Advertisement
Guest User

Untitled

a guest
Oct 12th, 2023
75
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.27 KB | None | 0 0
  1. # Backends
  2. backend F_Host_1 {
  3. .between_bytes_timeout = 10s;
  4. .connect_timeout = 1s;
  5. .first_byte_timeout = 15s;
  6. .host = "REDACTED";
  7. .max_connections = 200;
  8. .port = "443";
  9. .share_key = "REDACTED";
  10. .ssl = true;
  11. .ssl_cert_hostname = "REDACTED";
  12. .ssl_sni_hostname = "REDACTED";
  13. }
  14. sub vcl_recv {
  15. #--FASTLY RECV BEGIN
  16. if (req.restarts == 0) {
  17. if (!req.http.X-Timer) {
  18. set req.http.X-Timer = "S" time.start.sec "." time.start.usec_frac;
  19. }
  20. set req.http.X-Timer = req.http.X-Timer ",VS0";
  21. }
  22. if (req.http.Fastly-Orig-Accept-Encoding) {
  23. if (req.http.Fastly-Orig-Accept-Encoding ~ "\bbr\b") {
  24. set req.http.Accept-Encoding = "br";
  25. }
  26. }
  27. declare local var.fastly_req_do_shield BOOL;
  28. set var.fastly_req_do_shield = (req.restarts == 0);
  29. # default conditions
  30. set req.backend = F_Host_1;
  31. # end default conditions
  32. #--FASTLY RECV END
  33. if (req.request != "HEAD" && req.request != "GET" && req.request != "FASTLYPURGE") {
  34. return(pass);
  35. }
  36. return(lookup);
  37. }
  38. sub vcl_fetch {
  39. declare local var.fastly_disable_restart_on_error BOOL;
  40. #--FASTLY FETCH BEGIN
  41. # record which cache ran vcl_fetch for this object and when
  42. set beresp.http.Fastly-Debug-Path = "(F " server.identity " " now.sec ") " if(beresp.http.Fastly-Debug-Path, beresp.http.Fastly-Debug-Path, "");
  43. # generic mechanism to vary on something
  44. if (req.http.Fastly-Vary-String) {
  45. if (beresp.http.Vary) {
  46. set beresp.http.Vary = "Fastly-Vary-String, " beresp.http.Vary;
  47. } else {
  48. set beresp.http.Vary = "Fastly-Vary-String, ";
  49. }
  50. }
  51. # priority: 0
  52. # max-age
  53. set beresp.ttl = 86400s;
  54. # Header rewrite Cache-Control : 10
  55. set beresp.http.cache-control = "public, max-age=3600";
  56. # Header rewrite Surrogate-Control : 10
  57. set beresp.http.surrogate-control = "max-age=84000";
  58. # Header rewrite Vary : 10
  59. set beresp.http.Vary = "Accept-Encoding, Cookie";
  60. # Gzip Generated by default compression policy
  61. if ((beresp.status == 200 || beresp.status == 404) && (beresp.http.content-type ~ "^(?:text/html|application/x-javascript|text/css|application/javascript|text/javascript|application/json|application/vnd\.ms-fontobject|application/x-font-opentype|application/x-font-truetype|application/x-font-ttf|application/xml|font/eot|font/opentype|font/otf|image/svg\+xml|image/vnd\.microsoft\.icon|text/plain|text/xml)\s*(?:$|;)" || req.url ~ "\.(?:css|js|html|eot|ico|otf|ttf|json|svg)(?:$|\?)" ) ) {
  62. # always set vary to make sure uncompressed versions dont always win
  63. if (!beresp.http.Vary ~ "Accept-Encoding") {
  64. if (beresp.http.Vary) {
  65. set beresp.http.Vary = beresp.http.Vary ", Accept-Encoding";
  66. } else {
  67. set beresp.http.Vary = "Accept-Encoding";
  68. }
  69. }
  70. if (req.http.Accept-Encoding == "br") {
  71. set beresp.brotli = true;
  72. } elsif (req.http.Accept-Encoding == "gzip") {
  73. set beresp.gzip = true;
  74. }
  75. }
  76. # priority: 10
  77. if ( req.http.Authorization || req.http.Cookie ~ "([sS]ession|Token)=" ) {
  78. # Bypass on Cookie
  79. set beresp.ttl = 0s;
  80. return(pass);
  81. }
  82. #--FASTLY FETCH END
  83. if (!var.fastly_disable_restart_on_error) {
  84. if ((beresp.status == 500 || beresp.status == 503) && req.restarts < 1 && (req.request == "GET" || req.request == "HEAD")) {
  85. restart;
  86. }
  87. }
  88. if(req.restarts > 0 ) {
  89. set beresp.http.Fastly-Restarts = req.restarts;
