Updated VCL

1. vcl 4.0;
2. import variable;
3. /**
4.  * Example VCL for Authcache Varnish / Authcache ESI
5.  * =================================================
6.  *
7.  * See also core.vcl for detailed information.
8.  *
9.  * Credits & Sources
10.  * -----------------
11.  * * Josh Waihi - Authenticated page caching with Varnish & Drupal:
12.  *   http://joshwaihi.com/content/authenticated-page-caching-varnish-drupal
13.  * * Four Kitchens - Configure Varnish 3 for Drupal 7:
14.  *   https://fourkitchens.atlassian.net/wiki/display/TECH/Configure+Varnish+3+for+Drupal+7
15.  * * The Varnish Book:
16.  *   https://www.varnish-software.com/static/book/
17.  * * The Varnish Book - VCL Request Flow:
18.  *   https://www.varnish-software.com/static/book/_images/vcl.png
19.  */
20.  
21. # TODO: Update internal subnet ACL and security.
22.  
23. # Define the internal network subnet.
24. # These are used below to allow internal access to certain files while not
25. # allowing access from the public internet.
26.  acl internalIps {
27.     "XX.XX.XX.XX";
28.     "XX.XX.XX.XX";
29.  }
30.  
31. /**
32.  * Define all your backends here.
33.  */
34.  
35. backend default {
36.   .host = "127.0.0.1";
37.   .port = "8080";
38.   .max_connections = 250;
39.   .connect_timeout = 300s;
40.   .first_byte_timeout = 300s;
41.   .between_bytes_timeout = 300s;
42. }
43.  
44. backend stage {
45.   .host = "127.0.0.1";
46.   .port = "8080";
47.   .max_connections = 250;
48.   .connect_timeout = 300s;
49.   .first_byte_timeout = 300s;
50.   .between_bytes_timeout = 300s;
51. }
52.  
53. /**
54.  * Include Authcache Varnish core.vcl.
55.  */
56. include "/etc/varnish/core.vcl";
57.  
58. /**
59.  * Defines where the authcache varnish key callback is located.
60.  *
61.  * Note that the key-retrieval path must start with a slash and must include
62.  * the path prefix if any (e.g. on multilingual sites or if Drupal is installed
63.  * in a subdirectory).
64.  */
65. sub authcache_key_path {
66.   set req.http.X-Authcache-Key-Path = "/authcache-varnish-get-key";
67. }
68.  
69. /**
70.  * Derive the cache identifier for the key cache.
71.  */
72. sub authcache_key_cid {
73.   if (req.http.Cookie ~ "(^|;)\s*S?SESS[a-z0-9]+=") {
74.     // Use the whole session cookie to differentiate between authenticated
75.     // users.
76.     set req.http.X-Authcache-Key-CID = "sess:"+regsuball(req.http.Cookie, "^(.*;\s*)?(S?SESS[a-z0-9]+=[^;]*).*$", "\2");
77.   }
78.   else {
79.     // If authcache key retrieval was enforced for anonymous traffic, the HTTP
80.     // host is used in order to keep apart anonymous users of different
81.     // domains.
82.     set req.http.X-Authcache-Key-CID = "host:"+req.http.host;
83.   }
84.     if (req.http.Cookie ~ "(^|;\s*)(aucp14=1)(;|$)"){
85.         set req.http.X-Authcache-Key-CID = req.http.X-Authcache-Key-CID + "-iva1";
86.     } else if (req.http.Cookie ~ "(^|;\s*)(aucp14=0)(;|$)"){
87.         set req.http.X-Authcache-Key-CID = req.http.X-Authcache-Key-CID + "-iva0";
88.     } else {
89.         if (req.http.Cookie ~ "(^|;\s*)(aucp14=)(;|$)"){
90.            set req.http.Cookie = regsuball(req.http.Cookie, "aucp14", "cancel_aucp14");
91.         }
92.         set req.http.X-Authcache-Key-CID = req.http.X-Authcache-Key-CID + "-iva1";
93.         set req.http.Cookie = req.http.Cookie + ";aucp14=1";
94.     }
95. }
96.  
97. /**
98.  * Place your custom vcl_recv code here.
99.  */
100. sub authcache_recv {
101.  
102.   # Pipe these paths directly to Apache for streaming.
103.   if (req.url ~ "^/admin/content/backup_migrate/export") {
104.     return (pipe);
105.   }
106.  
107.    if (req.url ~ "^/(cron|install)\.php" ) {
108.      set req.url = "/404";
109.      return (hash);
110.      //return (synth(404));
111.    }
112.  
