VCL

1. #
2. # This is an example VCL file for Varnish.
3. #
4. # It does not do anything by default, delegating control to the
5. # builtin VCL. The builtin VCL is called when there is no explicit
6. # return statement.
7. #
8. # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/
9. # and http://varnish-cache.org/trac/wiki/VCLExamples for more examples.
10.  
11. # Marker to tell the VCL compiler that this VCL has been adapted to the
12. # new 4.0 format.
13. vcl 4.0;
14.  
15. # Default backend definition. Set this to point to your content server.
16. backend default {
17.     .host = "127.0.0.1";
18.     .port = "8000";
19.         .connect_timeout = 10s;
20.         .first_byte_timeout = 20s;
21.         .between_bytes_timeout = 15s;
22.         .max_connections = 2000;
23. }
24.  
25. acl purge {
26.   "localhost";
27.   "127.0.0.1";
28. }
29.  
30. sub vcl_recv {
31.  
32.   # IF THIS IS A PURGE REQUEST, THEN CHECK THE IPS SET ABOVE
33.   # BLOCK IF NOT ONE OF THOSE IPS
34.   # ##########################################################
35.   if (req.method == "PURGE") {
36.     if ( !client.ip ~ purge ) {
37.       return (synth(405, "Not allowed."));
38.     }
39.     #return(hash);
40.     return(purge);
41.   }
42.     # Happens before we check if we have this in cache already.
43.     #
44.     # Typically you clean up the request here, removing cookies you don't need,
45.     # rewriting the request, etc.
46.  
47. # set realIP by trimming CloudFlare IP which will be used for various checks
48. set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", "");
49. /*
50.     if (client.ip != "127.0.0.1" && req.http.host ~ "server-hostname.com") {
51.     set req.http.x-redir = "http://server-hostname.com" + req.url;
52.     return(synth(850, ""));
53.     }
54. */
55. # code for preventing hotlinking
56.   if (  req.http.host == "test.server-hostname.com" &&
57.      req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$" &&
58.         (req.http.referer && req.http.referer !~ "^https://test.server-hostname.com/")
59.         && req.http.host !~ "\.(google|yahoo|bing|facebook|fbcdn|twitter|yandex|baidu|csanyigroup|linkedin|printfriendly|feedburner|campaign-archive|msn|mailchimp|list-manage|rsgsv|mcsv|mcdlv)$") {
60.             return (synth(403, "No hotlinking please 1"));
61.   }
62. # end hotlinking code
63.  
64.   if (  req.http.host == "test.server-hostname.com" &&
65.     req.url ~ "^/res/" && req.url ~ "\.(pdf|xls|rar)$" &&
66.         (req.http.referer !~ "^https://test.server-hostname.com/")
67.     && req.http.host !~ "\.(google|yahoo|bing|facebook|fbcdn|twitter|yandex|baidu|csanyigroup|linkedin|printfriendly|feedburner|campaign-archive|msn|mailchimp|list-manage|rsgsv|mcsv|mcdlv)$"
68.         ) {
69.           set req.url = "https://test.server-hostname.com/";
70.   }
71.  
72. # code for preventing hotlinking
73.   if (  req.http.host == "server-hostname.com" &&
74.         req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$" &&
75.         req.url !~ "(comodo_secure_seal_100x85_transp\.png)$" &&
76.         (req.http.referer !~ "^https://server-hostname.com/") && req.http.user-agent !~ "facebookexternalhit"
77.     && req.http.user-agent !~ "Google(.*)" && req.http.user-agent !~ "LinkedInBot"  && req.http.user-agent !~ "Twitterbot"  && req.http.user-agent !~ "Googlebot"
78.      && req.http.user-agent !~ "Googlebot-Image" && req.http.user-agent !~ "MailChimp(.*)" && req.http.user-agent !~ "(.*)bingbot(.*)" && req.http.user-agent !~ "PrintFriendly(.*)"
79.                 ) {
80.                 return (synth(403, "No hotlinking please 2"));
81.   }
82. # end hotlinking code
83.  