  90. }
  91. if (beresp.http.Set-Cookie) {
  92. set req.http.Fastly-Cachetype = "SETCOOKIE";
  93. return (pass);
  94. }
  95. if (beresp.http.Cache-Control ~ "private") {
  96. set req.http.Fastly-Cachetype = "PRIVATE";
  97. return (pass);
  98. }
  99. if (beresp.status == 500 || beresp.status == 503) {
  100. set req.http.Fastly-Cachetype = "ERROR";
  101. set beresp.ttl = 1s;
  102. set beresp.grace = 5s;
  103. return (deliver);
  104. }
  105. if (beresp.http.Expires || beresp.http.Surrogate-Control ~ "max-age" || beresp.http.Cache-Control ~"(?:s-maxage|max-age)") {
  106. # keep the ttl here
  107. } else {
  108. # apply the default ttl
  109. set beresp.ttl = 3600s;
  110. }
  111. return(deliver);
  112. }
  113. sub vcl_hit {
  114. #--FASTLY HIT BEGIN
  115. # we cannot reach obj.ttl and obj.grace in deliver, save them when we can in vcl_hit
  116. set req.http.Fastly-Tmp-Obj-TTL = obj.ttl;
  117. set req.http.Fastly-Tmp-Obj-Grace = obj.grace;
  118. {
  119. set req.http.Fastly-Cachetype = "HIT";
  120. }
  121. #--FASTLY HIT END
  122. if (!obj.cacheable) {
  123. return(pass);
  124. }
  125. return(deliver);
  126. }
  127. sub vcl_miss {
  128. #--FASTLY MISS BEGIN
  129. # this is not a hit after all, clean up these set in vcl_hit
  130. unset req.http.Fastly-Tmp-Obj-TTL;
  131. unset req.http.Fastly-Tmp-Obj-Grace;
  132. {
  133. if (req.http.Fastly-Check-SHA1) {
  134. error 550 "Doesnt exist";
  135. }
  136. #--FASTLY BEREQ BEGIN
  137. {
  138. {
  139. if (req.http.Fastly-FF) {
  140. set bereq.http.Fastly-Client = "1";
  141. }
  142. }
  143. {
  144. # do not send this to the backend
  145. unset bereq.http.Fastly-Original-Cookie;
  146. unset bereq.http.Fastly-Original-URL;
  147. unset bereq.http.Fastly-Vary-String;
  148. unset bereq.http.X-Varnish-Client;
  149. }
  150. if (req.http.Fastly-Temp-XFF) {
  151. if (req.http.Fastly-Temp-XFF == "") {
  152. unset bereq.http.X-Forwarded-For;
  153. } else {
  154. set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF;
  155. }
  156. # unset bereq.http.Fastly-Temp-XFF;
  157. }
  158. }
  159. #--FASTLY BEREQ END
  160. #;
  161. set req.http.Fastly-Cachetype = "MISS";
  162. }
  163. #--FASTLY MISS END
  164. return(fetch);
  165. }
  166. sub vcl_deliver {
  167. #--FASTLY DELIVER BEGIN
  168. # record the journey of the object, expose it only if req.http.Fastly-Debug.
  169. if (req.http.Fastly-Debug || req.http.Fastly-FF) {
  170. set resp.http.Fastly-Debug-Path = "(D " server.identity " " now.sec ") "
  171. if(resp.http.Fastly-Debug-Path, resp.http.Fastly-Debug-Path, "");
  172. set resp.http.Fastly-Debug-TTL = if(obj.hits > 0, "(H ", "(M ")
  173. server.identity
  174. if(req.http.Fastly-Tmp-Obj-TTL && req.http.Fastly-Tmp-Obj-Grace, " " req.http.Fastly-Tmp-Obj-TTL " " req.http.Fastly-Tmp-Obj-Grace " ", " - - ")
  175. if(resp.http.Age, resp.http.Age, "-")
  176. ") "
  177. if(resp.http.Fastly-Debug-TTL, resp.http.Fastly-Debug-TTL, "");
  178. set resp.http.Fastly-Debug-Digest = digest.hash_sha256(req.digest);
  179. } else {
  180. unset resp.http.Fastly-Debug-Path;
  181. unset resp.http.Fastly-Debug-TTL;
  182. unset resp.http.Fastly-Debug-Digest;
  183. }
  184. # add or append X-Served-By/X-Cache(-Hits)
  185. {
  186. if(!resp.http.X-Served-By) {
  187. set resp.http.X-Served-By = server.identity;
  188. } else {
  189. set resp.http.X-Served-By = resp.http.X-Served-By ", " server.identity;
  190. }
  191. set resp.http.X-Cache = if(resp.http.X-Cache, resp.http.X-Cache ", ","") if(fastly_info.state ~ "HIT(?:-|\z)", "HIT", "MISS");
  192. if(!resp.http.X-Cache-Hits) {
  193. set resp.http.X-Cache-Hits = obj.hits;
  194. } else {
  195. set resp.http.X-Cache-Hits = resp.http.X-Cache-Hits ", " obj.hits;
