>>>> >>>>>> * set req.hash_always_miss = true;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>>>>>>>>>>> >>>>>> purge) {*
>>>>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * return (purge);*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> *if (req.method == "BAN") {*
>>>>>>>>>>> >>>>>> * # Same ACL check as above:*
>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4")
>>>>>>>>>>> >>>>>> ~ purge) {*
>>>>>>>>>>> >>>>>> * return(synth(403, "Not
>>>>>>>>>>> allowed."));*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +*
>>>>>>>>>>> >>>>>> * " && req.url == " + req.url);*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # Throw a synthetic page so the*
>>>>>>>>>>> >>>>>> * # request won't go to the backend.*
>>>>>>>>>>> >>>>>> * return(synth(200, "Ban added"));*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# Unset cloudflare cookies*
>>>>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __*
>>>>>>>>>>> cookies.*
>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.*
>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie,
>>>>>>>>>>> "^;\s*", "");*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish
>>>>>>>>>>> passing (not caching)
>>>>>>>>>>> >>>>>> uncomment*
>>>>>>>>>>> >>>>>> * # return( pass );*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST*
>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {*
>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {*
>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =*
>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>>>>>>> >>>>>> * } else {*
>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED*
>>>>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {*
>>>>>>>>>>> >>>>>> * return ( pass ); *
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if
>>>>>>>>>>> you do want to
>>>>>>>>>>> >>>>>> cache them*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {*
>>>>>>>>>>> >>>>>> * return ( pass ); *
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.*
>>>>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY
>>>>>>>>>>> ACCEPT-ENCODING*
>>>>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO,
>>>>>>>>>>> ETC.*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {*
>>>>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>>>>>>>>>> {*
>>>>>>>>>>> >>>>>> * # No point in compressing these*
>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";*
>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";*
>>>>>>>>>>> >>>>>> * } else {*
>>>>>>>>>>> >>>>>> * # unknown algorithm*
>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (req.method != "GET" &&*
>>>>>>>>>>> >>>>>> * req.method != "HEAD" &&*
>>>>>>>>>>> >>>>>> * req.method != "PUT" && *
>>>>>>>>>>> >>>>>> * req.method != "POST" &&*
>>>>>>>>>>> >>>>>> * req.method != "TRACE" &&*
>>>>>>>>>>> >>>>>> * req.method != "OPTIONS" &&*
>>>>>>>>>>> >>>>>> * req.method != "DELETE") {*
>>>>>>>>>>> >>>>>> * return (pipe);*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>>>>>>> >>>>>> * return (pass);*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS
>>>>>>>>>>> IN FETCH TOO,
>>>>>>>>>>> >>>>>> EITHER*
>>>>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>>>>>>> >>>>>> * return( pass );*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR
>>>>>>>>>>> WP-LOGIN*
>>>>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") *
>>>>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) *
>>>>>>>>>>> >>>>>> * ){*
>>>>>>>>>>> >>>>>> * unset req.http.cookie;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {*
>>>>>>>>>>> >>>>>> * return (pass);*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * return (hash);*
>>>>>>>>>>> >>>>>> * # This is for phpmyadmin*
>>>>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>>>>>>> >>>>>> *return (pass);*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <
>>>>>>>>>>> http://mysql.ki1.org>") {*
>>>>>>>>>>> >>>>>> *return (pass);*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# HIT FUNCTION*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *sub vcl_hit {*
>>>>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> * #*
>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>>>>>>>>> >>>>>> * #*
>>>>>>>>>>> >>>>>> * # purge;*
>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * return (deliver);*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# MISS FUNCTION*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *sub vcl_miss {*
>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> * #*
>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.*
>>>>>>>>>>> >>>>>> * #*
>>>>>>>>>>> >>>>>> * # purge;*
>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> * return (fetch);*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# FETCH FUNCTION*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *sub vcl_backend_response {*
>>>>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES
>>>>>>>>>>> W3TC *
>>>>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT
>>>>>>>>>>> WANT*
>>>>>>>>>>> >>>>>> * # TO DO THIS*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE
>>>>>>>>>>> AMOUNT OF *
>>>>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") &&
>>>>>>>>>>> !bereq.http.cookie ~
>>>>>>>>>>> >>>>>> "wordpress_logged_in" ) {*
>>>>>>>>>>> >>>>>> * unset beresp.http.set-cookie;*
>>>>>>>>>>> >>>>>> * set beresp.ttl = 52w;*
>>>>>>>>>>> >>>>>> *# set beresp.grace =1w;*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||*
>>>>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||*
>>>>>>>>>>> >>>>>> * beresp.http.Vary == "*") {*
>>>>>>>>>>> >>>>>> * set beresp.ttl = 120 s;*
>>>>>>>>>>> >>>>>> * # set beresp.ttl = 120s;*
>>>>>>>>>>> >>>>>> * set beresp.uncacheable = true;*
>>>>>>>>>>> >>>>>> * return (deliver);*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> * return (deliver);*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> *# DELIVER FUNCTION*
>>>>>>>>>>> >>>>>> *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> *sub vcl_deliver {*
>>>>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT'
>>>>>>>>>>> TEXT *
>>>>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * if (obj.hits > 0) {*
>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";*
>>>>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>>>>>>> >>>>>> * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> * } else {*
>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";*
>>>>>>>>>>> >>>>>> * }*
>>>>>>>>>>> >>>>>> *}*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Thanks,
>>>>>>>>>>> >>>>>> -------------- next part --------------
>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed...
