Users can't login or register to domain.com/forum with the current settings. So we need to make a change related to *xf_user *and *xf_session* but how?
2016-08-04 15:26 GMT+03:00 Lane, Richard <[email protected]>: > If you want Varnish to ignore request for a path you need to tell it to > pass. In your example you have a rule for the RSS feed. You can do the same > for /forum/ in your vcl_recv block. > > *# DO NOT CACHE RSS FEED* > * if (req.url ~ "/feed(/)?") {* > * return ( pass ); * > *}* > > *# DO NOT CACHE FORUM* > if (req.url ~ "/forum(/)?") { > return ( pass ); > } > > Cheers, > Richard > > >> >> Message: 1 >> Date: Wed, 3 Aug 2016 23:34:40 +0300 >> From: Ayberk Kimsesiz <[email protected]> >> To: varnish-misc <[email protected]> >> Subject: XenForo default.vcl settings >> Message-ID: >> <CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q@mail. >> gmail.com> >> Content-Type: text/plain; charset="utf-8" >> >> Hi, >> >> Could you please share the appropriate Default.vcl settings for XenForo >> Forums? No one can register to the forum at the moment. My current >> Default.vcl settings are as follows. >> >> Forum address: domain.com/forum >> >> */* SET THE HOST AND PORT OF WORDPRESS* >> * * *********************************************************/* >> *vcl 4.0;* >> *import std;* >> >> *backend default {* >> * .host = "*******";* >> * .port = "8080";* >> * .connect_timeout = 600s;* >> * .first_byte_timeout = 600s;* >> * .between_bytes_timeout = 600s;* >> * .max_connections = 800;* >> *}* >> >> *# SET THE ALLOWED IP OF PURGE REQUESTS* >> *# ##########################################################* >> *acl purge {* >> * "localhost";* >> * "127.0.0.1";* >> *}* >> >> *#THE RECV FUNCTION* >> *# ##########################################################* >> *sub vcl_recv {* >> >> *# set realIP by trimming CloudFlare IP which will be used for various >> checks* >> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> ""); * >> >> * # FORWARD THE IP OF THE REQUEST* >> * if (req.restarts == 0) {* >> * if (req.http.x-forwarded-for) {* >> * set req.http.X-Forwarded-For =* >> * req.http.X-Forwarded-For + ", " + client.ip;* >> * } else {* >> * set req.http.X-Forwarded-For = client.ip;* >> * }* >> * }* >> >> * # Purge request check sections for hash_always_miss, purge and ban* >> * # BLOCK IF NOT IP is not in purge acl* >> * # ##########################################################* >> >> * # Enable smart refreshing using hash_always_miss* >> *if (req.http.Cache-Control ~ "no-cache") {* >> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> * set req.hash_always_miss = true;* >> * }* >> *}* >> >> *if (req.method == "PURGE") {* >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> * return(synth(405,"Not allowed."));* >> * }* >> * return (purge);* >> >> * }* >> *if (req.method == "BAN") {* >> * # Same ACL check as above:* >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") >> ~ purge) {* >> * return(synth(403, "Not allowed."));* >> * }* >> * ban("req.http.host == " + req.http.host +* >> * " && req.url == " + req.url);* >> >> * # Throw a synthetic page so the* >> * # request won't go to the backend.* >> * return(synth(200, "Ban added"));* >> *}* >> >> >> *# Unset cloudflare cookies* >> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> * set req.http.Cookie = regsuball(req.http.Cookie, >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> * # Remove a ";" prefix, if present.* >> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> >> * # For Testing: If you want to test with Varnish passing (not caching) >> uncomment* >> * # return( pass );* >> >> * # FORWARD THE IP OF THE REQUEST* >> * if (req.restarts == 0) {* >> * if (req.http.x-forwarded-for) {* >> * set req.http.X-Forwarded-For =* >> * req.http.X-Forwarded-For + ", " + client.ip;* >> * } else {* >> * set req.http.X-Forwarded-For = client.ip;* >> * }* >> * }* >> >> *# DO NOT CACHE RSS FEED* >> * if (req.url ~ "/feed(/)?") {* >> * return ( pass ); * >> *}* >> >> *## Do not cache search results, comment these 3 lines if you do want to >> cache them* >> >> *if (req.url ~ "/\?s\=") {* >> * return ( pass ); * >> *}* >> >> *# CLEAN UP THE ENCODING HEADER.