vcl 4.0;import std;import directors;backend server1 { .host = "127.

1. vcl 4.0;
2.  
3. import std;
4. import directors;
5.  
6. backend server1 {
7.   .host = "127.0.0.1";             # IP or Hostname of backend
8.   .port = "8081";                  # Port Apache or whatever is listening
9.   .max_connections = 800;          # That's it
10.   .first_byte_timeout = 300s;      # How long to wait before we receive a first byte from our backend?
11.   .connect_timeout = 300s;         # How long to wait for a backend connection?
12.   .between_bytes_timeout = 300s;   # How long to wait between bytes received from our backend?
13. }
14.  
15. # Only allow purging from specific IPs
16. acl purge {
17.     "localhost";
18.     "127.0.0.1";
19.     "elsitar.com";
20. }
21.  
22. sub vcl_init {
23.   # Called when VCL is loaded, before any requests pass through it. Typically used to initialize VMODs.
24.   new vdir = directors.round_robin();
25.   vdir.add_backend(server1);
26. }
27.  
28.  
29. sub vcl_recv {
30.   # Called at the beginning of a request, after the complete request has been received and parsed.
31.   # Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable,
32.   # which backend to use.
33.   # also used to modify the request
34.   # send all traffic to the vdir director
35.   set req.backend_hint = vdir.backend();
36.   # TURN OFF CACHE when needed (just uncomment this only when needed)
37.   # return(pass);
38.   # Tell PageSpeed not to use optimizations specific to this request.
39.   set req.http.PS-CapabilityList = "fully general optimizations only";
40.  
41.   # Don't allow external entities to force beaconing.
42.   unset req.http.PS-ShouldBeacon;
43.  
44.   # Authenticate the purge request by IP.
45.   if (req.method == "PURGE") {
46.     if (!client.ip ~ purge) {
47.       return (synth(405,"Not allowed."));
48.     }
49.     return (purge);
50.   }
51.  
52.  
53.  
54.  
55.   # Normalize the header, remove the port (in case you're testing this on various TCP ports)
56.   set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
57.  
58.   # set or append the client.ip to X-Forwarded-For header. Important for logging and correct IPs.
59.   if (req.restarts == 0) {
60.     if (req.http.X-Forwarded-For) {
61.       set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
62.     } else {
63.       set req.http.X-Forwarded-For = client.ip;
64.     }
65.   }
66.  
67. ###
68. ### Do not Cache: special cases
69. ###
70.  
71.   # Do not cache AJAX requests.
72.     if (req.http.X-Requested-With == "XMLHttpRequest") {
73.         return(pass);
74.     }
75.  
76.   # Post requests will not be cached
77.     if (req.http.Authorization || req.method == "POST") {
78.         return (pass);
79.     }
80.  
81.   # Only cache GET or HEAD requests. This makes sure the POST requests are always passed.
82.     if (req.method != "GET" && req.method != "HEAD") {
83.         return (pass);
84.    }
85.  
86.   # Dont Cache WordPress post pages and edit pages
87.     if (req.url ~ "(wp-admin|post\.php|edit\.php|wp-login)") {
88.         return(pass);
89.     }
90.   #Woocommerce don't cache :
91.     if (req.url ~ "^/(cart|my-account/*|checkout|addons|logout|lost-password|product/*)") {
92.     return (pass);
93.     }
94.   #Woocommerce add to cart pass :
95.     if (req.url ~ "\?add-to-cart=" ) {
96.     return (pass);
97.     }
98.     if (req.url ~ "/wp-cron.php" || req.url ~ "preview=true") {
99.         return (pass);
100.     }
101.  
102.   # Woocommerce
103.     if (req.url ~ "(cart|my-account|checkout|addons)") {
104.         return (pass);
105.     }
106.     if ( req.url ~ "\?add-to-cart=" ) {
107.         return (pass);
108.     }
109.  
110.   # Paid memberships Pro PMP
111.     if ( req.url ~ "(membership-account|membership-checkout)" ) {
112.         return (pass);
113.     }
114.  
115.   # WordPress Social Login Plugin. Note: Need to develop this. Please share if you have an example.
116.     if (req.url ~ "(wordpress-social-login|wp-social-login)") {
117.         return (pass);
118.     }
119.  