84.   if (  req.http.host == "server-hostname.com" &&
85.         req.url ~ "^/res/" && req.url ~ "\.(pdf|xls|dwg|rar)$" &&
86.         (req.http.referer !~ "^https://server-hostname.com/")
87.         && req.http.host !~ "\.(google|yahoo|bing|facebook|fbcdn|twitter|yandex|baidu|csanyigroup|linkedin|printfriendly|feedburner|campaign-archive|msn|mailchimp|list-manage|rsgsv|mcsv|mcdlv)$"
88.                 ) {
89.           set req.url = "https://server-hostname.com/";
90.   }
91.  
92. #if (req.http.host ~ "test.server-hostname.com") {
93. #     return(pass);
94. #   }
95.  
96.     if (req.url ~ "/wp-admin/admin-ajax.php") {
97.         return (pass); }
98.  
99. # Enable smart refreshing
100. if (req.http.Cache-Control ~ "no-cache" && client.ip ~ purge) {
101.          set req.hash_always_miss = true;
102.     }
103.  
104. # Unset cloudflare cookies
105. # Remove has_js and CloudFlare/Google Analytics __* cookies.
106.       set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
107.       # Remove a ";" prefix, if present.
108.      set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
109.  
110.   # For Testing: If you want to test with Varnish passing (not caching) uncomment
111.   # return( pass );
112.  
113.   # FORWARD THE IP OF THE REQUEST
114.   if (req.restarts == 0) {
115.     if (req.http.x-forwarded-for) {
116.       set req.http.X-Forwarded-For =
117.       req.http.X-Forwarded-For + ", " + client.ip;
118.     } else {
119.       set req.http.X-Forwarded-For = client.ip;
120.     }
121.   }
122.  
123. # DO NOT CACHE RSS FEED
124.  if (req.url ~ "/feed/") {
125.     return ( pass );
126. }
127.  
128. if (req.url ~ "^/(cart|my-account|checkout|addons|membership-checkout)") {
129.  return (pass);
130.  }
131. if ( req.url ~ "\?add-to-cart=" ) {
132.  return (pass);
133.  }
134.  
135.  
136.  
137. ## Do not cache search results, comment these 3 lines if you do want to cache them
138.  
139. if (req.url ~ "/\?s\=") {
140.     return ( pass );
141. }
142.  
143. # CLEAN UP THE ENCODING HEADER.
144.   # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY.  WITH VARY ACCEPT-ENCODING
145.   # VARNISH WILL CREATE SEPARATE CACHES FOR EACH
146.   # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
147.   # ##########################################################
148.   if (req.http.Accept-Encoding) {
149.     if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
150.       # No point in compressing these
151.       unset req.http.Accept-Encoding;
152.     } elsif (req.http.Accept-Encoding ~ "gzip") {
153.       set req.http.Accept-Encoding = "gzip";
154.     } elsif (req.http.Accept-Encoding ~ "deflate") {
155.       set req.http.Accept-Encoding = "deflate";
156.     } else {
157.       # unknown algorithm
158.       unset req.http.Accept-Encoding;
159.     }
160.   }
161.  
162.  
163.   # PIPE ALL NON-STANDARD REQUESTS
164.   # ##########################################################
165.   if (req.method != "GET" &&
166.     req.method != "HEAD" &&
167.     req.method != "PUT" &&
168.     req.method != "POST" &&
169.     req.method != "TRACE" &&
170.     req.method != "OPTIONS" &&
171.     req.method != "DELETE") {
172.       return (pipe);
173.   }
174.    
175.   # ONLY CACHE GET AND HEAD REQUESTS
176.   # ##########################################################
177.   if (req.method != "GET" && req.method != "HEAD") {
178.     return (pass);
179.   }
180.  
181.   # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER
182.   # COMMENT OR UNCOMMENT BOTH
183.   # ##########################################################
184.   if ( req.http.cookie ~ "wordpress_logged_in" ) {
185.     return( pass );
186.   }
187.  
188.   # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN
189.   # THEN UNSET THE COOKIES
190.   # ##########################################################
191.   if (!(req.url ~ "wp-(login|admin)")
192.     && !(req.url ~ "&preview=true" )
193.   ){
194.     unset req.http.cookie;
195.   }
196.  
197.   # IF BASIC AUTH IS ON THEN DO NOT CACHE
198.   # ##########################################################
199.   if (req.http.Authorization || req.http.Cookie) {
200.     return (pass);
201.   }
202.  
203.  # No caching AJAX request
204.   # don't cache ajax requests
205.     if(req.http.X-Requested-With == "XMLHttpRequest"
206.     || req.url ~ "nocache"
207.     || req.url ~ "(xmlrpc.php|control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php|cron.php|/wp-admin/admin-ajax.php)"
208.     || req.url ~ "captcha-plus"
209.     || req.url ~ "contact-form-7"
210.     || req.url ~ "smtp"
211.     || req.url ~ "membership-account") {
212.         return (pass);
213.     }
214.     if (req.http.Authorization || req.method == "POST") {
215.         return (pass);
216.         }
217.  
218.   # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
219.   # ##########################################################
220.   return (hash);
221. }
222.  
223. /*
224. sub vcl_synth {
225.  if (resp.status == 850) {
226.      set resp.http.Location = req.http.x-redir;
227.      set resp.status = 302;
228.      return (deliver);
229.  }
230. }
231. */
232. sub vcl_purge {
233.  set req.method = "GET";
234.  set req.http.X-Purger = "Purged";
235.  return (restart);
236. }
237.  
238. sub vcl_backend_response {
239.     # Happens after we have read the response headers from the backend.
240.     #
241.     # Here you clean the response headers, removing silly Set-Cookie headers
242.     # and other mistakes your backend does.
243. # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
244.   # TENDANCY TO SET VARY USER-AGENT.  YOU MAY OR MAY NOT WANT
245.   # TO DO THIS
246.   # ##########################################################
247.   set beresp.http.Vary = "Accept-Encoding";
248.  
249.   # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF
250.   # TIME THIS PAGE WILL STAY CACHED (TTL)
251.   # ##########################################################
252.   if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {
253.     unset beresp.http.set-cookie;
254.     set beresp.ttl = 52w;
255. #    set beresp.grace =1w;
256.   }
257.  
258.   if (beresp.ttl <= 0s ||
259.     beresp.http.Set-Cookie ||
260.     beresp.http.Vary == "*") {
261.       set beresp.ttl = 120 s;
262.       # set beresp.ttl = 120s;
263.       set beresp.uncacheable = true;
264.       return (deliver);
265.   }
266.  
267.   return (deliver);
268. }
269.  
270. sub vcl_deliver {
271.     # Happens when we have all the pieces we need, and are about to send the
272.     # response to the client.
273.     #
274.     # You can do accounting or modifying the final object here.
275.   # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
276.   # IN THE HEADER (GREAT FOR DEBUGGING)
277.   # ##########################################################
278.   if (obj.hits > 0) {
279.     set resp.http.X-Cache = "HIT";
280.   # IF THIS IS A MISS RETURN THAT IN THE HEADER
281.   # ##########################################################
282.   } else {
283.     set resp.http.X-Cache = "MISS";
284.   }
285.  
286.   if (req.http.X-Purger) {
287.     set resp.http.X-Purger = req.http.X-Purger;
288.       }
289.  
290. }
291. # HIT FUNCTION
292. # ##########################################################
293. sub vcl_hit {
294.   # IF THIS IS A PURGE REQUEST THEN DO THE PURGE
295.   # ##########################################################
296.   if (req.method == "PURGE") {
297.     #
298.     # This is now handled in vcl_recv.
299.     #
300.     # purge;
301.     return (synth(200, "Purged."));
302.   }
303.   return (deliver);
304. }
305.  
306. # MISS FUNCTION
307. # ##########################################################
308. sub vcl_miss {
309.   if (req.method == "PURGE") {
310.     #
311.     # This is now handled in vcl_recv.
312.     #
313.     # purge;
314.     return (synth(200, "Purged."));
315.   }
316.   return (fetch);
317. }