vcl 4.0;import std;import directors;backend server1 { .host = "127.

1. vcl 4.0;
2.  
3. import std;
4. import directors;
5.  
6. backend server1 {
7. .host = "127.0.0.1"; # IP or Hostname of backend
8. .port = "8081"; # Port Apache or whatever is listening
9. .max_connections = 800; # That's it
10. .first_byte_timeout = 300s; # How long to wait before we receive a first byte from our backend?
11. .connect_timeout = 300s; # How long to wait for a backend connection?
12. .between_bytes_timeout = 300s; # How long to wait between bytes received from our backend?
13. }
14.  
15. # Only allow purging from specific IPs
16. acl purge {
17. "localhost";
18. "127.0.0.1";
19. "elsitar.com";
20. }
21.  
22. sub vcl_init {
23. # Called when VCL is loaded, before any requests pass through it. Typically used to initialize VMODs.
24. new vdir = directors.round_robin();
25. vdir.add_backend(server1);
26. }
27.  
28.  
29. sub vcl_recv {
30. # Called at the beginning of a request, after the complete request has been received and parsed.
31. # Its purpose is to decide whether or not to serve the request, how to do it, and, if applicable,
32. # which backend to use.
33. # also used to modify the request
34. # send all traffic to the vdir director
35. set req.backend_hint = vdir.backend();
36. # TURN OFF CACHE when needed (just uncomment this only when needed)
37. return(pass);
38. # Tell PageSpeed not to use optimizations specific to this request.
39. set req.http.PS-CapabilityList = "fully general optimizations only";
40.  
41. # Don't allow external entities to force beaconing.
42. unset req.http.PS-ShouldBeacon;
43.  
44. # Authenticate the purge request by IP.
45. if (req.method == "PURGE") {
46. if (!client.ip ~ purge) {
47. return (synth(405,"Not allowed."));
48. }
49. return (purge);
50. }
51.  
52.  
53.  
54.  
55. # Normalize the header, remove the port (in case you're testing this on various TCP ports)
56. set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
57.  
58. # set or append the client.ip to X-Forwarded-For header. Important for logging and correct IPs.
59. if (req.restarts == 0) {
60. if (req.http.X-Forwarded-For) {
61. set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
62. } else {
63. set req.http.X-Forwarded-For = client.ip;
64. }
65. }
66.  
67. ###
68. ### Do not Cache: special cases
69. ###
70. # The code below makes sure the AJAX "add to cart" function works
71. set req.url = regsub(req.url, "add-to-cart=\d+_\d+&", "");
72. # Do not cache AJAX requests.
73. if (req.http.X-Requested-With == "XMLHttpRequest") {
74. return(pass);
75. }
76.  
77. # Post requests will not be cached
78. if (req.http.Authorization || req.method == "POST") {
79. return (pass);
80. }
81.  
82. # Only cache GET or HEAD requests. This makes sure the POST requests are always passed.
83. if (req.method != "GET" && req.method != "HEAD") {
84. return (pass);
85. }
86.  
87. # Dont Cache WordPress post pages and edit pages
88. if (req.url ~ "(wp-admin|post\.php|edit\.php|wp-login)") {
89. return(pass);
90. }
91. #Woocommerce don't cache :
92. if (req.url ~ "^/(cart|my-account/*|checkout|addons|logout|lost-password|product/*)") {
93. return (pass);
94. }
95. #Woocommerce add to cart pass :
96. if (req.url ~ "\?add-to-cart=" ) {
97. return (pass);
98. }
99. if (req.url ~ "/wp-cron.php" || req.url ~ "preview=true") {
100. return (pass);
101. }
102.  
103. # Woocommerce
104. if (req.url ~ "(cart|my-account|checkout|addons)") {
105. return (pass);
106. }
107. if ( req.url ~ "\?add-to-cart=" ) {
108. return (pass);
109. }
110.  
111. # Paid memberships Pro PMP
112. if ( req.url ~ "(membership-account|membership-checkout)" ) {
113. return (pass);
114. }
115.  
116. # WordPress Social Login Plugin. Note: Need to develop this. Please share if you have an example.
117. if (req.url ~ "(wordpress-social-login|wp-social-login)") {
118. return (pass);
119. }
120.  
