cache-control: no-store, no-cache, must-revalidate, max-age=0 vcl 4.0;impo

1. cache-control: no-store, no-cache, must-revalidate, max-age=0
2.  
3. vcl 4.0;
4.  
5. import std;
6. # The minimal Varnish version is 4.0
7. # For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'
8.  
9. backend default {
10. .host = "localhost";
11. .port = "8080";
12. .first_byte_timeout = 600s;
13. .probe = {
14. .url = "/pub/health_check.php";
15. .timeout = 2s;
16. .interval = 5s;
17. .window = 10;
18. .threshold = 5;
19. }
20. }
21.  
22. acl purge {
23. "localhost";
24. }
25.  
26. sub vcl_recv {
27. if (req.method == "PURGE") {
28. if (client.ip !~ purge) {
29. return (synth(405, "Method not allowed"));
30. }
31. # To use the X-Pool header for purging varnish during automated deployments, make sure the X-Pool header
32. # has been added to the response in your backend server config. This is used, for example, by the
33. # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
34. if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
35. return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
36. }
37. if (req.http.X-Magento-Tags-Pattern) {
38. ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);
39. }
40. if (req.http.X-Pool) {
41. ban("obj.http.X-Pool ~ " + req.http.X-Pool);
42. }
43. return (synth(200, "Purged"));
44. }
45.  
46. if (req.method != "GET" &&
47. req.method != "HEAD" &&
48. req.method != "PUT" &&
49. req.method != "POST" &&
50. req.method != "TRACE" &&
51. req.method != "OPTIONS" &&
52. req.method != "DELETE") {
53. /* Non-RFC2616 or CONNECT which is weird. */
54. return (pipe);
55. }
56.  
57. # We only deal with GET and HEAD by default
58. if (req.method != "GET" && req.method != "HEAD") {
59. return (pass);
60. }
61.  
62. # Bypass shopping cart, checkout and search requests
63. if (req.url ~ "/checkout" || req.url ~ "/catalogsearch" || req.url ~ "/onestepcheckout" || req.url ~ "/customer") {
64. return (pass);
65. }
66.  
67. # Bypass health check requests
68. if (req.url ~ "/pub/health_check.php") {
69. return (pass);
70. }
71.  
72. # Set initial grace period usage status
73. set req.http.grace = "none";
74.  
75. # normalize url in case of leading HTTP scheme and domain
76. set req.url = regsub(req.url, "^http[s]?://", "");
77.  
78. # collect all cookies
79. std.collect(req.http.Cookie);
80.  
81. # Compression filter. See https://www.varnish-cache.org/trac/wiki/FAQ/Compression
82. if (req.http.Accept-Encoding) {
83. if (req.url ~ ".(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv)$") {
84. # No point in compressing these
85. unset req.http.Accept-Encoding;
86. } elsif (req.http.Accept-Encoding ~ "gzip") {
87. set req.http.Accept-Encoding = "gzip";
88. } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
89. set req.http.Accept-Encoding = "deflate";
90. } else {
91. # unkown algorithm
92. unset req.http.Accept-Encoding;
93. }
94. }
95.  
96. # Remove Google gclid parameters to minimize the cache objects
97. set req.url = regsuball(req.url,"?gclid=[^&]+$",""); # strips when QS = "?gclid=AAA"
98. set req.url = regsuball(req.url,"?gclid=[^&]+&","?"); # strips when QS = "?gclid=AAA&foo=bar"
99. set req.url = regsuball(req.url,"&gclid=[^&]+",""); # strips when QS = "?foo=bar&gclid=AAA" or QS = "?foo=bar&gclid=AAA&bar=baz"
100.  
101. # Static files caching
102. if (req.url ~ "^/(pub/)?(media|static)/") {
103. # Static files should not be cached by default
104. # return (pass);
105.  
106. # But if you use a few locales and don't use CDN you can enable caching static files by commenting previous line (#return (pass);) and uncommenting next 3 lines
107. unset req.http.Https;
108. unset req.http.X-Forwarded-Proto;
109. unset req.http.Cookie;
110. }
111.  
112. return (hash);
113. }
114.  
115. sub vcl_hash {
116. if (req.http.cookie ~ "X-Magento-Vary=") {
117. hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "1"));
118. }
119.  