113.    if (
114.        //req.url ~ "^/authcache-varnish-get-key*$" ||
115.        req.url ~ "^/admin$" ||
116.        req.url ~ "^/admin/.*$" ||
117.        req.url ~ "^/batch.*$" ||
118.        req.url ~ "^/comment/edit.*$" ||
119.        req.url ~ "^/cron\.php$" ||
120.        req.url ~ "^/system/ajax$" ||
121.        req.url ~ "^/callback/ajax/.*$" ||
122.        req.url ~ "^/install\.php$" ||
123.        req.url ~ "^/phpmyadmin/.*$" ||
124.        req.url ~ "^/node/*/edit$" ||
125.        req.url ~ "^/node/*/track$" ||
126.        req.url ~ "^/node/add/.*$" ||
127.        req.url ~ "^/status\.php$" ||
128.        req.url ~ "^/system/files/*.$" ||
129.        req.url ~ "^/system/temporary.*$" ||
130.        req.url ~ "^/tracker$" ||
131.        req.url ~ "^/update\.php$" ||
132.        req.url ~ "^/user$" ||
133.        req.url ~ "^/user/.*$" ||
134.        req.url ~ "^/users/.*$") {
135.      return (pass);
136.    }
137.   // no cache these files
138.   if (req.url ~ "(?i)\.(xml|pdf|asc|dat|txt|doc|xls|ppt|tgz|csv|swf)(\?.*)?$") {
139.    return (pass);
140.   }
141.  
142.     //Always put has_js=1 for crawlers not have js activated
143.     if (req.http.Cookie !~ "(^|;\s*)(has_js=1)(;|$)"){
144.         if (req.http.Cookie ~ "(^|;\s*)(has_js=)(|$)"){
145.          //replace
146.          set req.http.Cookie = regsuball(req.http.Cookie, "has_js", "not_has_js");
147.         }
148.         //add
149.         set req.http.Cookie = req.http.Cookie + ";has_js=1";
150.     }
151.    set req.http.Original-Cookie = req.http.Cookie;
152.  
153.    if (req.http.Cookie) {
154.      set req.http.Cookie = ";" + req.http.Cookie;
155.      set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
156.      set req.http.Cookie = regsuball(req.http.Cookie, ";(S?SESS[a-z0-9]+|aucp13n|XDEBUG_SESSION|NO_CACHE_MAC|nocachemac|aucp14|has_js)=", "; \1=");
157.      set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
158.      set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
159.  
160.      if (req.http.Cookie == "") {
161.        unset req.http.Cookie;
162.      }
163.    }
164.  
165.    if (!req.http.X-Authcache-Get-Key) {
166.      set req.http.X-Authcache-Get-Key = "get";
167.    }
168. }
169.  
170. sub vcl_backend_fetch {
171.  
172. }
173.  
174. sub vcl_backend_response {
175.  
176. }
177.  
178. sub vcl_deliver {
179.   if (client.ip ~ internalIps){
180.      if (obj.hits > 0) {
181.        set resp.http.X-Varnish-Cache = "HIT";
182.      }
183.      else {
184.        set resp.http.X-Varnish-Cache = "MISS";
185.      }
186.   }
187. }
188.  
189. sub vcl_synth {
190.  set resp.http.Content-Type = "text/html; charset=utf-8";
191.  set resp.http.Retry-After = "60";
192.  synthetic( {"
193. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
194. <html xmlns="http://www.w3.org/1999/xhtml">
195. <head>
196.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
197.   <title>Title</title>
198. </head>
199. <body>
200. <div style="text-align: center;">
201.   <a href="#""><img src="server-error.jpg" style="margin:0; border: 0;max-width:100%;"/></a>
202. </div>
203. <div class="error">(Error "} + beresp.status + " " + beresp.reason + {")</div>
204. </body>
205. </html>"});
206.  return (deliver);
207. }
208.  
209.  
210. # In the event of an error, show friendlier messages.
211. sub vcl_backend_error {
212.   # Redirect to some other URL in the case of a homepage failure.
213.  
214.   # Otherwise redirect to the homepage, which will likely be in the cache.
215.   set bereq.http.Content-Type = "text/html; charset=utf-8";
216.   synthetic( {"
217. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
218. <html xmlns="http://www.w3.org/1999/xhtml">
219. <head>
220.   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
221.   <title>Title</title>
222. </head>
223. <body>
224. <div style="text-align: center;">
225.   <a href="#""><img src="server-error.jpg" style="margin:0; border: 0;max-width:100%;"/></a>
226. </div>
227. <div class="error">(Error "} + beresp.status + " " + beresp.reason + {")</div>
228. </body>
229. </html>"});
230.   return (deliver);
231. }