121. # WP-Affiliate
122. if ( req.url ~ "\?ref=" ) {
123. return (pass);
124. }
125.  
126. # phpBB Logged in users and ACP
127. if ( req.url ~ "(/forumPM/adm/|ucp.php?mode=|\?mode=edit)" ) {
128. return (pass);
129. }
130.  
131.  
132. ###
133. ### http header Cookie
134. ### Remove some cookies (if found)
135. ### Cache This Stuff
136. ###
137. # https://www.varnish-cache.org/docs/4.0/users-guide/increasing-your-hitrate.html#cookies
138.  
139. ### COOKIE MADNESS.
140.  
141. # Remove the "has_js" cookie
142. set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
143.  
144. # Remove any Google Analytics based cookies
145. set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
146. set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
147. set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
148. set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
149. set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
150.  
151. # Remove the Quant Capital cookies (added by some plugin, all __qca)
152. set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
153.  
154. # Remove the wp-settings-1 cookie
155. set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
156.  
157. # Remove the wp-settings-time-1 cookie
158. set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
159.  
160. # Remove the wp test cookie
161. set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
162.  
163. # Remove the phpBB cookie. This will help us cache bots and anonymous users.
164. set req.http.Cookie = regsuball(req.http.Cookie, "style_cookie=[^;]+(; )?", "");
165. set req.http.Cookie = regsuball(req.http.Cookie, "phpbb3_psyfx_track=[^;]+(; )?", "");
166.  
167. # Remove the cloudflare cookie
168. set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
169.  
170. # Remove the PHPSESSID in members area cookie
171. set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID=[^;]+(; )?", "");
172.  
173. # Are there cookies left with only spaces or that are empty?
174. if (req.http.cookie ~ "^\s*$") {
175. unset req.http.cookie;
176. }
177.  
178. # MEGA DROP. Drop ALL cookies sent to WordPress, except those originating from the URLs defined.
179. # This increases HITs significantly, but be careful it can also break plugins that need cookies.
180. # Note: The /members/ directory had problems with PMP login and social login plugin.
181. # Adding it to the exclude list here (and including it below in the "Retain cookies" list) fixed login.
182. # This works better than than other cookie removal examples found on varnish's website.
183. # Note phpBB directory (forumPM) also passes cookies here.
184. #if (!(req.url ~ "(wp-login|wp-admin|cart|my-account|checkout|addons|wordpress-social-login|wp-login\.php|forumPM|members)")) {
185. #unset req.http.cookie;
186. #}
187.  
188. if (!(req.url ~ "(wp-login|wp-admin|cart|my-account/*|checkout|addons|logout|lost-password|product/*)")) {
189. unset req.http.cookie;
190. }
191.  
192. # Normalize the query arguments.
193. # Note: Placing this above the "do not cache" section breaks some WP theme elements and admin functionality.
194. set req.url = std.querysort(req.url);
195.  
196. # Large static files are delivered directly to the end-user without
197. # waiting for Varnish to fully read the file first.
198. # Varnish 4 fully supports Streaming, so see do_stream in vcl_backend_response() to witness the glory.
199. if (req.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
200. unset req.http.Cookie;
201. return (hash);
202. }
203.  
204. # Cache all static files by Removing all cookies for static files
205. # Remember, do you really need to cache static files that don't cause load? Only if you have memory left.
206. # Here I decide to cache these static files. For me, most of them are handled by the CDN anyway.
207. if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|pdf|png|rtf|swf|txt|woff|xml)(\?.*)?$") {
208. unset req.http.Cookie;
209. return (hash);
210. }
211.  
212. # Cache all static files by Removing all cookies for static files - These file extensions are generated by WP Super Cache.
213. if (req.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
214. unset req.http.Cookie;
215. return (hash);
216. }
217.  
218. # Do not cache Authorized requests.
219. if (req.http.Authorization) {
220. return(pass);
221. }
222.  
223. # Cache all others requests.
224. # Note Varnish v4: vcl_recv must now return hash instead of lookup
225. return (hash);
226. }
227.  
228.  
229. sub vcl_pipe {
230. # Called upon entering pipe mode.