120. # For multi site configurations to not cache each other's content
121. if (req.http.host) {
122. hash_data(req.http.host);
123. } else {
124. hash_data(server.ip);
125. }
126.  
127. # To make sure http users don't see ssl warning
128. if (req.http.X-Forwarded-Proto) {
129. hash_data(req.http.X-Forwarded-Proto);
130. }
131.  
132. }
133.  
134. sub vcl_backend_response {
135.  
136. set beresp.grace = 3d;
137.  
138. if (beresp.http.content-type ~ "text") {
139. set beresp.do_esi = true;
140. }
141.  
142. if (bereq.url ~ ".js$" || beresp.http.content-type ~ "text") {
143. set beresp.do_gzip = true;
144. }
145.  
146. if (beresp.http.X-Magento-Debug) {
147. set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
148. }
149.  
150. # cache only successfully responses and 404s
151. if (beresp.status != 200 && beresp.status != 404) {
152. set beresp.ttl = 0s;
153. set beresp.uncacheable = true;
154. return (deliver);
155. } elsif (beresp.http.Cache-Control ~ "private") {
156. set beresp.uncacheable = true;
157. set beresp.ttl = 86400s;
158. return (deliver);
159. }
160.  
161. # validate if we need to cache it and prevent from setting cookie
162. # images, css and js are cacheable by default so we have to remove cookie also
163. if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
164. unset beresp.http.set-cookie;
165. }
166.  
167. # If page is not cacheable then bypass varnish for 2 minutes as Hit-For-Pass
168. if (beresp.ttl <= 0s ||
169. beresp.http.Surrogate-control ~ "no-store" ||
170. (!beresp.http.Surrogate-Control &&
171. beresp.http.Cache-Control ~ "no-cache|no-store") ||
172. beresp.http.Vary == "*") {
173. # Mark as Hit-For-Pass for the next 2 minutes
174. set beresp.ttl = 120s;
175. set beresp.uncacheable = true;
176. }
177.  
178. return (deliver);
179. }
180.  
181. sub vcl_deliver {
182. #if (resp.http.X-Magento-Debug) {
183. if (resp.http.x-varnish ~ " ") {
184. set resp.http.X-Magento-Cache-Debug = "HIT";
185. set resp.http.Grace = req.http.grace;
186. } else {
187. set resp.http.X-Magento-Cache-Debug = "MISS";
188. }
189. #} else {
190. unset resp.http.Age;
191. #}
192.  
193. # Not letting browser to cache non-static files.
194. if (resp.http.Cache-Control !~ "private" && req.url !~ "^/(pub/)?(media|static)/") {
195. set resp.http.Pragma = "no-cache";
196. set resp.http.Expires = "-1";
197. set resp.http.Cache-Control = "no-store, no-cache, must-revalidate, max-age=0";
198. }
199.  
200. unset resp.http.X-Magento-Debug;
201. unset resp.http.X-Magento-Tags;
202. unset resp.http.X-Powered-By;
203. unset resp.http.Server;
204. unset resp.http.X-Varnish;
205. unset resp.http.Via;
206. unset resp.http.Link;
207. }
208.  
209. sub vcl_hit {
210. if (obj.ttl >= 0s) {
211. # Hit within TTL period
212. return (deliver);
213. }
214. if (std.healthy(req.backend_hint)) {
215. if (obj.ttl + 300s > 0s) {
216. # Hit after TTL expiration, but within grace period
217. set req.http.grace = "normal (healthy server)";
218. return (deliver);
219. } else {
220. # Hit after TTL and grace expiration
221. return (fetch);
222. }
223. } else {
224. # server is not healthy, retrieve from cache
225. set req.http.grace = "unlimited (unhealthy server)";
226. return (deliver);
227. }
228. }
229.  
230. accept-language: bytes
231. age: 215
232. cache-control: no-store, no-cache, must-revalidate, max-age=0
233. content-encoding: gzip
234. content-length: 25669
235. content-type: text/html; charset=UTF-8
236. date: Mon, 18 Feb 2019 11:13:00 GMT
237. expires: -1
238. pragma: no-cache
239. status: 200
240. vary: Accept-Encoding,User-Agent
241. x-content-type-options: nosniff
242. x-frame-options: SAMEORIGIN
243. x-magento-cache-debug: HIT
244. x-ua-compatible: IE=edge
245. x-xss-protection: 1; mode=block