API tools faq
paste
Advertisement
Guest User

fuf.vcl

a guest
Jul 25th, 2016
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.01 KB | None | 0 0
raw download clone embed print report
  1. // General module loading
  2. vcl 4.0;
  3. import std;
  4. import directors;
  5.  
  6. // Configuration for local system settings
  7. include "/etc/varnish/fuf-local.vcl";
  8.  
  9. // Extended cache control (v-max-age)
  10. include "/etc/varnish/fuf-extended_cache_control.vcl";
  11.  
  12. sub vcl_recv {
  13.  
  14. // See local.vcl for handling
  15. call set_director_and_forwardedfor;
  16.  
  17. // If needed include local ACL to deny or allow access
  18. include "/etc/varnish/fuf-acl.vcl";
  19.  
  20. if (req.http.x-forwarded-for) {
  21. std.collect(req.http.x-forwarded-for);
  22. set req.http.x-forwarded-for = regsub(req.http.x-forwarded-for, "^(.*),.*", "\1");
  23. }
  24.  
  25. // Set default grace header
  26. set req.http.grace = "none";
  27.  
  28. // Normalize the header, remove the port (in case you're testing this on various TCP ports)
  29. set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");
  30.  
  31. // Normalize the query arguments
  32. set req.url = std.querysort(req.url);
  33.  
  34. // Allow purging
  35. if (req.method == "PURGE") {
  36. if (!client.ip ~ purge) { # purge is the ACL defined at the begining
  37. return (synth(405, "This IP is not allowed to send PURGE requests."));
  38. }
  39. // score purging logic
  40. if (req.http.X-Purge-Host) {
  41. ban("req.url ~ " + regsuball(req.http.X-Purge-Url, "\\\\", "\\") + " && req.http.host ~ " + regsuball(req.http.X-Purge-Host, "\\\\", "\\"));
  42. } else {
  43. ban("req.url ~ " + regsuball(req.http.X-Purge-Url, "\\\\", "\\"));
  44. }
  45. return (synth(200, "Purged."));
  46. }
  47.  
  48. // Only deal with "normal" types
  49. if (req.method != "GET" &&
  50. req.method != "HEAD" &&
  51. req.method != "PUT" &&
  52. req.method != "POST" &&
  53. req.method != "TRACE" &&
  54. req.method != "OPTIONS" &&
  55. req.method != "PATCH" &&
  56. req.method != "DELETE") {
  57. /* Non-RFC2616 or CONNECT which is weird. */
  58. return (pipe);
  59. }
  60.  
  61. // Only cache GET or HEAD requests. This makes sure the POST requests
  62. // are always passed.
  63. if (req.method != "GET" && req.method != "HEAD") {
  64. return (pass);
  65. }
  66.  
  67. // Some generic URL manipulation, useful for all templates that follow
  68. // First remove the Google Analytics added parameters, useless for
  69. // our backend
  70. if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl|id|view|layout|format|type|start|limitstart)=") {
  71. set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl|id|view|layout|format|type|start|limitstart)=([A-z0-9_\-\.%25]+)", "");
  72. set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl|id|view|layout|format|type|start|limitstart)=([A-z0-9_\-\.%25]+)", "?");
  73. set req.url = regsub(req.url, "\?&", "?");
  74. set req.url = regsub(req.url, "\?$", "");
  75. }
  76.  
  77. // Strip hash, server doesn't need it.
  78. if (req.url ~ "\#") {
  79. set req.url = regsub(req.url, "\#.*$", "");
  80. }
  81.  
  82. // Strip a trailing ? if it exists
  83. if (req.url ~ "\?$") {
  84. set req.url = regsub(req.url, "\?$", "");
  85. }
  86.  
  87. // Some generic cookie manipulation, useful for all templates that follow
  88. // Remove the "has_js" cookie
  89. set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
  90.  
  91. // Remove any Google Analytics based cookies
  92. set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
  93. set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
  94. set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
  95. set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
  96. set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
  97.  
  98. // Remove DoubleClick offensive cookies
  99. set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
  100.  