231. # In this mode, the request is passed on to the backend, and any further data from both the client
232. # and backend is passed on unaltered until either end closes the connection. Basically, Varnish will
233. # degrade into a simple TCP proxy, shuffling bytes back and forth. For a connection in pipe mode,
234. # no other VCL subroutine will ever get called after vcl_pipe.
235.  
236. # Note that only the first request to the backend will have
237. # X-Forwarded-For set. If you use X-Forwarded-For and want to
238. # have it set for all requests, make sure to have:
239. # set bereq.http.connection = "close";
240. # here. It is not set by default as it might break some broken web
241. # applications, like IIS with NTLM authentication.
242.  
243. # set bereq.http.Connection = "Close";
244.  
245. return (pipe);
246. }
247.  
248.  
249. sub vcl_pass {
250. # Called upon entering pass mode. In this mode, the request is passed on to the backend, and the
251. # backend's response is passed on to the client, but is not entered into the cache. Subsequent
252. # requests submitted over the same client connection are handled normally.
253.  
254. # return (pass);
255. }
256.  
257.  
258. # The data on which the hashing will take place
259. sub vcl_hash {
260. # Called after vcl_recv to create a hash value for the request. This is used as a key
261. # to look up the object in Varnish.
262.  
263. hash_data(req.url);
264.  
265. if (req.http.host) {
266. hash_data(req.http.host);
267. } else {
268. hash_data(server.ip);
269. }
270.  
271. # hash cookies for requests that have them
272. if (req.http.Cookie) {
273. hash_data(req.http.Cookie);
274. }
275.  
276. # If the client supports compression, keep that in a different cache
277. if (req.http.Accept-Encoding) {
278. hash_data(req.http.Accept-Encoding);
279. }
280.  
281. return (lookup);
282. }
283.  
284.  
285. # Handle the HTTP request coming from our backend
286. sub vcl_backend_response {
287. # Called after the response headers has been successfully retrieved from the backend.
288. # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
289. # This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.
290. # A redirect can then often redirect the end-user to a URL on :8080, where it should be :80.
291. # This may need fine tuning on your setup.
292. # To prevent accidental replace, we only filter the 301/302 redirects for now.
293. if (beresp.status == 301 || beresp.status == 302) {
294. set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
295. }
296.  
297.  
298. ###
299. ### Overall TTL
300. ### Note: The TTL is designed to be somewhat aggressive here, to keep things in cache.
301. ###
302. # Lets get this party started.
303. # This will keep things in cache longer
304. if (beresp.ttl > 0s) {
305. unset beresp.http.expires;
306. set beresp.http.cache-control = "max-age=900";
307. set beresp.ttl = 4d; # how long you cache objects
308. set beresp.http.magicmarker = "1";
309. }
310.  
311. # Allow stale content, in case the backend goes down.
312. # make Varnish keep all objects for x hours beyond their TTL
313. set beresp.grace = 12h;
314.  
315. ###
316. ### Static Files
317. ###
318. # Enable cache for all static files
319. # Monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
320. # More reading here: https://ma.ttias.be/stop-caching-static-files/
321. if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
322. set beresp.ttl = 2d; # set a TTL for these optional.
323. unset beresp.http.set-cookie;
324. }
325.  
326. # Cache all static files by Removing all cookies for static files - Note: These file extensions are generated by WordPress WP Super Cache.
327. if (bereq.url ~ "^[^?]*\.(html|htm|gz)(\?.*)?$") {
328. set beresp.ttl = 1d; # set a TTL for these optional.
329. unset beresp.http.set-cookie;
330. }
331.  
332. ###
333. ### Targeted TTL
334. ###
335. # Members section is very dynamic and uses cookies (see cookie settings in vcl_recv).
336. if (bereq.url ~ "/members/") {
337. set beresp.ttl = 2d;
338. }
339. # My Shop section is fairly static when browsing the catalog, but woocommerce is passed in vcl_recv.
340. #if (bereq.url ~ "/shop/") {
341. # set beresp.ttl = 1d;
342. #}
343. # phBB Forum
344. # Note: Cookies are dropped for phpBB in vcl_recv which disables the forums cookies, however, logged in users still get a hash.