120.   # WP-Affiliate
121.     if ( req.url ~ "\?ref=" ) {
122.         return (pass);
123.     }
124.  
125.   # phpBB Logged in users and ACP
126.     if ( req.url ~ "(/forumPM/adm/|ucp.php?mode=|\?mode=edit)" ) {
127.         return (pass);
128.     }
129.  
130.  
131. ###
132. ###    http header Cookie
133. ###    Remove some cookies (if found)
134. ###    Cache This Stuff
135. ###
136. # https://www.varnish-cache.org/docs/4.0/users-guide/increasing-your-hitrate.html#cookies
137.  
138.   ### COOKIE MADNESS.
139.  
140.     # Remove the "has_js" cookie
141.     set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
142.  
143.     # Remove any Google Analytics based cookies
144.     set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
145.     set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
146.     set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
147.     set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
148.     set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
149.  
150.     # Remove the Quant Capital cookies (added by some plugin, all __qca)
151.     set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
152.  
153.     # Remove the wp-settings-1 cookie
154.     set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
155.  
156.     # Remove the wp-settings-time-1 cookie
157.     set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
158.  
159.     # Remove the wp test cookie
160.     set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
161.  
162.     # Remove the phpBB cookie. This will help us cache bots and anonymous users.
163.     set req.http.Cookie = regsuball(req.http.Cookie, "style_cookie=[^;]+(; )?", "");
164.     set req.http.Cookie = regsuball(req.http.Cookie, "phpbb3_psyfx_track=[^;]+(; )?", "");
165.  
166.     # Remove the cloudflare cookie
167.     set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
168.  
169.     # Remove the PHPSESSID in members area cookie
170.     set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID=[^;]+(; )?", "");
171.  
172.     # Are there cookies left with only spaces or that are empty?
173.     if (req.http.cookie ~ "^\s*$") {
174.     unset req.http.cookie;
175.     }
176.  
177.   # MEGA DROP. Drop ALL cookies sent to WordPress, except those originating from the URLs defined.
178.   # This increases HITs significantly, but be careful it can also break plugins that need cookies.
179.   # Note: The /members/ directory had problems with PMP login and social login plugin.
180.   # Adding it to the exclude list here (and including it below in the "Retain cookies" list) fixed login.
181.   # This works better than than other cookie removal examples found on varnish's website.
182.   # Note phpBB directory (forumPM) also passes cookies here.
183.   if (!(req.url ~ "(wp-login|wp-admin|cart|my-account|checkout|addons|wordpress-social-login|wp-login\.php|forumPM|members)")) {
184.   unset req.http.cookie;
185.   }
186.    
187.     if (!(req.url ~ "(wp-login|wp-admin|cart|my-account/*|checkout|addons|logout|lost-password|product/*)")) {
188.     unset req.http.cookie;
189.   }
190.  
191.   # Normalize the query arguments.
192.   # Note: Placing this above the "do not cache" section breaks some WP theme elements and admin functionality.
193.   set req.url = std.querysort(req.url);
194.  
195.   # Large static files are delivered directly to the end-user without
196.   # waiting for Varnish to fully read the file first.
197.   # Varnish 4 fully supports Streaming, so see do_stream in vcl_backend_response() to witness the glory.
198.   if (req.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
199.     unset req.http.Cookie;
200.     return (hash);
201.   }
202.  
203.   # Cache all static files by Removing all cookies for static files
204.   # Remember, do you really need to cache static files that don't cause load? Only if you have memory left.
205.   # Here I decide to cache these static files. For me, most of them are handled by the CDN anyway.
206.   if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|pdf|png|rtf|swf|txt|woff|xml)(\?.*)?$") {
207.     unset req.http.Cookie;
208.     return (hash);
209.   }
210.  
211.   # Cache all static files by Removing all cookies for static files - These file extensions are generated by WP Super Cache.
212.   if (req.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
213.     unset req.http.Cookie;
214.     return (hash);
215.   }
216.  
217.   # Do not cache Authorized requests.
218.     if (req.http.Authorization) {
219.         return(pass);
220.     }
221.  
222.  # Cache all others requests.
223.  # Note Varnish v4: vcl_recv must now return hash instead of lookup
224.     return (hash);
225. }
226.  
