Yes, i want /forum to be MISS, there is no problem. However, Wordpress (homepage) shows MISS too.
2016-08-04 22:34 GMT+03:00 Lane, Richard <[email protected]>: > If you PASS then your request will not be cached. Varnish marks these > non-cached items as a MISS since they go to the backend each time and > therefore a miss and not a hit on cache. > > What were you expecting? Is this still requests with the forum cookies? > > If you want to cache request from logged in users you will need to add the > specific user cookies to the hash so each user served their cached copy. > > On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz <[email protected] > > wrote: > >> If i use the given settings MISS appears in the Header. >> >> Accept-Ranges bytes >> Age 0 >> Cache-control private, max-age=0 >> Content-Encoding gzip >> Content-Length 10075 >> Content-Type text/html; charset=UTF-8 >> Date Thu, 04 Aug 2016 18:30:52 GMT >> Expires Thu, 19 Nov 1981 08:52:00 GMT >> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >> Server Apache/2 >> Vary Accept-Encoding >> Via 1.1 varnish-v4 >> X-Cache MISS >> >> What do you suggest me to do? >> >> >> >> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz <[email protected]>: >> >>> Finally! >>> Login function is now working with the following settings but X-Cache >>> shows MISS instead of HIT. >>> >>> #THE RECV FUNCTION >>> # ########################################################## >>> sub vcl_recv { >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> return (pass); >>> } >>> >>> # FETCH FUNCTION >>> # ########################################################## >>> sub vcl_backend_response { >>> >>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>> # TO DO THIS >>> # ########################################################## >>> set beresp.http.Vary = "Accept-Encoding"; >>> >>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>> # ########################################################## >>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>> { set beresp.uncacheable = true; >>> set beresp.ttl = 1w; >>> return (deliver); >>> } >>> >>> if (beresp.ttl <= 0s || >>> beresp.http.Set-Cookie || >>> beresp.http.Vary == "*") { >>> set beresp.ttl = 120 s; >>> # set beresp.ttl = 120s; >>> set beresp.uncacheable = true; >>> return (deliver); >>> } >>> >>> return (deliver); >>> } >>> >>> # DELIVER FUNCTION >>> # ########################################################## >>> sub vcl_deliver { >>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>> # IN THE HEADER (GREAT FOR DEBUGGING) >>> # ########################################################## >>> if (obj.hits > 0) { >>> set resp.http.X-Cache = "HIT"; >>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>> # ########################################################## >>> } else { >>> set resp.http.X-Cache = "MISS"; >>> } >>> } >>> >>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz <[email protected]>: >>> >>>> Finally! >>>> Login function is now working with the following settings but X-Cache >>>> shows MISS instead of HIT. >>>> >>>> >>>> *#THE RECV FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_recv { * >>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>> * return (pass);* >>>> * }* >>>> >>>> >>>> *# FETCH FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_backend_response { * >>>> >>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> * # TO DO THIS* >>>> * # ##########################################################* >>>> * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> * # ##########################################################* >>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>> *{ set beresp.uncacheable = true;* >>>> * set beresp.ttl = 1w;* >>>> * return (deliver);* >>>> * }* >>>> >>>> * if (beresp.ttl <= 0s ||* >>>> * beresp.http.Set-Cookie ||* >>>> * beresp.http.Vary == "*") {* >>>> * set beresp.ttl = 120 s;* >>>> * # set beresp.ttl = 120s;* >>>> * set beresp.uncacheable = true;* >>>> * return (deliver);* >>>> * }* >>>> >>>> * return (deliver);* >>>> *}* >>>> >>>> *# DELIVER FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_deliver {* >>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> * # ##########################################################* >>>> * if (obj.hits > 0) {* >>>> * set resp.http.X-Cache = "HIT";* >>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> * # ##########################################################* >>>> * } else {* >>>> * set resp.http.X-Cache = "MISS";* >>>> * }* >>>> *}* >>>> >>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard <[email protected]>: >>>> >>>>> I agree that the order of execution may be getting you here. If you >>>>> need the WordPress rules then you may need to put additional logic to >>>>> ensure non-wordpress applications are not negatively affected. >>>>> >>>>> What happens if you change the order of these two blocks? Put your >>>>> Set-Cookie check block before the wp-login check. >>>>> >>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>> > # ########################################################## >>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> "wordpress_logged_in" ) { >>>>> > unset beresp.http.set-cookie; >>>>> > set beresp.ttl = 52w; >>>>> > # set beresp.grace =1w; >>>>> > } >>>>> > >>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>> > set beresp.uncacheable = true; >>>>> > set beresp.ttl = 1w; >>>>> > return (deliver); >>>>> > } >>>>> >>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei <[email protected]> wrote: >>>>> >>>>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>>>> first thing to run as you pasted earlier. Also, looking a bit closer, >>>>>> your >>>>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>>>> not wordpress related. Again, you should really audit your entire VCL, >>>>>> and >>>>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>>>> using it. >>>>>> >>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Log message: >>>>>>> >>>>>>> [root@ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>> - VCL_call RECV >>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>> 95.5.187.232 >>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>> - VCL_Log