  196. }
  197. }
  198. if (req.http.X-Timer) {
  199. set resp.http.X-Timer = req.http.X-Timer ",VE" time.elapsed.msec;
  200. }
  201. # VARY FIXUP
  202. {
  203. # remove before sending to client
  204. set resp.http.Vary = regsub(resp.http.Vary, "Fastly-Vary-String, ", "");
  205. if (resp.http.Vary ~ "^\s*$") {
  206. unset resp.http.Vary;
  207. }
  208. }
  209. unset resp.http.X-Varnish;
  210. # Pop the surrogate headers into the request object so we can reference them later
  211. set req.http.Surrogate-Key = resp.http.Surrogate-Key;
  212. set req.http.Surrogate-Control = resp.http.Surrogate-Control;
  213. # If we are not forwarding or debugging unset the surrogate headers so they are not present in the response
  214. if (!req.http.Fastly-FF && !req.http.Fastly-Debug) {
  215. unset resp.http.Surrogate-Key;
  216. unset resp.http.Surrogate-Control;
  217. }
  218. if(resp.status == 550) {
  219. return(deliver);
  220. }
  221. #default response conditions
  222. #--FASTLY DELIVER END
  223. return(deliver);
  224. }
  225. sub vcl_error {
  226. #--FASTLY ERROR BEGIN
  227. if (obj.status == 801) {
  228. set obj.status = 301;
  229. set obj.response = "Moved Permanently";
  230. set obj.http.Location = "https://" req.http.host req.url;
  231. synthetic {""};
  232. return (deliver);
  233. }
  234. if (req.http.Fastly-Restart-On-Error) {
  235. if (obj.status == 503 && req.restarts == 0) {
  236. restart;
  237. }
  238. }
  239. {
  240. if (obj.status == 550) {
  241. return(deliver);
  242. }
  243. }
  244. #--FASTLY ERROR END
  245. }
  246. sub vcl_pipe {
  247. #--FASTLY PIPE BEGIN
  248. {
  249. #--FASTLY BEREQ BEGIN
  250. {
  251. {
  252. if (req.http.Fastly-FF) {
  253. set bereq.http.Fastly-Client = "1";
  254. }
  255. }
  256. {
  257. # do not send this to the backend
  258. unset bereq.http.Fastly-Original-Cookie;
  259. unset bereq.http.Fastly-Original-URL;
  260. unset bereq.http.Fastly-Vary-String;
  261. unset bereq.http.X-Varnish-Client;
  262. }
  263. if (req.http.Fastly-Temp-XFF) {
  264. if (req.http.Fastly-Temp-XFF == "") {
  265. unset bereq.http.X-Forwarded-For;
  266. } else {
  267. set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF;
  268. }
  269. # unset bereq.http.Fastly-Temp-XFF;
  270. }
  271. }
  272. #--FASTLY BEREQ END
  273. #;
  274. set req.http.Fastly-Cachetype = "PIPE";
  275. set bereq.http.connection = "close";
  276. }
  277. #--FASTLY PIPE END
  278. }
  279. sub vcl_pass {
  280. #--FASTLY PASS BEGIN
  281. {
  282. #--FASTLY BEREQ BEGIN
  283. {
  284. {
  285. if (req.http.Fastly-FF) {
  286. set bereq.http.Fastly-Client = "1";
  287. }
  288. }
  289. {
  290. # do not send this to the backend
  291. unset bereq.http.Fastly-Original-Cookie;
  292. unset bereq.http.Fastly-Original-URL;
  293. unset bereq.http.Fastly-Vary-String;
  294. unset bereq.http.X-Varnish-Client;
  295. }
  296. if (req.http.Fastly-Temp-XFF) {
  297. if (req.http.Fastly-Temp-XFF == "") {
  298. unset bereq.http.X-Forwarded-For;
  299. } else {
  300. set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF;
  301. }
  302. # unset bereq.http.Fastly-Temp-XFF;
  303. }
  304. }
  305. #--FASTLY BEREQ END
  306. #;
  307. set req.http.Fastly-Cachetype = "PASS";
  308. }
  309. #--FASTLY PASS END
  310. }
  311. sub vcl_log {
  312. #--FASTLY LOG BEGIN
  313. # default response conditions
  314. #--FASTLY LOG END
  315. }
  316. sub vcl_hash {
  317. #--FASTLY HASH BEGIN
  318. #if unspecified fall back to normal
  319. {
  320. set req.hash += req.url;
  321. set req.hash += req.http.host;
  322. set req.hash += req.vcl.generation;
  323. return (hash);
  324. }
  325. #--FASTLY HASH END
  326. }
  327.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement