Please provide us a copy of the varnishlog output during a login attempt for review
On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz <[email protected]> wrote: > First of all, thank you. However the problem continues. Can you examine > the codes? > > > /* SET THE HOST AND PORT OF WORDPRESS > * *********************************************************/ > vcl 4.0; > import std; > > backend default { > .host = "*******"; > .port = "8080"; > .connect_timeout = 600s; > .first_byte_timeout = 600s; > .between_bytes_timeout = 600s; > .max_connections = 800; > } > > # SET THE ALLOWED IP OF PURGE REQUESTS > # ########################################################## > acl purge { > "localhost"; > "127.0.0.1"; > } > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > > *if(req.http.Cookie ~ "xf_(session|user)") {* > * return (pass);* > * }* > > # set realIP by trimming CloudFlare IP which will be used for various > checks > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # Purge request check sections for hash_always_miss, purge and ban > # BLOCK IF NOT IP is not in purge acl > # ########################################################## > > # Enable smart refreshing using hash_always_miss > if (req.http.Cache-Control ~ "no-cache") { > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > set req.hash_always_miss = true; > } > } > > if (req.method == "PURGE") { > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > return(synth(405,"Not allowed.")); > } > return (purge); > > } > if (req.method == "BAN") { > # Same ACL check as above: > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ purge) { > return(synth(403, "Not allowed.")); > } > ban("req.http.host == " + req.http.host + > " && req.url == " + req.url); > > # Throw a synthetic page so the > # request won't go to the backend. > return(synth(200, "Ban added")); > } > > > # Unset cloudflare cookies > # Remove has_js and CloudFlare/Google Analytics __* cookies. > set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > # Remove a ";" prefix, if present. > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > # For Testing: If you want to test with Varnish passing (not caching) > uncomment > # return( pass ); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # DO NOT CACHE RSS FEED > if (req.url ~ "/feed(/)?") { > return ( pass ); > } > > ## Do not cache search results, comment these 3 lines if you do want to > cache them > > if (req.url ~ "/\?s\=") { > return ( pass ); > } > > # CLEAN UP THE ENCODING HEADER. > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > # ########################################################## > if (req.http.Accept-Encoding) { > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > # No point in compressing these > unset req.http.Accept-Encoding; > } elsif (req.http.Accept-Encoding ~ "gzip") { > set req.http.Accept-Encoding = "gzip"; > } elsif (req.http.Accept-Encoding ~ "deflate") { > set req.http.Accept-Encoding = "deflate"; > } else { > # unknown algorithm > unset req.http.Accept-Encoding; > } > } > > # PIPE ALL NON-STANDARD REQUESTS > # ########################################################## > if (req.method != "GET" && > req.method != "HEAD" && > req.method != "PUT" && > req.method != "POST" && > req.method != "TRACE" && > req.method != "OPTIONS" && > req.method != "DELETE") { > return (pipe); > } > > # ONLY CACHE GET AND HEAD REQUESTS > # ########################################################## > if (req.method != "GET" && req.method != "HEAD") { > return (pass); > } > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER > # COMMENT OR UNCOMMENT BOTH > # ########################################################## > if ( req.http.cookie ~ "wordpress_logged_in" ) { > return( pass ); > } > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > # THEN UNSET THE COOKIES > # ########################################################## > if (!(req.url ~ "wp-(login|admin)") > && !(req.url ~ "&preview=true" ) > ){ > unset req.http.cookie; > } > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > # ########################################################## > return (hash); > # This is for phpmyadmin > if (req.http.Host == "ki1.org") { > return (pass); > } > > if (req.http.Host == "mysql.ki1.org") { > return (pass); > } > > } > > # HIT FUNCTION > # ########################################################## > sub vcl_hit { > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > # ########################################################## > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (deliver); > } > > # MISS FUNCTION > # ########################################################## > sub vcl_miss { > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (fetch); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) { > unset beresp.http.set-cookie; > set beresp.ttl = 52w; > # set beresp.grace =1w; > } > > * if (beresp.http.Set-Cookie ~ "xf_(session|user)") {* > * set beresp.uncacheable = true;* > * set beresp.ttl = 1w;* > * return (deliver);* > * }* > > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > > > 2016-08-04 16:36 GMT+03:00 Andrei <[email protected]>: > >> correction: >> >> sub vcl_recv { >> if(req.http.Cookie ~ "xf_(session|user)") { >> return (pass); >> } >> } >> >> sub vcl_backend_response { >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> } >> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <[email protected]> wrote: >> >>> Hello, >>> >>> Aside from the provided VCL being for WordPress, while you're running >>> XenForo, the xf_ cookies are being dropped by your config. A quick fix is: >>> >>> sub vcl_recv { >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> return (pass); >>> } >>> } >>> >>> sub vcl_backend_response { >>> if (req.http.Cookie ~ "xf_(session|user)") { >>> set beresp.uncacheable = true; >>> set beresp.ttl = 1w; >>> return (deliver); >>> } >>> } >>> >>> However, I suggest auditing your VCL, and only including rules specific >>> to the application(s) which you are running. >>> >>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>> [email protected]> wrote: >>> >>>> Users can't login or register to domain.com/forum with the current >>>> settings. So we need to make a change related to *xf_user *and >>>> *xf_session* but how? >>>> >>>> >>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <[email protected]>: >>>> >>>>> If you want Varnish to ignore request for a path you need to tell it >>>>> to pass. In your example you have a rule for the RSS feed. You can do the >>>>> same for /forum/ in your vcl_recv block. >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> * return ( pass ); * >>>>> *}* >>>>> >>>>> *# DO NOT CACHE FORUM* >>>>> if (req.url ~ "/forum(/)?") { >>>>> return ( pass ); >>>>> } >>>>> >>>>> Cheers, >>>>> Richard >>>>> >>>>> >>>>>> >>>>>> Message: 1 >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>> To: varnish-misc <[email protected]> >>>>>> Subject: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> <[email protected] >>>>>> ail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> Hi, >>>>>> >>>>>> Could you please share the appropriate Default.vcl settings for >>>>>> XenForo >>>>>> Forums? No one can register to the forum at the moment. My current >>>>>> Default.vcl settings are as follows. >>>>>> >>>>>> Forum address: domain.com/forum >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> * * *********************************************************/* >>>>>> *vcl 4.0;* >>>>>> *import std;* >>>>>> >>>>>> *backend default {* >>>>>> * .host = "*******";* >>>>>> * .port = "8080";* >>>>>> * .connect_timeout = 600s;* >>>>>> * .first_byte_timeout = 600s;* >>>>>> * .between_bytes_timeout = 600s;* >>>>>> * .max_connections = 800;* >>>>>> *}* >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> *# ##########################################################* >>>>>> *acl purge {* >>>>>> * "localhost";* >>>>>> * "127.0.0.1";* >>>>>> *}* >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_recv {* >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>>>> checks* >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", >>>>>> ""); * >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> * # ##########################################################* >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * set req.hash_always_miss = true;* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * return(synth(405,"Not allowed."));* >>>>>> * }* >>>>>> * return (purge);* >>>>>> >>>>>> * }* >>>>>> *if (req.method == "BAN") {* >>>>>> * # Same ACL check as above:* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") >>>>>> ~ purge) {* >>>>>> * return(synth(403, "Not allowed."));* >>>>>> * }* >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> * # request won't go to the backend.* >>>>>> * return(synth(200, "Ban added"));* >>>>>> *}* >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> * # Remove a ";" prefix, if present.* >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>>> caching) >>>>>> uncomment* >>>>>> * # return( pass );* >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do want >>>>>> to >>>>>> cache them* >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> * # No point in compressing these* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> * } else {* >>>>>> * # unknown algorithm* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" &&* >>>>>> * req.method != "HEAD" &&* >>>>>> * req.method != "PUT" && * >>>>>> * req.method != "POST" &&* >>>>>> * req.method != "TRACE" &&* >>>>>> * req.method != "OPTIONS" &&* >>>>>> * req.method != "DELETE") {* >>>>>> * return (pipe);* >>>>>> * }* >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>>> EITHER* >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> * # ##########################################################* >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> * return( pass );* >>>>>> * }* >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> * # THEN UNSET THE COOKIES* >>>>>> * # ##########################################################* >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> * ){* >>>>>> * unset req.http.cookie;* >>>>>> * }* >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> * # ##########################################################* >>>>>> * return (hash);* >>>>>> * # This is for phpmyadmin* >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *}* >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_hit {* >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> * # ##########################################################* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_miss {* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (fetch);* >>>>>> *}* >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_backend_response {* >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> * # TO DO THIS* >>>>>> * # ##########################################################* >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> * # ##########################################################* >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) {* >>>>>> * unset beresp.http.set-cookie;* >>>>>> * set beresp.ttl = 52w;* >>>>>> *# set beresp.grace =1w;* >>>>>> * }* >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> * beresp.http.Set-Cookie ||* >>>>>> * beresp.http.Vary == "*") {* >>>>>> * set beresp.ttl = 120 s;* >>>>>> * # set beresp.ttl = 120s;* >>>>>> * set beresp.uncacheable = true;* >>>>>> * return (deliver);* >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_deliver {* >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> * # ##########################################################* >>>>>> * if (obj.hits > 0) {* >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> * # ##########################################################* >>>>>> * } else {* >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> >>>>>> Thanks, >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/ >>>>>> attachments/20160803/d572e4b2/attachment-0001.html> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> Message: 2 >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>> To: varnish-misc <[email protected]> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> <[email protected] >>>>>> ail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. However, >>>>>> solutions >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>>>>> >>>>>> xf_session_admin >>>>>> xf_user >>>>>> xf_session >>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>> domain.com/forum >>>>>> <http://domain.com/forum>* >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz <[email protected] >>>>>> >: >>>>>> >>>>>> > Hi, >>>>>> > >>>>>> > Could you please share the