* >> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* >> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> * # ##########################################################* >> * if (req.http.Accept-Encoding) {* >> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> * # No point in compressing these* >> * unset req.http.Accept-Encoding;* >> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> * set req.http.Accept-Encoding = "gzip";* >> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> * set req.http.Accept-Encoding = "deflate";* >> * } else {* >> * # unknown algorithm* >> * unset req.http.Accept-Encoding;* >> * }* >> * }* >> >> * # PIPE ALL NON-STANDARD REQUESTS* >> * # ##########################################################* >> * if (req.method != "GET" &&* >> * req.method != "HEAD" &&* >> * req.method != "PUT" && * >> * req.method != "POST" &&* >> * req.method != "TRACE" &&* >> * req.method != "OPTIONS" &&* >> * req.method != "DELETE") {* >> * return (pipe);* >> * }* >> >> * # ONLY CACHE GET AND HEAD REQUESTS* >> * # ##########################################################* >> * if (req.method != "GET" && req.method != "HEAD") {* >> * return (pass);* >> * }* >> >> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> EITHER* >> * # COMMENT OR UNCOMMENT BOTH* >> * # ##########################################################* >> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> * return( pass );* >> * }* >> >> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> * # THEN UNSET THE COOKIES* >> * # ##########################################################* >> * if (!(req.url ~ "wp-(login|admin)") * >> * && !(req.url ~ "&preview=true" ) * >> * ){* >> * unset req.http.cookie;* >> * }* >> >> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> * # ##########################################################* >> * if (req.http.Authorization || req.http.Cookie) {* >> * return (pass);* >> * }* >> >> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> * # ##########################################################* >> * return (hash);* >> * # This is for phpmyadmin* >> *if (req.http.Host == "ki1.org <http://ki1.org>") {* >> *return (pass);* >> *}* >> >> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {* >> *return (pass);* >> *}* >> >> *}* >> >> *# HIT FUNCTION* >> *# ##########################################################* >> *sub vcl_hit {* >> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> * # ##########################################################* >> * if (req.method == "PURGE") {* >> * #* >> * # This is now handled in vcl_recv.* >> * #* >> * # purge;* >> * return (synth(200, "Purged."));* >> * }* >> * return (deliver);* >> *}* >> >> *# MISS FUNCTION* >> *# ##########################################################* >> *sub vcl_miss {* >> * if (req.method == "PURGE") {* >> * #* >> * # This is now handled in vcl_recv.* >> * #* >> * # purge;* >> * return (synth(200, "Purged."));* >> * }* >> * return (fetch);* >> *}* >> >> *# FETCH FUNCTION* >> *# ##########################################################* >> *sub vcl_backend_response {* >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> * # TO DO THIS* >> * # ##########################################################* >> * set beresp.http.Vary = "Accept-Encoding";* >> >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> * # ##########################################################* >> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> "wordpress_logged_in" ) {* >> * unset beresp.http.set-cookie;* >> * set beresp.ttl = 52w;* >> *# set beresp.grace =1w;* >> * }* >> >> * if (beresp.ttl <= 0s ||* >> * beresp.http.Set-Cookie ||* >> * beresp.http.Vary == "*") {* >> * set beresp.ttl = 120 s;* >> * # set beresp.ttl = 120s;* >> * set beresp.uncacheable = true;* >> * return (deliver);* >> * }* >> >> * return (deliver);* >> *}* >> >> *# DELIVER FUNCTION* >> *# ##########################################################* >> *sub vcl_deliver {* >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> * # ##########################################################* >> * if (obj.hits > 0) {* >> * set resp.http.X-Cache = "HIT";* >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> * # ##########################################################* >> * } else {* >> * set resp.http.X-Cache = "MISS";* >> * }* >> *}* >> >> >> Thanks, >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/ >> attachments/20160803/d572e4b2/attachment-0001.html> >> >> ------------------------------ >> >> Message: 2 >> Date: Thu, 4 Aug 2016 12:14:36 +0300 >> From: Ayberk Kimsesiz <[email protected]> >> To: varnish-misc <[email protected]> >> Subject: Re: XenForo default.vcl settings >> Message-ID: >> <CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA@mail. >> gmail.com> >> Content-Type: text/plain; charset="utf-8" >> >> I