PPPAASS >>>>>>> - VCL_return pass >>>>>>> - VCL_call HASH >>>>>>> - VCL_return lookup >>>>>>> - VCL_call PASS >>>>>>> - VCL_return fetch >>>>>>> - Link bereq 524435 pass >>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>> - RespProtocol HTTP/1.1 >>>>>>> - RespStatus 200 >>>>>>> - RespReason OK >>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>> - RespHeader Server: Apache/2 >>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>> -- >>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>> - VCL_call RECV >>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> >>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard <[email protected]>: >>>>>>> >>>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>>> made. If so, can you verify that you do have the cookies set on the >>>>>>>> request? >>>>>>>> >>>>>>>> maybe add this log message right before returning >>>>>>>> >>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>> return (pass); >>>>>>>> >>>>>>>> } >>>>>>>> >>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>> found >>>>>>>> >>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>> >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Richard >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>> [email protected]> wrote: >>>>>>>> > >>>>>>>> > First of all, thank you. However the problem continues. Can you >>>>>>>> examine the codes? >>>>>>>> > >>>>>>>> > >>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>> > * *********************************************************/ >>>>>>>> > vcl 4.0; >>>>>>>> > import std; >>>>>>>> > >>>>>>>> > backend default { >>>>>>>> > .host = "*******"; >>>>>>>> > .port = "8080"; >>>>>>>> > .connect_timeout = 600s; >>>>>>>> > .first_byte_timeout = 600s; >>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>> > .max_connections = 800; >>>>>>>> > } >>>>>>>> > >>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > acl purge { >>>>>>>> > "localhost"; >>>>>>>> > "127.0.0.1"; >>>>>>>> > } >>>>>>>> > >>>>>>>> > #THE RECV FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_recv { >>>>>>>> > >>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>> various checks >>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>>> ].*$", ""); >>>>>>>> > >>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>> > if (req.restarts == 0) { >>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>> > } else { >>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # Purge request check sections for hash_always_miss, purge and >>>>>>>> ban >>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>> > # ########################################################## >>>>>>>> > >>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > set req.hash_always_miss = true; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>> > } >>>>>>>> > return (purge); >>>>>>>> > >>>>>>>> > } >>>>>>>> > if (req.method == "BAN") { >>>>>>>> > # Same ACL check as above: >>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>> > } >>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>> > " && req.url == " + req.url); >>>>>>>> > >>>>>>>> > # Throw a synthetic page so the >>>>>>>> > # request won't go to the backend. >>>>>>>> > return(synth(200, "Ban added")); >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > # Unset cloudflare cookies >>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>>>> > >>>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>>> caching) uncomment >>>>>>>> > # return( pass ); >>>>>>>> > >>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>> > if (req.restarts == 0) { >>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>> > } else { >>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>> > return ( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>>>> want to cache them >>>>>>>> > >>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>> > return ( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING >>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>> > # ########################################################## >>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>>> > # No point in compressing these >>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>> > } else { >>>>>>>> > # unknown algorithm >>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method != "GET" && >>>>>>>> > req.method != "HEAD" && >>>>>>>> > req.method != "PUT" && >>>>>>>> > req.method != "POST" && >>>>>>>> > req.method != "TRACE" && >>>>>>>> > req.method != "OPTIONS" && >>>>>>>> > req.method != "DELETE") { >>>>>>>> > return (pipe); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>>> TOO, EITHER >>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>> > # ########################################################## >>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>> > return( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>> > # ########################################################## >>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>> > ){ >>>>>>>> > unset req.http.cookie; >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>> > # ########################################################## >>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>> > # ########################################################## >>>>>>>> > return (hash); >>>>>>>> > # This is for phpmyadmin >>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > } >>>>>>>> > >>>>>>>> > # HIT FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_hit { >>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > # >>>>>>>> > # This is now handled in vcl_recv. >>>>>>>> > # >>>>>>>> > # purge; >>>>>>>> > return (synth(200, "Purged.")); >>>>>>>> > } >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # MISS FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_miss { >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > # >>>>>>>> > # This is now handled in vcl_recv. >>>>>>>> > # >>>>>>>> > # purge; >>>>>>>> > return (synth(200, "Purged.")); >>>>>>>> > } >>>>>>>> > return (fetch); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # FETCH FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_backend_response { >>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>> > # TO