  101. // Remove the Quant Capital cookies (added by some plugin, all __qca)
  102. set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
  103.  
  104. // Remove the AddThis cookies
  105. set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
  106.  
  107. // Remove a ";" prefix in the cookie if present
  108. set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
  109.  
  110. // Are there cookies left with only spaces or that are empty?
  111. if (req.http.cookie ~ "^\s*$") {
  112. unset req.http.cookie;
  113. }
  114.  
  115. // Normalize Accept-Encoding header
  116. // TODO: Test if it's still needed, Varnish 4 now does this by itself
  117. // if http_gzip_support = on
  118. // https://www.varnish-cache.org/docs/trunk/users-guide/compression.html
  119. // https://www.varnish-cache.org/docs/trunk/phk/gzip.html
  120. if (req.http.Accept-Encoding) {
  121. if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
  122. // No point in compressing these
  123. unset req.http.Accept-Encoding;
  124. } elsif (req.http.Accept-Encoding ~ "gzip") {
  125. set req.http.Accept-Encoding = "gzip";
  126. } elsif (req.http.Accept-Encoding ~ "deflate") {
  127. set req.http.Accept-Encoding = "deflate";
  128. } else {
  129. // unkown algorithm
  130. unset req.http.Accept-Encoding;
  131. }
  132. }
  133.  
  134. // Don't send cookie for static files
  135. if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|woff2|xml|zip)(\?.*)?$") {
  136. unset req.http.Cookie;
  137. return (hash);
  138. }
  139.  
  140. if (req.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
  141. unset req.http.Cookie;
  142. return (hash);
  143. }
  144.  
  145. // Not cacheable by default
  146. if (req.http.Authorization) {
  147. return (pass);
  148. }
  149.  
  150. return (hash);
  151. }
  152.  
  153. sub vcl_pipe {
  154. return (pipe);
  155. }
  156.  
  157. sub vcl_pass {
  158. #return (pass);
  159. }
  160.  
  161. // Needed for our various cookie settings
  162. include "/etc/varnish/fuf-hash.vcl";
  163.  
  164. sub vcl_hit {
  165. // If the object is in cache and is not expired - deliver it :)
  166. if (obj.ttl >= 0s) {
  167. return (deliver);
  168. }
  169.  
  170. // Asynchronous fetching of an object and serve stale object defined
  171. // by grace time. See https://www.varnish-software.com/blog/ \
  172. // grace-varnish-4-stale-while-revalidate-semantics-varnish
  173.  
  174. // How it works:
  175. // 6h past expiration time of the object a stale object (24h kept back,
  176. // see vcl_backend_response). After that time the object is fetched by
  177. // the user and she has to wait until the object is served by the backend
  178. if (std.healthy(req.backend_hint)) {
  179. // Backend is healthy. Limit age to 6h.
  180. if (obj.ttl + 6h > 0s) {
  181. set req.http.grace = "normal(limited)";
  182. return (deliver);
  183. } else {
  184. // No candidate for grace. Fetch a fresh object.
  185. return(fetch);
  186. }
  187. } else {
  188. // backend is sick - use full grace
  189. if (obj.ttl + obj.grace > 0s) {
  190. set req.http.grace = "full";
  191. return (deliver);
  192. } else {
  193. // no graced object.
  194. return (fetch);
  195. }
  196. }
  197.  
  198. // fetch & deliver once we get the result (dead code, keep as a safeguard
  199. return (fetch);
  200. }
  201.  
  202. sub vcl_miss {
  203. return (fetch);
  204. }
  205.  
  206. // Handle the HTTP request coming from our backend
  207. sub vcl_backend_response {
  208.  
  209. set beresp.do_gzip = true;
  210.  
  211. // If our backend fails, try to get it again (retry)
  212. if (beresp.status >= 500 && bereq.retries <= 1) {
  213. return(retry);
  214. }
  215.  
  216. if (bereq.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|woff2|xml|zip)(\?.*)?$") {
  217. unset beresp.http.set-cookie;
  218. }
  219.  
