If i use the given settings MISS appears in the Header. Accept-Ranges bytes Age 0 Cache-control private, max-age=0 Content-Encoding gzip Content-Length 10075 Content-Type text/html; charset=UTF-8 Date Thu, 04 Aug 2016 18:30:52 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Last-Modified Thu, 04 Aug 2016 18:30:52 GMT Server Apache/2 Vary Accept-Encoding Via 1.1 varnish-v4 X-Cache MISS
What do you suggest me to do? 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz <[email protected]>: > Finally! > Login function is now working with the following settings but X-Cache > shows MISS instead of HIT. > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > if( req.http.Cookie ~ "xf_(session|user)") { > return (pass); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (beresp.http.Set-Cookie ~ "xf_(session|user)") > { set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz <[email protected]>: > >> Finally! >> Login function is now working with the following settings but X-Cache >> shows MISS instead of HIT. >> >> >> *#THE RECV FUNCTION* >> *# ##########################################################* >> *sub vcl_recv { * >> * if( req.http.Cookie ~ "xf_(session|user)") {* >> * return (pass);* >> * }* >> >> >> *# FETCH FUNCTION* >> *# ##########################################################* >> *sub vcl_backend_response { * >> >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> * # TO DO THIS* >> * # ##########################################################* >> * set beresp.http.Vary = "Accept-Encoding";* >> >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> * # ##########################################################* >> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >> *{ set beresp.uncacheable = true;* >> * set beresp.ttl = 1w;* >> * return (deliver);* >> * }* >> >> * if (beresp.ttl <= 0s ||* >> * beresp.http.Set-Cookie ||* >> * beresp.http.Vary == "*") {* >> * set beresp.ttl = 120 s;* >> * # set beresp.ttl = 120s;* >> * set beresp.uncacheable = true;* >> * return (deliver);* >> * }* >> >> * return (deliver);* >> *}* >> >> *# DELIVER FUNCTION* >> *# ##########################################################* >> *sub vcl_deliver {* >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> * # ##########################################################* >> * if (obj.hits > 0) {* >> * set resp.http.X-Cache = "HIT";* >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> * # ##########################################################* >> * } else {* >> * set resp.http.X-Cache = "MISS";* >> * }* >> *}* >> >> 2016-08-04 18:02 GMT+03:00 Lane, Richard <[email protected]>: >> >>> I agree that the order of execution may be getting you here. If you need >>> the WordPress rules then you may need to put additional logic to ensure >>> non-wordpress applications are not negatively affected. >>> >>> What happens if you change the order of these two blocks? Put your >>> Set-Cookie check block before the wp-login check. >>> >>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>> > # ########################################################## >>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> "wordpress_logged_in" ) { >>> > unset beresp.http.set-cookie; >>> > set beresp.ttl = 52w; >>> > # set beresp.grace =1w; >>> > } >>> > >>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>> > set beresp.uncacheable = true; >>> > set beresp.ttl = 1w; >>> > return (deliver); >>> > } >>> >>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei <[email protected]> wrote: >>> >>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>> not wordpress related. Again, you should really audit your entire VCL, and >>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>> using it. >>>> >>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>> [email protected]> wrote: >>>> >>>>> Log message: >>>>> >>>>> [root@ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>> - VCL_call RECV >>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>> 95.5.187.232 >>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>> - ReqHeader Accept-Encoding: gzip >>>>> - VCL_Log PPPAASS >>>>> - VCL_return pass >>>>> - VCL_call HASH >>>>> - VCL_return lookup >>>>> - VCL_call PASS >>>>> - VCL_return fetch >>>>> - Link bereq 524435 pass >>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>> - RespProtocol HTTP/1.1 >>>>> - RespStatus 200 >>>>> - RespReason OK >>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>> - RespHeader Server: Apache/2 >>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>> - RespHeader Accept-Ranges: bytes >>>>> -- >>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>> - VCL_call RECV >>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> >>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <[email protected]>: >>>>> >>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>> made. If so, can you verify that you do have the cookies set on the >>>>>> request? >>>>>> >>>>>> maybe add this log message right before returning >>>>>> >>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>> return (pass); >>>>>> >>>>>> } >>>>>> >>>>>> Then you can use varnishlog command (below) to verify cookie is found >>>>>> >>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>> >>>>>> >>>>>> Cheers, >>>>>> Richard >>>>>> >>>>>> >>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>> [email protected]> wrote: >>>>>> > >>>>>> > First of all, thank you. However the problem continues. Can you >>>>>> examine the codes? >>>>>> > >>>>>> > >>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>> > * *********************************************************/ >>>>>> > vcl 4.0; >>>>>> > import std; >>>>>> > >>>>>> > backend default { >>>>>> > .host = "*******"; >>>>>> > .port = "8080"; >>>>>> > .connect_timeout = 600s; >>>>>> > .first_byte_timeout = 600s; >>>>>> > .between_bytes_timeout = 600s; >>>>>> > .max_connections = 800; >>>>>> > } >>>>>> > >>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>> > # ########################################################## >>>>>> > acl purge { >>>>>> > "localhost"; >>>>>> > "127.0.0.1"; >>>>>> > } >>>>>> > >>>>>> > #THE RECV FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_recv { >>>>>> > >>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>> various checks >>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", ""); >>>>>> > >>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>> > if (req.restarts == 0) { >>>>>> > if (req.http.x-forwarded-for) { >>>>>> > set req.http.X-Forwarded-For = >>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>> > } else { >>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # Purge request check sections for hash_always_miss, purge and ban >>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>> > # ########################################################## >>>>>> > >>>>>> > # Enable smart refreshing using hash_always_miss >>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > set req.hash_always_miss = true; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > if (req.method == "PURGE") { >>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > return(synth(405,"Not allowed.")); >>>>>> > } >>>>>> > return (purge); >>>>>> > >>>>>> > } >>>>>> > if (req.method == "BAN") { >>>>>> > # Same ACL check as above: >>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > return(synth(403, "Not allowed.")); >>>>>> > } >>>>>> > ban("req.http.host == " + req.http.host + >>>>>> > " && req.url == " + req.url); >>>>>> > >>>>>> > # Throw a synthetic page so the >>>>>> > # request won't go to the backend. >>>>>> > return(synth(200, "Ban added")); >>>>>> > } >>>>>> > >>>>>> > >>>>>> > # Unset cloudflare cookies >>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>> > # Remove a ";" prefix, if present. >>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>> > >>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>> caching) uncomment >>>>>> > # return( pass ); >>>>>> > >>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>> > if (req.restarts == 0) { >>>>>> > if (req.http.x-forwarded-for) { >>>>>> > set req.http.X-Forwarded-For = >>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>> > } else { >>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # DO NOT CACHE RSS FEED >>>>>> > if (req.url ~ "/feed(/)?") { >>>>>> > return ( pass ); >>>>>> > } >>>>>> > >>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>> want to cache them >>>>>> > >>>>>> > if (req.url ~ "/\?s\=") { >>>>>> > return ( pass ); >>>>>> > } >>>>>> > >>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING >>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>> > # ########################################################## >>>>>> > if (req.http.Accept-Encoding) { >>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>> > # No point in compressing these >>>>>> > unset req.http.Accept-Encoding; >>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>> > } else { >>>>>> > # unknown algorithm >>>>>> > unset req.http.Accept-Encoding; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>> > # ########################################################## >>>>>> > if (req.method != "GET" && >>>>>> > req.method != "HEAD" && >>>>>> > req.method != "PUT" && >>>>>> > req.method != "POST" && >>>>>> > req.method != "TRACE" && >>>>>> > req.method != "OPTIONS" && >>>>>> > req.method != "DELETE") { >>>>>> > return (pipe); >>>>>> > } >>>>>> > >>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>> > # ########################################################## >>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>> TOO, EITHER >>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>> > # ########################################################## >>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>> > return( pass ); >>>>>> > } >>>>>> > >>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>> > # THEN UNSET THE COOKIES >>>>>> > # ########################################################## >>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>> > && !(req.url ~ "&preview=true" ) >>>>>> > ){ >>>>>> > unset req.http.cookie; >>>>>> > } >>>>>> > >>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>> > # ########################################################## >>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>> > # ########################################################## >>>>>> > return (hash); >>>>>> > # This is for phpmyadmin >>>>>> > if (req.http.Host == "ki1.org") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > } >>>>>> > >>>>>> > # HIT FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_hit { >>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>> > # ########################################################## >>>>>> > if (req.method == "PURGE") { >>>>>> > # >>>>>> > # This is now handled in vcl_recv. >>>>>> > # >>>>>> > # purge; >>>>>> > return (synth(200, "Purged.")); >>>>>> > } >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > # MISS FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_miss { >>>>>> > if (req.method == "PURGE") { >>>>>> > # >>>>>> > # This is now handled in vcl_recv. >>>>>> > # >>>>>> > # purge; >>>>>> > return (synth(200, "Purged.")); >>>>>> > } >>>>>> > return (fetch); >>>>>> > } >>>>>> > >>>>>> > # FETCH FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_backend_response { >>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>> > # TO DO THIS >>>>>> > # ########################################################## >>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>> > >>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>> > # ########################################################## >>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) { >>>>>> > unset beresp.http.set-cookie; >>>>>> > set beresp.ttl = 52w; >>>>>> > # set beresp.grace =1w; >>>>>> > } >>>>>> > >>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>> > set beresp.uncacheable = true; >>>>>> > set beresp.ttl = 1w; >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > >>>>>> > if (beresp.ttl <= 0s || >>>>>> > beresp.http.Set-Cookie || >>>>>> > beresp.http.Vary == "*") { >>>>>> > set beresp.ttl = 120 s; >>>>>> > # set beresp.ttl = 120s; >>>>>> > set beresp.uncacheable = true; >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > # DELIVER FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_deliver { >>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>> > # ########################################################## >>>>>> > if (obj.hits > 0) { >>>>>> > set resp.http.X-Cache = "HIT"; >>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>> > # ########################################################## >>>>>> > } else { >>>>>> > set resp.http.X-Cache = "MISS"; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > >>>>>> > >>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei <[email protected]>: >>>>>> >> >>>>>> >> correction: >>>>>> >> >>>>>> >> sub vcl_recv { >>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> >> return (pass); >>>>>> >> } >>>>>> >> } >>>>>> >> >>>>>> >> sub vcl_backend_response { >>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>> >> set beresp.uncacheable = true; >>>>>> >> set beresp.ttl = 1w; >>>>>> >> return (deliver); >>>>>> >> } >>>>>> >> } >>>>>> >> >>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <[email protected]> wrote: >>>>>> >>> >>>>>> >>> Hello, >>>>>> >>> >>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>> running XenForo, the xf_ cookies are being dropped by your config. A >>>>>> quick >>>>>> fix is: >>>>>> >>> >>>>>> >>> sub vcl_recv { >>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>> >>> return (pass); >>>>>> >>> } >>>>>> >>> } >>>>>> >>> >>>>>> >>> sub vcl_backend_response { >>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>> >>> set beresp.uncacheable = true; >>>>>> >>> set beresp.ttl = 1w; >>>>>> >>> return (deliver); >>>>>> >>> } >>>>>> >>> } >>>>>> >>> >>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>> specific to the application(s) which you are running. >>>>>> >>> >>>>>> >>> >>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>> [email protected]> wrote: >>>>>> >>>> >>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>> current settings. So we need to make a change related to xf_user and >>>>>> xf_session but how? >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <[email protected]>: >>>>>> >>>>> >>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>> tell it to pass. In your example you have a rule for the RSS feed. You >>>>>> can >>>>>> do the same for /forum/ in your vcl_recv block. >>>>>> >>>>> >>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>> * return ( pass ); * >>>>>> >>>>> *}* >>>>>> >>>>> >>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>> >>>>> return ( pass ); >>>>>> >>>>> } >>>>>> >>>>> >>>>>> >>>>> Cheers, >>>>>> >>>>> Richard >>>>>> >>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Message: 1 >>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>> >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>> >>>>>> To: varnish-misc <[email protected]> >>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>> >>>>>> Message-ID: >>>>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe >>>>>> [email protected]> >>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>> for XenForo >>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>> current >>>>>> >>>>>> Default.vcl settings are as follows. >>>>>> >>>>>> >>>>>> >>>>>> Forum address: domain.com/forum >>>>>> >>>>>> >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> >>>>>> * * ****************************** >>>>>> ***************************/* >>>>>> >>>>>> *vcl 4.0;* >>>>>> >>>>>> *import std;* >>>>>> >>>>>> >>>>>> >>>>>> *backend default {* >>>>>> >>>>>> * .host = "*******";* >>>>>> >>>>>> * .port = "8080";* >>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>> >>>>>> * .max_connections = 800;* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *acl purge {* >>>>>> >>>>>> * "localhost";* >>>>>> >>>>>> * "127.0.0.1";* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_recv {* >>>>>> >>>>>> >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>>> various >>>>>> >>>>>> checks* >>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>> "[, ].*$", >>>>>> >>>>>> ""); * >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>>> and ban* >>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> purge) {* >>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> purge) {* >>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (purge);* >>>>>> >>>>>> >>>>>> >>>>>> * }* >>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>> >>>>>> * # Same ACL check as above:* >>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>> >>>>>> ~ purge) {* >>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> >>>>>> * # request won't go to the backend.* >>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>> "");* >>>>>> >>>>>> >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>> (not caching) >>>>>> >>>>>> uncomment* >>>>>> >>>>>> * # return( pass );* >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you >>>>>> do want to >>>>>> >>>>>> cache them* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>> {* >>>>>> >>>>>> * # No point in compressing these* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * # unknown algorithm* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>> >>>>>> * req.method != "PUT" && * >>>>>> >>>>>> * req.method != "POST" &&* >>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>> >>>>>> * req.method != "DELETE") {* >>>>>> >>>>>> * return (pipe);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>> FETCH TOO, >>>>>> >>>>>> EITHER* >>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> >>>>>> * return( pass );* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> >>>>>> * ){* >>>>>> >>>>>> * unset req.http.cookie;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * return (hash);* >>>>>> >>>>>> * # This is for phpmyadmin* >>>>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") >>>>>> {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_hit {* >>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_miss {* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (fetch);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_backend_response {* >>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> >>>>>> * # TO DO THIS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie >>>>>> ~ >>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_deliver {* >>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -------------- next part -------------- >>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>> >>>>>> URL: <https://www.varnish-cache.org >>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>> attachment-0001.html> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> Message: 2 >>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>> >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>> >>>>>> To: varnish-misc <[email protected]> >>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>> >>>>>> Message-ID: >>>>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5 >>>>>> [email protected]> >>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> >>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>> However, solutions >>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>> help? >>>>>> >>>>>> >>>>>> >>>>>> xf_session_admin >>>>>> >>>>>> xf_user >>>>>> >>>>>> xf_session >>>>>> >>>>>> >>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>> domain.com/forum >>>>>> >>>>>> <http://domain.com/forum>* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>> [email protected]>: >>>>>> >>>>>> >>>>>> >>>>>> > Hi, >>>>>> >>>>>> > >>>>>> >>>>>> > Could you please share the appropriate Default.vcl settings >>>>>> for XenForo >>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>>> current >>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>> >>>>>> > >>>>>> >>>>>> > Forum address: domain.com/forum >>>>>> >>>>>> > >>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> >>>>>> > * * ****************************** >>>>>> ***************************/* >>>>>> >>>>>> > *vcl 4.0;* >>>>>> >>>>>> > *import std;* >>>>>> >>>>>> > >>>>>> >>>>>> > *backend default {* >>>>>> >>>>>> > * .host = "*******";* >>>>>> >>>>>> > * .port = "8080";* >>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>> >>>>>> > * .max_connections = 800;* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *acl purge {* >>>>>> >>>>>> > * "localhost";* >>>>>> >>>>>> > * "127.0.0.1";* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_recv {* >>>>>> >>>>>> > >>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>>> for various >>>>>> >>>>>> > checks* >>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>> "[, ].*$", >>>>>> >>>>>> > ""); * >>>>>> >>>>>> > >>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge >>>>>> and ban* >>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> > purge) {* >>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> > purge) {* >>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (purge);* >>>>>> >>>>>> > >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>> >>>>>> > * # Same ACL check as above:* >>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>> !std.ip(req.http.X-Actual-IP, >>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>> >>>>>> > * return(synth(403, "Not allowed."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>> >>>>>> > * # request won't go to the backend.* >>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > >>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>> cookies.* >>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>> "");* >>>>>> >>>>>> > >>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>>> (not caching) >>>>>> >>>>>> > uncomment* >>>>>> >>>>>> > * # return( pass );* >>>>>> >>>>>> > >>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>>> > * return ( pass ); * >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>> you do want to >>>>>> >>>>>> > cache them* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>> >>>>>> > * return ( pass ); * >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>> ETC.* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>> {* >>>>>> >>>>>> > * # No point in compressing these* >>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * # unknown algorithm* >>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>> >>>>>> > * req.method != "PUT" && * >>>>>> >>>>>> > * req.method != "POST" &&* >>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>> >>>>>> > * return (pipe);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> >>>>>> > * return (pass);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>> FETCH TOO, >>>>>> >>>>>> > EITHER* >>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> >>>>>> > * return( pass );* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>> WP-LOGIN* >>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>> >>>>>> > * ){* >>>>>> >>>>>> > * unset req.http.cookie;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>> >>>>>> > * return (pass);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * return (hash);* >>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>> >>>>>> > *return (pass);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") >>>>>> {* >>>>>> >>>>>> > *return (pass);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# HIT FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_hit {* >>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # purge;* >>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# MISS FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_miss {* >>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # purge;* >>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (fetch);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>> WANT* >>>>>> >>>>>> > * # TO DO THIS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>> OF * >>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>> !bereq.http.cookie ~ >>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_deliver {* >>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>> * >>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > >>>>>> >>>>>> > Thanks, >>>>>> >>>>>> > >>>>>> >>>>>> -------------- next part -------------- >>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>> >>>>>> URL: <https://www.varnish-cache.org >>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>> attachment.html> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> >>>>>> varnish-misc mailing list >>>>>> >>>>>> [email protected] >>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>>>>> >>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>> >>>>>> ********************************************* >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> _______________________________________________ >>>>>> >>>>> varnish-misc mailing list >>>>>> >>>>> [email protected] >>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> _______________________________________________ >>>>>> >>>> varnish-misc mailing list >>>>>> >>>> [email protected] >>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>> >>>>>> >>> >>>>>> >> >>>>>> > >>>>>> >>>>> >>>>> >>>> >>> >> >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