need to add the followings to default.vcl for Xenforo. However, >> solutions >> in the Xenforo forums for this didn't work. Can you please help? >> >> xf_session_admin >> xf_user >> xf_session >> >> Or how can i block Varnish in a way that it doesn't work in * >> domain.com/forum >> <http://domain.com/forum>* >> >> >> >> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <[email protected]>: >> >> > Hi, >> > >> > Could you please share the appropriate Default.vcl settings for XenForo >> > Forums? No one can register to the forum at the moment. My current >> > Default.vcl settings are as follows. >> > >> > Forum address: domain.com/forum >> > >> > */* SET THE HOST AND PORT OF WORDPRESS* >> > * * *********************************************************/* >> > *vcl 4.0;* >> > *import std;* >> > >> > *backend default {* >> > * .host = "*******";* >> > * .port = "8080";* >> > * .connect_timeout = 600s;* >> > * .first_byte_timeout = 600s;* >> > * .between_bytes_timeout = 600s;* >> > * .max_connections = 800;* >> > *}* >> > >> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >> > *# ##########################################################* >> > *acl purge {* >> > * "localhost";* >> > * "127.0.0.1";* >> > *}* >> > >> > *#THE RECV FUNCTION* >> > *# ##########################################################* >> > *sub vcl_recv {* >> > >> > *# set realIP by trimming CloudFlare IP which will be used for various >> > checks* >> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> > ""); * >> > >> > * # FORWARD THE IP OF THE REQUEST* >> > * if (req.restarts == 0) {* >> > * if (req.http.x-forwarded-for) {* >> > * set req.http.X-Forwarded-For =* >> > * req.http.X-Forwarded-For + ", " + client.ip;* >> > * } else {* >> > * set req.http.X-Forwarded-For = client.ip;* >> > * }* >> > * }* >> > >> > * # Purge request check sections for hash_always_miss, purge and ban* >> > * # BLOCK IF NOT IP is not in purge acl* >> > * # ##########################################################* >> > >> > * # Enable smart refreshing using hash_always_miss* >> > *if (req.http.Cache-Control ~ "no-cache") {* >> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> > purge) {* >> > * set req.hash_always_miss = true;* >> > * }* >> > *}* >> > >> > *if (req.method == "PURGE") {* >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >> ~ >> > purge) {* >> > * return(synth(405,"Not allowed."));* >> > * }* >> > * return (purge);* >> > >> > * }* >> > *if (req.method == "BAN") {* >> > * # Same ACL check as above:* >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> > "1.2.3.4") ~ purge) {* >> > * return(synth(403, "Not allowed."));* >> > * }* >> > * ban("req.http.host == " + req.http.host +* >> > * " && req.url == " + req.url);* >> > >> > * # Throw a synthetic page so the* >> > * # request won't go to the backend.* >> > * return(synth(200, "Ban added"));* >> > *}* >> > >> > >> > *# Unset cloudflare cookies* >> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> > * set req.http.Cookie = regsuball(req.http.Cookie, >> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> > * # Remove a ";" prefix, if present.* >> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> > >> > * # For Testing: If you want to test with Varnish passing (not caching) >> > uncomment* >> > * # return( pass );* >> > >> > * # FORWARD THE IP OF THE REQUEST* >> > * if (req.restarts == 0) {* >> > * if (req.http.x-forwarded-for) {* >> > * set req.http.X-Forwarded-For =* >> > * req.http.X-Forwarded-For + ", " + client.ip;* >> > * } else {* >> > * set req.http.X-Forwarded-For = client.ip;* >> > * }* >> > * }* >> > >> > *# DO NOT CACHE RSS FEED* >> > * if (req.url ~ "/feed(/)?") {* >> > * return ( pass ); * >> > *}* >> > >> > *## Do not cache search results, comment these 3 lines if you do want to >> > cache them* >> > >> > *if (req.url ~ "/\?s\=") {* >> > * return ( pass ); * >> > *}* >> > >> > *# CLEAN UP THE ENCODING HEADER.