227.  
228. sub vcl_pipe {
229.   # Called upon entering pipe mode.
230.   # In this mode, the request is passed on to the backend, and any further data from both the client
231.   # and backend is passed on unaltered until either end closes the connection. Basically, Varnish will
232.   # degrade into a simple TCP proxy, shuffling bytes back and forth. For a connection in pipe mode,
233.   # no other VCL subroutine will ever get called after vcl_pipe.
234.  
235.   # Note that only the first request to the backend will have
236.   # X-Forwarded-For set.  If you use X-Forwarded-For and want to
237.   # have it set for all requests, make sure to have:
238.   # set bereq.http.connection = "close";
239.   # here.  It is not set by default as it might break some broken web
240.   # applications, like IIS with NTLM authentication.
241.  
242.   # set bereq.http.Connection = "Close";
243.  
244.   return (pipe);
245. }
246.  
247.  
248. sub vcl_pass {
249.   # Called upon entering pass mode. In this mode, the request is passed on to the backend, and the
250.   # backend's response is passed on to the client, but is not entered into the cache. Subsequent
251.   # requests submitted over the same client connection are handled normally.
252.  
253.   # return (pass);
254. }
255.  
256.  
257. # The data on which the hashing will take place
258. sub vcl_hash {
259.   # Called after vcl_recv to create a hash value for the request. This is used as a key
260.   # to look up the object in Varnish.
261.  
262.   hash_data(req.url);
263.  
264.   if (req.http.host) {
265.     hash_data(req.http.host);
266.   } else {
267.     hash_data(server.ip);
268.   }
269.  
270.   # hash cookies for requests that have them
271.   if (req.http.Cookie) {
272.     hash_data(req.http.Cookie);
273.   }
274.  
275.   # If the client supports compression, keep that in a different cache
276.   if (req.http.Accept-Encoding) {
277.       hash_data(req.http.Accept-Encoding);
278.   }
279.  
280.   return (lookup);
281. }
282.  
283.  
284. # Handle the HTTP request coming from our backend
285. sub vcl_backend_response {
286.   # Called after the response headers has been successfully retrieved from the backend.
287.   # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
288.   # This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.
289.   # A redirect can then often redirect the end-user to a URL on :8080, where it should be :80.
290.   # This may need fine tuning on your setup.
291.   # To prevent accidental replace, we only filter the 301/302 redirects for now.
292.   if (beresp.status == 301 || beresp.status == 302) {
293.     set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
294.   }
295.  
296.  
297. ###
298. ### Overall TTL
299. ### Note: The TTL is designed to be somewhat aggressive here, to keep things in cache.
300. ###
301.   # Lets get this party started.
302.   # This will keep things in cache longer
303.   if (beresp.ttl > 0s) {
304.   unset beresp.http.expires;
305.   set beresp.http.cache-control = "max-age=900";
306.   set beresp.ttl = 4d; # how long you cache objects
307.   set beresp.http.magicmarker = "1";
308.   }
309.  
310.   # Allow stale content, in case the backend goes down.
311.   # make Varnish keep all objects for x hours beyond their TTL
312.   set beresp.grace = 12h;
313.  
314. ###
315. ### Static Files
316. ###
317.   # Enable cache for all static files
318.   # Monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
319.   # More reading here: https://ma.ttias.be/stop-caching-static-files/
320.   if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
321.     set beresp.ttl = 2d; # set a TTL for these optional.
322.     unset beresp.http.set-cookie;
323.   }
324.  
325.   # Cache all static files by Removing all cookies for static files - Note: These file extensions are generated by WordPress WP Super Cache.
326.   if (bereq.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
327.     set beresp.ttl = 1d; # set a TTL for these optional.
328.     unset beresp.http.set-cookie;
329.   }
330.  
331. ###
332. ### Targeted TTL
333. ###
334.   # Members section is very dynamic and uses cookies (see cookie settings in vcl_recv).
335.   if (bereq.url ~ "/members/") {
336.     set beresp.ttl = 2d;
337.   }
338.   # My Shop section is fairly static when browsing the catalog, but woocommerce is passed in vcl_recv.