345. # I set the anonymous user as a bot in phpBB admin settings. As bots dont use cookies, this gives 99% hit rate.
346. if (bereq.url ~ "/forumPM/") {
347. set beresp.ttl = 2h;
348. }
349. # Long ttl sites
350. if (bereq.url ~ "(example.com|example2.com)") {
351. set beresp.ttl = 1w;
352. }
353.  
354. # Large static files are delivered directly to the end-user without
355. # waiting for Varnish to fully read the file first.
356. # Varnish 4 fully supports Streaming, so use streaming here to avoid locking.
357. # I do not stream large files from my server, I use a CDN or dropbox, so I have not tested this.
358. if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
359. unset beresp.http.set-cookie;
360. set beresp.do_stream = true; # Check memory usage it'll grow in fetch_chunksize blocks (128k by default) if the backend doesn't send a Content-Length header, so only enable it for big objects
361. set beresp.do_gzip = false; # Don't try to compress it for storage
362. }
363.  
364. # don't cache response to posted requests or those with basic auth
365. if ( bereq.method == "POST" || bereq.http.Authorization ) {
366. set beresp.uncacheable = true;
367. set beresp.ttl = 120s;
368. return (deliver);
369. }
370. }
371.  
372. sub vcl_hit {
373. # 5% of the time ignore that we got a cache hit and send the request to the
374. # backend anyway for instrumentation.
375. if (std.random(0, 100) < 5) {
376. set req.http.PS-ShouldBeacon = "yoursecretkey";
377. return (pass);
378. }
379. }
380. sub vcl_miss {
381. # Instrument 25% of cache misses.
382. if (std.random(0, 100) < 25) {
383. set req.http.PS-ShouldBeacon = "yoursecretkey";
384. return (pass);
385. }
386. }
387.  
388.  
389. # The routine when we deliver the HTTP request to the user
390. # Last chance to modify headers that are sent to the client
391. sub vcl_deliver {
392. # Called before a cached object is delivered to the client.
393.  
394. # Mark HTML as uncacheable for our responses.
395. if (resp.http.Content-Type ~ "text/html") {
396. unset resp.http.Cache-Control;
397. set resp.http.Cache-Control = "no-cache, max-age=0";
398. }
399.  
400. if (obj.hits > 0) { # Add debug header to see if it's a HIT/MISS and the number of hits, disable when not needed
401. set resp.http.X-Cache = "HIT";
402. } else {
403. set resp.http.X-Cache = "MISS";
404. }
405.  
406. # Please note that obj.hits behaviour changed in 4.0, now it counts per objecthead, not per object
407. # and obj.hits may not be reset in some cases where bans are in use. See bug 1492 for details.
408. # So take hits with a grain of salt
409. set resp.http.X-Cache-Hits = obj.hits;
410.  
411. # Remove some headers: PHP version
412. unset resp.http.X-Powered-By;
413.  
414. # Remove some headers: Apache version & OS
415. unset resp.http.Server;
416. unset resp.http.X-Drupal-Cache;
417. unset resp.http.X-Varnish;
418. unset resp.http.Age;
419. unset resp.http.Via;
420. unset resp.http.Link;
421. unset resp.http.X-Generator;
422.  
423. if (resp.http.magicmarker) {
424. unset resp.http.magicmarker;
425. set resp.http.age = "0";
426. }
427.  
428. return (deliver);
429. }
430.  
431.  
432.  
433. sub vcl_synth {
434. if (resp.status == 720) {
435. # We use this special error status 720 to force redirects with 301 (permanent) redirects
436. # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
437. set resp.http.Location = resp.reason;
438. set resp.status = 301;
439. return (deliver);
440. } elseif (resp.status == 721) {
441. # And we use error status 721 to force redirects with a 302 (temporary) redirect
442. # To use this, call the following from anywhere in vcl_recv: return (synth(720, "http://host/new.html"));
443. set resp.http.Location = resp.reason;
444. set resp.status = 302;
445. return (deliver);
446. }
447.  
448. return (deliver);
449. }
450.  
451.  
452. sub vcl_fini {
453. # Called when VCL is discarded only after all requests have exited the VCL.
454. # Typically used to clean up VMODs.
455.  
456. return (ok);
457. }