DO THIS >>>>>>>> > # ########################################################## >>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>> > >>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>> > # ########################################################## >>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>> "wordpress_logged_in" ) { >>>>>>>> > unset beresp.http.set-cookie; >>>>>>>> > set beresp.ttl = 52w; >>>>>>>> > # set beresp.grace =1w; >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>> > set beresp.uncacheable = true; >>>>>>>> > set beresp.ttl = 1w; >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>> > beresp.http.Set-Cookie || >>>>>>>> > beresp.http.Vary == "*") { >>>>>>>> > set beresp.ttl = 120 s; >>>>>>>> > # set beresp.ttl = 120s; >>>>>>>> > set beresp.uncacheable = true; >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # DELIVER FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_deliver { >>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>> > # ########################################################## >>>>>>>> > if (obj.hits > 0) { >>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>> > # ########################################################## >>>>>>>> > } else { >>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei <[email protected]>: >>>>>>>> >> >>>>>>>> >> correction: >>>>>>>> >> >>>>>>>> >> sub vcl_recv { >>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >> return (pass); >>>>>>>> >> } >>>>>>>> >> } >>>>>>>> >> >>>>>>>> >> sub vcl_backend_response { >>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>> >> set beresp.uncacheable = true; >>>>>>>> >> set beresp.ttl = 1w; >>>>>>>> >> return (deliver); >>>>>>>> >> } >>>>>>>> >> } >>>>>>>> >> >>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei <[email protected]> wrote: >>>>>>>> >>> >>>>>>>> >>> Hello, >>>>>>>> >>> >>>>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>>>> running XenForo, the xf_ cookies are being dropped by your config. A >>>>>>>> quick >>>>>>>> fix is: >>>>>>>> >>> >>>>>>>> >>> sub vcl_recv { >>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >>> return (pass); >>>>>>>> >>> } >>>>>>>> >>> } >>>>>>>> >>> >>>>>>>> >>> sub vcl_backend_response { >>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>> >>> return (deliver); >>>>>>>> >>> } >>>>>>>> >>> } >>>>>>>> >>> >>>>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>>>> specific to the application(s) which you are running. >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>> >>>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>>> xf_session but how? >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard <[email protected]>: >>>>>>>> >>>>> >>>>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>>>> tell it to pass. In your example you have a rule for the RSS feed. You >>>>>>>> can >>>>>>>> do the same for /forum/ in your vcl_recv block. >>>>>>>> >>>>> >>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>> * return ( pass ); * >>>>>>>> >>>>> *}* >>>>>>>> >>>>> >>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>> >>>>> return ( pass ); >>>>>>>> >>>>> } >>>>>>>> >>>>> >>>>>>>> >>>>> Cheers, >>>>>>>> >>>>> Richard >>>>>>>> >>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> Message: 1 >>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>> >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>>>> >>>>>> To: varnish-misc <[email protected]> >>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>> >>>>>> Message-ID: >>>>>>>> >>>>>> <CAPQGzE29n1QOmHarn9L-9ztquGfe >>>>>>>> [email protected]> >>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>> >>>>>> >>>>>>>> >>>>>> Hi, >>>>>>>> >>>>>> >>>>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>>>> for XenForo >>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>>>> current >>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>> >>>>>> >>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>> >>>>>> >>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>> >>>>>> * * ****************************** >>>>>>>> ***************************/* >>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>> >>>>>> *import std;* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *backend default {* >>>>>>>> >>>>>> * .host = "*******";* >>>>>>>> >>>>>> * .port = "8080";* >>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *acl purge {* >>>>>>>> >>>>>> * "localhost";* >>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used >>>>>>>> for various >>>>>>>> >>>>>> checks* >>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>> "[, ].*$", >>>>>>>> >>>>>> ""); * >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>>>>> and ban* >>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ >>>>>>>> >>>>>> purge) {* >>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ >>>>>>>> >>>>>> purge) {* >>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (purge);* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>> >>>>>> ~ purge) {* >>>>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>> cookies.* >>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>>> "");* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>>>> (not caching) >>>>>>>> >>>>>> uncomment* >>>>>>>> >>>>>> * # return( pass );* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>>> * return ( pass ); * >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if >>>>>>>> you do want to >>>>>>>> >>>>>> cache them* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>> >>>>>> * return ( pass ); * >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING* >>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>> ETC.* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>> {* >>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>> >>>>>> * return (pipe);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>> >>>>>> * return (pass);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>> FETCH TOO, >>>>>>>> >>>>>> EITHER* >>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>> >>>>>> * return( pass );* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>> WP-LOGIN* >>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>> >>>>>> * ){* >>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>> >>>>>> * return (pass);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * return (hash);* >>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>> >>>>>> *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>>>> >>>>>> *return (pass);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") >>>>>>>> {* >>>>>>>> >>>>>> *return (pass);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # purge;* >>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # purge;* >>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (fetch);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>> WANT* >>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>> OF * >>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>> !bereq.http.cookie ~ >>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>> * >>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> Thanks, >>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>> >>>>>> URL: <https://www.varnish-cache.org >>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>> attachment-0001.html> >>>>>>>> >>>>>> >>>>>>>> >>>>>> ------------------------------ >>>>>>>> >>>>>> >>>>>>>> >>>>>> Message: 2 >>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>> >>>>>> From: Ayberk Kimsesiz <[email protected]> >>>>>>>> >>>>>> To: varnish-misc <[email protected]> >>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>> >>>>>> Message-ID: >>>>>>>> >>>>>> <CAPQGzE39XkXy_44z5oUXBO5q5sF5 >>>>>>>> [email protected]> >>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>> >>>>>> >>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>> However, solutions >>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>>>> help? >>>>>>>> >>>>>> >>>>>>>> >>>>>> xf_session_admin >>>>>>>> >>>>>> xf_user >>>>>>>> >>>>>> xf_session >>>>>>>> >>>>>> >>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>>>> domain.com/forum >>>>>>>> >>>>>> <http://domain.com/forum>* >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>> [email protected]>: >>>>>>>> >>>>>> >>>>>>>> >>>>>> > Hi, >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>> settings for XenForo >>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>>>>> current >>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>> >>>>>> > * * ****************************** >>>>>>>> ***************************/* >>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>> >>>>>> > *import std;* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *backend default {* >>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *acl purge {* >>>>>>>> >>>>>> > * "localhost";* >>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>>>>> for various >>>>>>>> >>>>>> > checks* >>>>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>> "[, ].*$", >>>>>>>> >>>>>> > ""); * >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>> purge and ban* >>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>> >>>>>> > purge) {* >>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>> >>>>>> > purge) {* >>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (purge);* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>> allowed."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>> cookies.* >>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>> "^;\s*", "");* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>>>>> (not caching) >>>>>>>> >>>>>> > uncomment* >>>>>>>> >>>>>> > * # return( pass );* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>>>> you do want to >>>>>>>> >>>>>> > cache them* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING* >>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>> ETC.* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>> {* >>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>> >>>>>> > * return (pipe);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>> >>>>>> > * return (pass);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>> IN FETCH TOO, >>>>>>>> >>>>>> > EITHER* >>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>> >>>>>> > * return( pass );* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>> WP-LOGIN* >>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>> >>>>>> > * ){* >>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>> >>>>>> > * return (pass);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * return (hash);* >>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org <http://ki1.org>") {* >>>>>>>> >>>>>> > *return (pass);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org <http://mysql.ki1.org>") >>>>>>>> {* >>>>>>>> >>>>>> > *return (pass);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # purge;* >>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # purge;* >>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (fetch);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>> W3TC * >>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>> WANT* >>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>> OF * >>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>> !bereq.http.cookie ~ >>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>> TEXT * >>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Thanks, >>>>>>>> >>>>>> > >>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>> >>>>>> URL: <https://www.varnish-cache.org >>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>> attachment.html> >>>>>>>> >>>>>> >>>>>>>> >>>>>> ------------------------------ >>>>>>>> >>>>>> >>>>>>>> >>>>>> _______________________________________________ >>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>> >>>>>> [email protected] >>>>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>>>>> >>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>> >>>>>> ********************************************* >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> _______________________________________________ >>>>>>>> >>>>> varnish-misc mailing list >>>>>>>> >>>>> [email protected] >>>>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> _______________________________________________ >>>>>>>> >>>> varnish-misc mailing list >>>>>>>> >>>> [email protected] >>>>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >> >>>>>>>> > >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
