default.vcl

vcl 4.0;
import std;

# localhost isn't my IP, i use NAT IP at .host
backend default {
    .host = "localhost";
    .port = "8080";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
    .max_connections = 800;
}


# SET THE ALLOWED IP OF PURGE REQUESTS
acl purge {
    "localhost";
    "127.0.0.1";
    "here my NAT IP";
}

#THE RECV FUNCTION
sub vcl_recv {
  # Normalize the header, remove the port (in case you're testing this on various TCP ports)
  set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");

  # FORWARD THE IP OF THE REQUEST
  if (req.restarts == 0) {
    if (req.http.x-forwarded-for) {
      set req.http.X-Forwarded-For =
      req.http.X-Forwarded-For + ", " + client.ip;
    } else {
      set req.http.X-Forwarded-For = client.ip;
    }
  }

  # Enable smart refreshing using hash_always_miss
  if (req.http.Cache-Control ~ "no-cache") {
      if (client.ip ~ purge || std.ip(req.http.X-Actual-IP, "here my NAT IP") ~ purge) {
           set req.hash_always_miss = true;
      }
  }

  if (req.method == "PURGE") {
      if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "here my NAT IP") ~ purge) {
          return(synth(405,"Not allowed."));
          }
      return (purge);
    }

  if (req.method == "BAN") {
          # Same ACL check as above:
          if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "here my NAT IP") ~ purge) {
                          return(synth(403, "Not allowed."));
          }
          ban("req.http.host == " + req.http.host +
                    " && req.url == " + req.url);

          # Throw a synthetic page so the
          # request won't go to the backend.
          return(synth(200, "Ban added"));
  }

  # Unset cloudflare cookies
  # Remove has_js and CloudFlare/Google Analytics __* cookies.
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");

    # Remove a ";" prefix, if present.

    set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");

    # For Testing: If you want to test with Varnish passing (not caching) uncomment
    # return( pass );

  # CONFIGURACAO PARA WORDPRESS #
  # Rss
  if (req.url ~ "/feed(/)?") {
    return ( pass );
  }
  #Pass wp-cron
  if (req.url ~ "wp-cron\.php.*") {
   return ( pass );
  }
  ## Do not cache search results, comment these 3 lines if you do want to cache them
  if (req.url ~ "/\?s\=") {
    return ( pass );
  }


  #################################


  # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY.  WITH VARY ACCEPT-ENCODING
  # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
      # No point in compressing these
      unset req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
      set req.http.Accept-Encoding = "deflate";
    } else {
      # unknown algorithm
      unset req.http.Accept-Encoding;
    }
  }

  # PIPE ALL NON-STANDARD REQUESTS
  if (req.method != "GET" &&
    req.method != "HEAD" &&
    req.method != "PUT" &&
    req.method != "POST" &&
    req.method != "TRACE" &&
    req.method != "OPTIONS" &&
    req.method != "DELETE") {
      return (pipe);
  }

  # ONLY CACHE GET AND HEAD REQUESTS
  if (req.method != "GET" && req.method != "HEAD") {
    return (pass);
  }

  # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER
  if ( req.http.cookie ~ "wordpress_logged_in" ) {
    return( pass );
  }

  #IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN THEN UNSET THE COOKIES
  if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
    return (pass);
  }

  if (!(req.url ~ "wp-(login|admin)")){
    unset req.http.cookie;
  }

  if ( !( req.url ~ "wp-(login|admin)" )) {
    unset req.http.Cookie;
  }

  # IF BASIC AUTH IS ON THEN DO NOT CACHE
  if (req.http.Authorization || req.http.Cookie) {
    return (pass);
  }

  ###################################################

  # Post requests will not be cached
  if (req.http.Authorization || req.method == "POST") {
    return (pass);
  }

  # --- Wordpress specific configuration

  # Blitz hack
        if (req.url ~ "/mu-.*") {
                return (pass);
        }


  # Did not cache the admin and login pages
  if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
    return (pass);
  }

   # Do not cache the WooCommerce pages
   ### REMOVE IT IF YOU DO NOT USE WOOCOMMERCE ###
  if (req.url ~ "/(cart|my-account|checkout|addons|/?add-to-cart=)") {
          return (pass);
      }

  # Remove the "has_js" cookie
  set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");

  # Remove any Google Analytics based cookies
  set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");

  # Remove the Quant Capital cookies (added by some plugin, all __qca)
  set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");

  # Remove the wp-settings-1 cookie
  set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");

  # Remove the wp-settings-time-1 cookie
  set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");

  # Remove the wp test cookie
  set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");

  # Are there cookies left with only spaces or that are empty?
  if (req.http.cookie ~ "^ *$") {
        unset req.http.cookie;
  }

  # Cache the following files extensions
  if (req.url ~ "\.(css|js|png|gif|jp(e)?g|swf|ico)") {
    unset req.http.cookie;
  }

  # Normalize Accept-Encoding header and compression
  # https://www.varnish-cache.org/docs/3.0/tutorial/vary.html
  if (req.http.Accept-Encoding) {
    # Do no compress compressed files...
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
          unset req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
          set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
          set req.http.Accept-Encoding = "deflate";
    } else {
      unset req.http.Accept-Encoding;
    }
  }

  # Check the cookies for wordpress-specific items
  if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
    return (pass);
  }
  if (!req.http.cookie) {
    unset req.http.cookie;
  }

  # --- End of Wordpress specific configuration

  # Did not cache HTTP authentication and HTTP Cookie
  if (req.http.Authorization || req.http.Cookie) {
    # Not cacheable by default
    return (pass);
  }

  # Cache all others requests
  return (hash);
}


# PASS FUNCTION
sub vcl_pass {
  return (fetch);
}

# HIT FUNCTION
sub vcl_hit {
  return (deliver);
}

# MISS FUNCTION
sub vcl_miss {
  return (fetch);
}

# FETCH FUNCTION
sub vcl_backend_response {
  # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
  # TENDANCY TO SET VARY USER-AGENT.  YOU MAY OR MAY NOT WANT
  # TO DO THIS
  set beresp.http.Vary = "Accept-Encoding";

  # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
  # TIME THIS PAGE WILL STAY CACHED (TTL)
  if (!(bereq.url ~ "(wp-login|wp-admin|preview=true)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {
    unset beresp.http.set-cookie;
    set beresp.ttl = 52w;
#    set beresp.grace =1d;
  }

  if (beresp.ttl <= 0s ||
    beresp.http.Set-Cookie ||
    beresp.http.Vary == "*") {
      set beresp.ttl = 120 s;
      # set beresp.ttl = 120s;
      set beresp.uncacheable = true;
      return (deliver);
  }

  return (deliver);
}

# DELIVER FUNCTION
sub vcl_deliver {
  if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";
  } else {
     set resp.http.X-Cache = "MISS";
  }
     set resp.http.X-Cache-Hits = obj.hits;
}