appropriate Default.vcl settings for >>>>>> XenForo >>>>>> > Forums? No one can register to the forum at the moment. My current >>>>>> > Default.vcl settings are as follows. >>>>>> > >>>>>> > Forum address: domain.com/forum >>>>>> > >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> > * * *********************************************************/* >>>>>> > *vcl 4.0;* >>>>>> > *import std;* >>>>>> > >>>>>> > *backend default {* >>>>>> > * .host = "*******";* >>>>>> > * .port = "8080";* >>>>>> > * .connect_timeout = 600s;* >>>>>> > * .first_byte_timeout = 600s;* >>>>>> > * .between_bytes_timeout = 600s;* >>>>>> > * .max_connections = 800;* >>>>>> > *}* >>>>>> > >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> > *# ##########################################################* >>>>>> > *acl purge {* >>>>>> > * "localhost";* >>>>>> > * "127.0.0.1";* >>>>>> > *}* >>>>>> > >>>>>> > *#THE RECV FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_recv {* >>>>>> > >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for >>>>>> various >>>>>> > checks* >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", >>>>>> > ""); * >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # Purge request check sections for hash_always_miss, purge and >>>>>> ban* >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>> > * # ##########################################################* >>>>>> > >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * set req.hash_always_miss = true;* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.method == "PURGE") {* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * return(synth(405,"Not allowed."));* >>>>>> > * }* >>>>>> > * return (purge);* >>>>>> > >>>>>> > * }* >>>>>> > *if (req.method == "BAN") {* >>>>>> > * # Same ACL check as above:* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> > "1.2.3.4") ~ purge) {* >>>>>> > * return(synth(403, "Not allowed."));* >>>>>> > * }* >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>> > * " && req.url == " + req.url);* >>>>>> > >>>>>> > * # Throw a synthetic page so the* >>>>>> > * # request won't go to the backend.* >>>>>> > * return(synth(200, "Ban added"));* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > *# Unset cloudflare cookies* >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> > * # Remove a ";" prefix, if present.* >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> > >>>>>> > * # For Testing: If you want to test with Varnish passing (not >>>>>> caching) >>>>>> > uncomment* >>>>>> > * # return( pass );* >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *## Do not cache search results, comment these 3 lines if you do >>>>>> want to >>>>>> > cache them* >>>>>> > >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> > * # No point in compressing these* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>> > * } else {* >>>>>> > * # unknown algorithm* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" &&* >>>>>> > * req.method != "HEAD" &&* >>>>>> > * req.method != "PUT" && * >>>>>> > * req.method != "POST" &&* >>>>>> > * req.method != "TRACE" &&* >>>>>> > * req.method != "OPTIONS" &&* >>>>>> > * req.method != "DELETE") {* >>>>>> > * return (pipe);* >>>>>> > * }* >>>>>> > >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>> TOO, >>>>>> > EITHER* >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>> > * # ##########################################################* >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> > * return( pass );* >>>>>> > * }* >>>>>> > >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> > * # THEN UNSET THE COOKIES* >>>>>> > * # ##########################################################* >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>> > * ){* >>>>>> > * unset req.http.cookie;* >>>>>> > * }* >>>>>> > >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> > * # ##########################################################* >>>>>> > * return (hash);* >>>>>> > * # This is for phpmyadmin* >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *}* >>>>>> > >>>>>> > *# HIT FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_hit {* >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# MISS FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_miss {* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (fetch);* >>>>>> > *}* >>>>>> > >>>>>> > *# FETCH FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_backend_response {* >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> > * # TO DO THIS* >>>>>> > * # ##########################################################* >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>> > >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> > * # ##########################################################* >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> > "wordpress_logged_in" ) {* >>>>>> > * unset beresp.http.set-cookie;* >>>>>> > * set beresp.ttl = 52w;* >>>>>> > *# set beresp.grace =1w;* >>>>>> > * }* >>>>>> > >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>> > * beresp.http.Set-Cookie ||* >>>>>> > * beresp.http.Vary == "*") {* >>>>>> > * set beresp.ttl = 120 s;* >>>>>> > * # set beresp.ttl = 120s;* >>>>>> > * set beresp.uncacheable = true;* >>>>>> > * return (deliver);* >>>>>> > * }* >>>>>> > >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# DELIVER FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_deliver {* >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> > * # ##########################################################* >>>>>> > * if (obj.hits > 0) {* >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> > * # ##########################################################* >>>>>> > * } else {* >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > Thanks, >>>>>> > >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/ >>>>>> attachments/20160804/4e3f064a/attachment.html> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> varnish-misc mailing list >>>>>> [email protected] >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>> ********************************************* >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> [email protected] >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> [email protected] >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> >>> >> >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