339.   if (bereq.url ~ "/shop/") {
340.     set beresp.ttl = 1d;
341.   }
342.   # phBB Forum
343.   # Note: Cookies are dropped for phpBB in vcl_recv which disables the forums cookies, however, logged in users still get a hash.
344.   # I set the anonymous user as a bot in phpBB admin settings. As bots dont use cookies, this gives 99% hit rate.
345.   if (bereq.url ~ "/forumPM/") {
346.     set beresp.ttl = 2h;
347.   }
348.   # Long ttl sites
349.   if (bereq.url ~ "(example.com|example2.com)") {
350.     set beresp.ttl = 1w;
351.   }
352.  
353.   # Large static files are delivered directly to the end-user without
354.   # waiting for Varnish to fully read the file first.
355.   # Varnish 4 fully supports Streaming, so use streaming here to avoid locking.
356.   # I do not stream large files from my server, I use a CDN or dropbox, so I have not tested this.
357.   if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
358.     unset beresp.http.set-cookie;
359.     set beresp.do_stream = true;  # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
360.     set beresp.do_gzip = false;   # Don't try to compress it for storage
361.   }
362.  
363.   # don't cache response to posted requests or those with basic auth
364.   if ( bereq.method == "POST" || bereq.http.Authorization ) {
365.     set beresp.uncacheable = true;
366.     set beresp.ttl = 120s;
367.     return (deliver);
368.         }
369. }
370.  
371. sub vcl_hit {
372.   # 5% of the time ignore that we got a cache hit and send the request to the
373.   # backend anyway for instrumentation.
374.   if (std.random(0, 100) < 5) {
375.     set req.http.PS-ShouldBeacon = "yoursecretkey";
376.     return (pass);
377.   }
378. }
379. sub vcl_miss {
380.   # Instrument 25% of cache misses.
381.   if (std.random(0, 100) < 25) {
382.     set req.http.PS-ShouldBeacon = "yoursecretkey";
383.     return (pass);
384.   }
385. }
386.  
387.  
388. # The routine when we deliver the HTTP request to the user
389. # Last chance to modify headers that are sent to the client
390. sub vcl_deliver {
391.   # Called before a cached object is delivered to the client.
392.  
393.   # Mark HTML as uncacheable for our responses.
394.   if (resp.http.Content-Type ~ "text/html") {
395.      unset resp.http.Cache-Control;
396.      set resp.http.Cache-Control = "no-cache, max-age=0";
397.   }
398.  
399.   if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
400.     set resp.http.X-Cache = "HIT";
401.   } else {
402.     set resp.http.X-Cache = "MISS";
403.   }
404.  
405.   # Please note that obj.hits behaviour changed in 4.0, now it counts per objecthead, not per object
406.   # and obj.hits may not be reset in some cases where bans are in use. See bug 1492 for details.
407.   # So take hits with a grain of salt
408.   set resp.http.X-Cache-Hits = obj.hits;
409.  
410.   # Remove some headers: PHP version
411.    unset resp.http.X-Powered-By;
412.  
413.   # Remove some headers: Apache version & OS
414.   unset resp.http.Server;
415.   unset resp.http.X-Drupal-Cache;
416.   unset resp.http.X-Varnish;
417.   unset resp.http.Age;
418.   unset resp.http.Via;
419.   unset resp.http.Link;
420.   unset resp.http.X-Generator;
421.  
422.   if (resp.http.magicmarker) {
423.   unset resp.http.magicmarker;
424.   set resp.http.age = "0";
425.   }
426.  
427.   return (deliver);
428. }
429.  
430.  
431.  
432. sub vcl_synth {
433.   if (resp.status == 720) {
434.     # We use this special error status 720 to force redirects with 301 (permanent) redirects
435.     # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
436.     set resp.http.Location = resp.reason;
437.     set resp.status = 301;
438.     return (deliver);
439.   } elseif (resp.status == 721) {
440.     # And we use error status 721 to force redirects with a 302 (temporary) redirect
441.     # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
442.     set resp.http.Location = resp.reason;
443.     set resp.status = 302;
444.     return (deliver);
445.   }
446.  
447.   return (deliver);
448. }
449.  
450.  
451. sub vcl_fini {
452.   # Called when VCL is discarded only after all requests have exited the VCL.
453.   # Typically used to clean up VMODs.
454.  
455.   return (ok);
456. }