>>>>>>>>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/
>>>>>>>>>>> attachment-0001.html>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> ------------------------------
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Message: 2
>>>>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300
>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz <ayberk.kimsesiz at gmail.com>
>>>>>>>>>>> >>>>>> To: varnish-misc <varnish-misc at varnish-cache.org>
>>>>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings
>>>>>>>>>>> >>>>>> Message-ID:
>>>>>>>>>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5
>>>>>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com>
>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8"
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo.
>>>>>>>>>>> However, solutions
>>>>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you
>>>>>>>>>>> please help?
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> xf_session_admin
>>>>>>>>>>> >>>>>> xf_user
>>>>>>>>>>> >>>>>> xf_session
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work
>>>>>>>>>>> in *domain.com/forum
>>>>>>>>>>> >>>>>> <http://domain.com/forum>*
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <
>>>>>>>>>>> ayberk.kimsesiz at gmail.com>:
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> > Hi,
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl
>>>>>>>>>>> settings for XenForo
>>>>>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment.
>>>>>>>>>>> My current
>>>>>>>>>>> >>>>>> > Default.vcl settings are as follows.
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > Forum address: domain.com/forum
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS*
>>>>>>>>>>> >>>>>> > * * ******************************
>>>>>>>>>>> ***************************/*
>>>>>>>>>>> >>>>>> > *vcl 4.0;*
>>>>>>>>>>> >>>>>> > *import std;*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *backend default {*
>>>>>>>>>>> >>>>>> > * .host = "*******";*
>>>>>>>>>>> >>>>>> > * .port = "8080";*
>>>>>>>>>>> >>>>>> > * .connect_timeout = 600s;*
>>>>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;*
>>>>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;*
>>>>>>>>>>> >>>>>> > * .max_connections = 800;*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *acl purge {*
>>>>>>>>>>> >>>>>> > * "localhost";*
>>>>>>>>>>> >>>>>> > * "127.0.0.1";*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *#THE RECV FUNCTION*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *sub vcl_recv {*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be
>>>>>>>>>>> used for various
>>>>>>>>>>> >>>>>> > checks*
>>>>>>>>>>> >>>>>> > *set req.http.X-Actual-IP =
>>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$",
>>>>>>>>>>> >>>>>> > ""); *
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {*
>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>>>>>>> >>>>>> > * } else {*
>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss,
>>>>>>>>>>> purge and ban*
>>>>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss*
>>>>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {*
>>>>>>>>>>> >>>>>> > * if (client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>>>>>>>>>>> >>>>>> > purge) {*
>>>>>>>>>>> >>>>>> > * set req.hash_always_miss = true;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~
>>>>>>>>>>> >>>>>> > purge) {*
>>>>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * return (purge);*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > *if (req.method == "BAN") {*
>>>>>>>>>>> >>>>>> > * # Same ACL check as above:*
>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge ||
>>>>>>>>>>> !std.ip(req.http.X-Actual-IP,
>>>>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {*
>>>>>>>>>>> >>>>>> > * return(synth(403, "Not
>>>>>>>>>>> allowed."));*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +*
>>>>>>>>>>> >>>>>> > * " && req.url == " + req.url);*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # Throw a synthetic page so the*
>>>>>>>>>>> >>>>>> > * # request won't go to the backend.*
>>>>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# Unset cloudflare cookies*
>>>>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __*
>>>>>>>>>>> cookies.*
>>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie,
>>>>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");*
>>>>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.*
>>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie,
>>>>>>>>>>> "^;\s*", "");*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish
>>>>>>>>>>> passing (not caching)
>>>>>>>>>>> >>>>>> > uncomment*
>>>>>>>>>>> >>>>>> > * # return( pass );*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST*
>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {*
>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {*
>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =*
>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;*
>>>>>>>>>>> >>>>>> > * } else {*
>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED*
>>>>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {*
>>>>>>>>>>> >>>>>> > * return ( pass ); *
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines
>>>>>>>>>>> if you do want to
>>>>>>>>>>> >>>>>> > cache them*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {*
>>>>>>>>>>> >>>>>> > * return ( pass ); *
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.*
>>>>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH
>>>>>>>>>>> VARY ACCEPT-ENCODING*
>>>>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH*
>>>>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES,
>>>>>>>>>>> AUDIO, ETC.*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {*
>>>>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$")
>>>>>>>>>>> {*
>>>>>>>>>>> >>>>>> > * # No point in compressing these*
>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {*
>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";*
