Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ## Redirect requests to Apache, running on port 8000 on localhost
- backend apache {
- .host = "127.0.0.1";
- .port = "8000";
- }
- acl purge {
- "localhost";
- "127.0.0.1";
- "127.0.1.1";
- "testing.domain.com";
- }
- sub vcl_recv {
- # remove ?ver=xxxxx strings from urls so css and js files are cached.
- # Watch out when upgrading WordPress, need to restart Varnish or flush cache.
- set req.url = regsub(req.url, "\?ver=.*$", "");
- # Remove "replytocom" from requests to make caching better.
- set req.url = regsub(req.url, "\?replytocom=.*$", "");
- remove req.http.X-Forwarded-For;
- set req.http.X-Forwarded-For = client.ip;
- ## If the request to the backend returns a code other than 200, restart the loop
- ## If the number of restarts reaches the value of the parameter max_restarts,
- ## the request will be error'ed. max_restarts defaults to 4. This prevents
- ## an eternal loop in the event that, e.g., the object does not exist at all.
- # if (beresp.status != 200 && beresp.status != 403 && beresp.status != 404) {
- # return(restart);
- # }
- # Exclude this site because it breaks if cached
- #if ( req.http.host == "testing.domain.com" ) {
- # return( pass );
- #}
- # Serve objects up to 2 minutes past their expiry if the backend is slow to respond.
- set req.grace = 120s;
- # Strip cookies for static files:
- if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
- unset req.http.Cookie;
- return(lookup);
- }
- # Remove has_js and Google Analytics __* cookies.
- set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", "");
- # Remove a ";" prefix, if present.
- set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
- # Remove empty cookies.
- if (req.http.Cookie ~ "^\s*$") {
- unset req.http.Cookie;
- }
- if (req.request == "PURGE") {
- if (!client.ip ~ purge) {
- error 405 "Not allowed.";
- }
- return (lookup);
- }
- if (req.request == "BAN") {
- if (!client.ip ~ purge) {
- error 405 "Not allowed.";
- }
- ban("req.url ~ " + req.url + " && req.http.host == " + req.http.host);
- error 200 "Ban added";
- }
- # Pass anything other than GET and HEAD directly.
- if (req.request != "GET" && req.request != "HEAD") {
- return( pass );
- } /* We only deal with GET and HEAD by default */
- # remove cookies for comments cookie to make caching better.
- set req.http.cookie = regsub(req.http.cookie, "1231111111111111122222222333333=[^;]+(; )?", "");
- # never cache the admin pages, or the server-status page
- if (req.request == "GET" && (req.url ~ "(wp-admin|bb-admin|server-status|feed)")) {
- return(pipe);
- }
- # don't cache authenticated sessions
- if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
- return(pass);
- }
- # don't cache ajax requests
- if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~ "(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)") {
- return (pass);
- }
- return( lookup );
- }
- sub vcl_hash {
- # Each cached page has to be identified by a key that unlocks it.
- # Add the browser cookie only if a WordPress cookie found.
- if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)" ) {
- #if (req.http.Cookie) {
- #set req.hash += req.http.Cookie;
- hash_data(req.http.Cookie);
- }
- }
- # Called after a document has been successfully retrieved from the backend.
- sub vcl_fetch {
- # Uncomment to make the default cache "time to live" is 5 minutes, handy
- # but it may cache stale pages unless purged. (TODO)
- # By default Varnish will use the headers sent to it by Apache (the backend server)
- # to figure out the correct TTL.
- # WP Super Cache sends a TTL of 3 seconds, set in wp-content/cache/.htaccess
- set beresp.ttl = 24h;
- # Strip cookies for static files and set a long cache expiry time.
- if (req.url ~ "\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|pdf|txt|tar|wav|bmp|rtf|js|flv|swf|html|htm)$") {
- unset beresp.http.set-cookie;
- set beresp.ttl = 24h;
- }
- # If WordPress cookies found then page is not cacheable
- if (req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_)") {
- # set beresp.cacheable = false;#versions less than 3
- #beresp.ttl>0 is cacheable so 0 will not be cached
- set beresp.ttl = 0s;
- } else {
- # set beresp.cacheable = true;
- set beresp.ttl=24h; #cache for 24hrs
- }
- # Varnish determined the object was not cacheable
- if (!beresp.ttl > 0s) {
- set beresp.http.X-Cacheable = "NO:Not Cacheable";
- } else if ( req.http.Cookie ~"(wp-postpass|wordpress_logged_in|comment_author_|UserID|_session)" ) {
- # You don't wish to cache content for logged in users
- set beresp.http.X-Cacheable = "NO:Got Session";
- return(hit_for_pass);
- } else if ( beresp.http.Cache-Control ~ "private") {
- # You are respecting the Cache-Control=private header from the backend
- set beresp.http.X-Cacheable = "NO:Cache-Control=private";
- return(hit_for_pass);
- } else if ( beresp.ttl < 1s ) {
- # You are extending the lifetime of the object artificially
- set beresp.ttl = 300s;
- set beresp.grace = 300s;
- set beresp.http.X-Cacheable = "YES:Forced";
- } else {
- # Varnish determined the object was cacheable
- set beresp.http.X-Cacheable = "YES";
- }
- if (beresp.status == 404 || beresp.status >= 500) {
- set beresp.ttl = 0s;
- }
- ## Remove the X-Forwarded-For header if it exists.
- remove req.http.X-Forwarded-For;
- ## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
- set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
- ## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
- if (req.url ~ "^/w00tw00t") {
- error 403 "Not permitted";
- }
- if (req.url ~ "^/phpmyadmin") {error 403;}
- if (req.url ~ "^/PhpMyAdmin") {error 403;}
- if (req.url ~ "^/databases") {error 403;}
- if (req.url ~ "^/pma") {error 403;}
- if (req.url ~ "^/Toata") {error 403;}
- ## Deliver the content
- return(deliver);
- }
- ## Deliver
- #sub vcl_deliver {
- ## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
- ## Since we're not caching (yet), why bother telling people we use it?
- #remove resp.http.X-Varnish;
- #remove resp.http.Via;
- #remove resp.http.Age;
- ## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
- #remove resp.http.X-Powered-By;
- #}
- sub vcl_deliver {
- // Debugging
- if (obj.hits > 0) {
- set resp.http.X-Cache = "HIT";
- } else {
- set resp.http.X-Cache = "MISS";
- }
- // Remove some headers: PHP version
- unset resp.http.X-Powered-By;
- // Remove some headers: Apache version & OS
- unset resp.http.Server;
- return (deliver);
- }
- sub vcl_error {
- set obj.http.Content-Type = "text/html; charset=utf-8";
- set obj.http.Retry-After = "5";
- synthetic {"
- <?xml version="1.0" encoding="utf-8"?>
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
- <html>
- <head>
- <title>"} + obj.status + " " + obj.response + {"</title>
- </head>
- <body>
- <h1>Error "} + obj.status + " " + obj.response + {"</h1>
- <p>"} + obj.response + {"</p>
- <h3>Guru Meditation:</h3>
- <p>XID: "} + req.xid + {"</p>
- <hr>
- <p>Varnish cache server</p>
- </body>
- </html>
- "};
- return (deliver);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