* >> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >> ACCEPT-ENCODING* >> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> > * # ##########################################################* >> > * if (req.http.Accept-Encoding) {* >> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> > * # No point in compressing these* >> > * unset req.http.Accept-Encoding;* >> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> > * set req.http.Accept-Encoding = "gzip";* >> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> > * set req.http.Accept-Encoding = "deflate";* >> > * } else {* >> > * # unknown algorithm* >> > * unset req.http.Accept-Encoding;* >> > * }* >> > * }* >> > >> > * # PIPE ALL NON-STANDARD REQUESTS* >> > * # ##########################################################* >> > * if (req.method != "GET" &&* >> > * req.method != "HEAD" &&* >> > * req.method != "PUT" && * >> > * req.method != "POST" &&* >> > * req.method != "TRACE" &&* >> > * req.method != "OPTIONS" &&* >> > * req.method != "DELETE") {* >> > * return (pipe);* >> > * }* >> > >> > * # ONLY CACHE GET AND HEAD REQUESTS* >> > * # ##########################################################* >> > * if (req.method != "GET" && req.method != "HEAD") {* >> > * return (pass);* >> > * }* >> > >> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> > EITHER* >> > * # COMMENT OR UNCOMMENT BOTH* >> > * # ##########################################################* >> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> > * return( pass );* >> > * }* >> > >> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> > * # THEN UNSET THE COOKIES* >> > * # ##########################################################* >> > * if (!(req.url ~ "wp-(login|admin)") * >> > * && !(req.url ~ "&preview=true" ) * >> > * ){* >> > * unset req.http.cookie;* >> > * }* >> > >> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> > * # ##########################################################* >> > * if (req.http.Authorization || req.http.Cookie) {* >> > * return (pass);* >> > * }* >> > >> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> > * # ##########################################################* >> > * return (hash);* >> > * # This is for phpmyadmin* >> > *if (req.http.Host == "ki1.org <http://ki1.org>") {* >> > *return (pass);* >> > *}* >> > >> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {* >> > *return (pass);* >> > *}* >> > >> > *}* >> > >> > *# HIT FUNCTION* >> > *# ##########################################################* >> > *sub vcl_hit {* >> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> > * # ##########################################################* >> > * if (req.method == "PURGE") {* >> > * #* >> > * # This is now handled in vcl_recv.* >> > * #* >> > * # purge;* >> > * return (synth(200, "Purged."));* >> > * }* >> > * return (deliver);* >> > *}* >> > >> > *# MISS FUNCTION* >> > *# ##########################################################* >> > *sub vcl_miss {* >> > * if (req.method == "PURGE") {* >> > * #* >> > * # This is now handled in vcl_recv.* >> > * #* >> > * # purge;* >> > * return (synth(200, "Purged."));* >> > * }* >> > * return (fetch);* >> > *}* >> > >> > *# FETCH FUNCTION* >> > *# ##########################################################* >> > *sub vcl_backend_response {* >> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> > * # TO DO THIS* >> > * # ##########################################################* >> > * set beresp.http.Vary = "Accept-Encoding";* >> > >> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> > * # ##########################################################* >> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> > "wordpress_logged_in" ) {* >> > * unset beresp.http.set-cookie;* >> > * set beresp.ttl = 52w;* >> > *# set beresp.grace =1w;* >> > * }* >> > >> > * if (beresp.ttl <= 0s ||* >> > * beresp.http.Set-Cookie ||* >> > * beresp.http.Vary == "*") {* >> > * set beresp.ttl = 120 s;* >> > * # set beresp.ttl = 120s;* >> > * set beresp.uncacheable = true;* >> > * return (deliver);* >> > * }* >> > >> > * return (deliver);* >> > *}* >> > >> > *# DELIVER FUNCTION* >> > *# ##########################################################* >> > *sub vcl_deliver {* >> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >> > * # ##########################################################* >> > * if (obj.hits > 0) {* >> > * set resp.http.X-Cache = "HIT";* >> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> > * # ##########################################################* >> > * } else {* >> > * set resp.http.X-Cache = "MISS";* >> > * }* >> > *}* >> > >> > >> > Thanks, >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/ >> attachments/20160804/4e3f064a/attachment.html> >> >> ------------------------------ >> >> _______________________________________________ >> varnish-misc mailing list >> [email protected] >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >> End of varnish-misc Digest, Vol 125, Issue 14 >> ********************************************* >> > > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