>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {*
>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";*
>>>>>>>>>>> >>>>>> > * } else {*
>>>>>>>>>>> >>>>>> > * # unknown algorithm*
>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (req.method != "GET" &&*
>>>>>>>>>>> >>>>>> > * req.method != "HEAD" &&*
>>>>>>>>>>> >>>>>> > * req.method != "PUT" && *
>>>>>>>>>>> >>>>>> > * req.method != "POST" &&*
>>>>>>>>>>> >>>>>> > * req.method != "TRACE" &&*
>>>>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&*
>>>>>>>>>>> >>>>>> > * req.method != "DELETE") {*
>>>>>>>>>>> >>>>>> > * return (pipe);*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {*
>>>>>>>>>>> >>>>>> > * return (pass);*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS
>>>>>>>>>>> OCCURS IN FETCH TOO,
>>>>>>>>>>> >>>>>> > EITHER*
>>>>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {*
>>>>>>>>>>> >>>>>> > * return( pass );*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR
>>>>>>>>>>> WP-LOGIN*
>>>>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") *
>>>>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) *
>>>>>>>>>>> >>>>>> > * ){*
>>>>>>>>>>> >>>>>> > * unset req.http.cookie;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {*
>>>>>>>>>>> >>>>>> > * return (pass);*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * return (hash);*
>>>>>>>>>>> >>>>>> > * # This is for phpmyadmin*
>>>>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {*
>>>>>>>>>>> >>>>>> > *return (pass);*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <
>>>>>>>>>>> http://mysql.ki1.org>") {*
>>>>>>>>>>> >>>>>> > *return (pass);*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# HIT FUNCTION*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *sub vcl_hit {*
>>>>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> > * #*
>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>>>>>>>>> >>>>>> > * #*
>>>>>>>>>>> >>>>>> > * # purge;*
>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * return (deliver);*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# MISS FUNCTION*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *sub vcl_miss {*
>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {*
>>>>>>>>>>> >>>>>> > * #*
>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.*
>>>>>>>>>>> >>>>>> > * #*
>>>>>>>>>>> >>>>>> > * # purge;*
>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > * return (fetch);*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# FETCH FUNCTION*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *sub vcl_backend_response {*
>>>>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES
>>>>>>>>>>> W3TC *
>>>>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY
>>>>>>>>>>> NOT WANT*
>>>>>>>>>>> >>>>>> > * # TO DO THIS*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE
>>>>>>>>>>> AMOUNT OF *
>>>>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") &&
>>>>>>>>>>> !bereq.http.cookie ~
>>>>>>>>>>> >>>>>> > "wordpress_logged_in" ) {*
>>>>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;*
>>>>>>>>>>> >>>>>> > * set beresp.ttl = 52w;*
>>>>>>>>>>> >>>>>> > *# set beresp.grace =1w;*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||*
>>>>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||*
>>>>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {*
>>>>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;*
>>>>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;*
>>>>>>>>>>> >>>>>> > * set beresp.uncacheable = true;*
>>>>>>>>>>> >>>>>> > * return (deliver);*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > * return (deliver);*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > *# DELIVER FUNCTION*
>>>>>>>>>>> >>>>>> > *# ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > *sub vcl_deliver {*
>>>>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT'
>>>>>>>>>>> TEXT *
>>>>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * if (obj.hits > 0) {*
>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";*
>>>>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER*
>>>>>>>>>>> >>>>>> > * # ##############################
>>>>>>>>>>> ############################*
>>>>>>>>>>> >>>>>> > * } else {*
>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";*
>>>>>>>>>>> >>>>>> > * }*
>>>>>>>>>>> >>>>>> > *}*
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> > Thanks,
>>>>>>>>>>> >>>>>> >
>>>>>>>>>>> >>>>>> -------------- next part --------------
>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed...
>>>>>>>>>>> >>>>>> URL: <https://www.varnish-cache.org
>>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/
>>>>>>>>>>> attachment.html>
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> ------------------------------
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> _______________________________________________
>>>>>>>>>>> >>>>>> varnish-misc mailing list
>>>>>>>>>>> >>>>>> varnish-misc at varnish-cache.org
>>>>>>>>>>> >>>>>> https://www.varnish-cache.org/
>>>>>>>>>>> lists/mailman/listinfo/varnish-misc
>>>>>>>>>>> >>>>>>
>>>>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14
>>>>>>>>>>> >>>>>> *********************************************
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>>
>>>>>>>>>>> >>>>> _______________________________________________
>>>>>>>>>>> >>>>> varnish-misc mailing list
>>>>>>>>>>> >>>>> varnish-misc at varnish-cache.org
>>>>>>>>>>> >>>>> https://www.varnish-cache.org/
>>>>>>>>>>> lists/mailman/listinfo/varnish-misc
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>>
>>>>>>>>>>> >>>> _______________________________________________
>>>>>>>>>>> >>>> varnish-misc mailing list
>>>>>>>>>>> >>>> varnish-misc at varnish-cache.org
>>>>>>>>>>> >>>> https://www.varnish-cache.org/
>>>>>>>>>>> lists/mailman/listinfo/varnish-misc
>>>>>>>>>>> >>>
>>>>>>>>>>> >>>
>>>>>>>>>>> >>
>>>>>>>>>>> >
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160805/c926d12b/attachment-0001.html>
More information about the varnish-misc
mailing list