  220. if (bereq.url ~ "^[^?]*\.(mp[34]|rar|tar|tgz|gz|wav|zip|bz2|xz|7z|avi|mov|ogm|mpe?g|mk[av])(\?.*)?$") {
  221. unset beresp.http.set-cookie;
  222. // Check memory usage it'll grow in fetch_chunksize blocks
  223. // (128k by default) if the backend doesn't send a Content-Length
  224. // header, so only enable it for big objects
  225. set beresp.do_stream = true;
  226. set beresp.do_gzip = false;
  227. }
  228.  
  229. if (beresp.status == 301 || beresp.status == 302) {
  230. set beresp.http.Location = regsub(beresp.http.Location, ":[0-9]+", "");
  231. }
  232.  
  233. // Allow stale content, in case the backend goes down.
  234. // make Varnish keep all objects for 6 hours beyond their TTL
  235. set beresp.grace = 24h;
  236.  
  237. // Do not cache anything by default, handle everything else below
  238. // This is standard score setting
  239. set beresp.ttl = 0s;
  240.  
  241. // Don't set the cache ttl to 0s and put in cache - instead use pass to
  242. // directly deliver the object without storing it
  243. if (beresp.http.Set-Cookie || beresp.status == 301 || beresp.status == 302 || beresp.status == 400 || beresp.status == 401 || beresp.status == 403 || beresp.status == 301) {
  244. set beresp.uncacheable = true;
  245. } else if (beresp.status == 410) {
  246. set beresp.ttl = 360d;
  247. } else {
  248. // Call the function to set beresp.ttl from score http-headers
  249. call extended_cache_control;
  250. }
  251.  
  252. // Activate ESI processing if our backend has ESI activated
  253. // Do not activate ESI for binary objects and CSS/JS and SVG
  254. if (!bereq.url ~ "^[^?]*\.(css|js|svg|bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|woff2||xml|zip)(\?.*)?$") {
  255. set beresp.do_esi = true;
  256. }
  257.  
  258. return (deliver);
  259. }
  260.  
  261. sub vcl_deliver {
  262. set resp.http.X-Varnish-Host = server.hostname;
  263.  
  264. if (obj.hits > 0) {
  265. set resp.http.X-Cache = "HIT";
  266. set resp.http.X-Cache-Hits = obj.hits;
  267. } else {
  268. set resp.http.X-Cache = "MISS";
  269. }
  270.  
  271. // Report our grace status
  272. set resp.http.grace = req.http.grace;
  273.  
  274. // Remove some headers: PHP version
  275. unset resp.http.X-Powered-By;
  276.  
  277. // Remove some headers
  278. unset resp.http.Server;
  279. unset resp.http.Link;
  280. unset resp.http.X-Generator;
  281. unset resp.http.P3P;
  282.  
  283. return (deliver);
  284. }
  285.  
  286. sub vcl_purge {
  287. // Only handle actual PURGE HTTP methods, everything else is discarded
  288. if (req.method != "PURGE") {
  289. // restart request
  290. set req.http.X-Purge = "Yes";
  291. return(restart);
  292. }
  293. }
  294.  
  295. sub vcl_synth {
  296. // Redirect handling
  297.  
  298. if (resp.status == 720) {
  299. set resp.http.Location = resp.reason;
  300. set resp.status = 301;
  301. return (deliver);
  302. } elseif (resp.status == 721) {
  303. set resp.http.Location = resp.reason;
  304. set resp.status = 302;
  305. return (deliver);
  306. } elseif (resp.status == 722) {
  307. set resp.status = 404;
  308. } elseif (resp.status == 723) {
  309. set resp.status = 410;
  310. set resp.reason = "Gone";
  311. include "/etc/varnish/fuf-error.vcl";
  312. return(deliver);
  313. }
  314.  
  315. // Deliver the error page if we cannot do anythiny else
  316. include "/etc/varnish/fuf-error.vcl";
  317.  
  318. return (deliver);
  319. }
  320.  
  321. sub vcl_fini {
  322. return (ok);
  323. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!