See https://docs.fastly.com/guides/vcl/mixing-and-matching-fastly-vcl-with-custom-vcl for details.
Last active
October 28, 2021 18:09
-
-
Save Integralist/56cf991ae97551583d5a2f0d69f37788 to your computer and use it in GitHub Desktop.
[Fastly's Custom VCL] #fastly #cdn #varnish #vcl
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY DELIVER BEGIN | |
| # record the journey of the object, expose it only if req.http.Fastly-Debug. | |
| if (req.http.Fastly-Debug || req.http.Fastly-FF) { | |
| set resp.http.Fastly-Debug-Path = "(D " server.identity " " now.sec ") " | |
| if(resp.http.Fastly-Debug-Path, resp.http.Fastly-Debug-Path, ""); | |
| set resp.http.Fastly-Debug-TTL = if(obj.hits > 0, "(H ", "(M ") | |
| server.identity | |
| if(req.http.Fastly-Tmp-Obj-TTL && req.http.Fastly-Tmp-Obj-Grace, " " req.http.Fastly-Tmp-Obj-TTL " " req.http.Fastly-Tmp-Obj-Grace " ", " - - ") | |
| if(resp.http.Age, resp.http.Age, "-") | |
| ") " | |
| if(resp.http.Fastly-Debug-TTL, resp.http.Fastly-Debug-TTL, ""); | |
| set resp.http.Fastly-Debug-Digest = digest.hash_sha256(req.digest); | |
| } else { | |
| unset resp.http.Fastly-Debug-Path; | |
| unset resp.http.Fastly-Debug-TTL; | |
| } | |
| # add or append X-Served-By/X-Cache(-Hits) | |
| { | |
| if(!resp.http.X-Served-By) { | |
| set resp.http.X-Served-By = server.identity; | |
| } else { | |
| set resp.http.X-Served-By = resp.http.X-Served-By ", " server.identity; | |
| } | |
| set resp.http.X-Cache = if(resp.http.X-Cache, resp.http.X-Cache ", ","") if(fastly_info.state ~ "HIT($|-)", "HIT", "MISS"); | |
| if(!resp.http.X-Cache-Hits) { | |
| set resp.http.X-Cache-Hits = obj.hits; | |
| } else { | |
| set resp.http.X-Cache-Hits = resp.http.X-Cache-Hits ", " obj.hits; | |
| } | |
| } | |
| if (req.http.X-Timer) { | |
| set resp.http.X-Timer = req.http.X-Timer ",VE" time.elapsed.msec; | |
| } | |
| # VARY FIXUP | |
| { | |
| # remove before sending to client | |
| set resp.http.Vary = regsub(resp.http.Vary, "Fastly-Vary-String, ", ""); | |
| if (resp.http.Vary ~ "^\s*$") { | |
| unset resp.http.Vary; | |
| } | |
| } | |
| unset resp.http.X-Varnish; | |
| # Pop the surrogate headers into the request object so we can reference them later | |
| set req.http.Surrogate-Key = resp.http.Surrogate-Key; | |
| set req.http.Surrogate-Control = resp.http.Surrogate-Control; | |
| # If we are not forwarding or debugging unset the surrogate headers so they are not present in the response | |
| if (!req.http.Fastly-FF && !req.http.Fastly-Debug) { | |
| unset resp.http.Surrogate-Key; | |
| unset resp.http.Surrogate-Control; | |
| } | |
| if(resp.status == 550) { | |
| return(deliver); | |
| } | |
| #default response conditions | |
| #--FASTLY DELIVER END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY ERROR BEGIN | |
| if (obj.status == 801) { | |
| set obj.status = 301; | |
| set obj.response = "Moved Permanently"; | |
| set obj.http.Location = "https://" req.http.host req.url; | |
| synthetic {""}; | |
| return (deliver); | |
| } | |
| if (req.http.Fastly-Restart-On-Error) { | |
| if (obj.status == 503 && req.restarts == 0) { | |
| restart; | |
| } | |
| } | |
| { | |
| if (obj.status == 550) { | |
| return(deliver); | |
| } | |
| } | |
| #--FASTLY ERROR END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY FETCH BEGIN | |
| # record which cache ran vcl_fetch for this object and when | |
| set beresp.http.Fastly-Debug-Path = "(F " server.identity " " now.sec ") " if(beresp.http.Fastly-Debug-Path, beresp.http.Fastly-Debug-Path, ""); | |
| # generic mechanism to vary on something | |
| if (req.http.Fastly-Vary-String) { | |
| if (beresp.http.Vary) { | |
| set beresp.http.Vary = "Fastly-Vary-String, " beresp.http.Vary; | |
| } else { | |
| set beresp.http.Vary = "Fastly-Vary-String, "; | |
| } | |
| } | |
| # priority: 0 | |
| # Gzip basic GZIP rules | |
| if ((beresp.status == 200 || beresp.status == 404) && (beresp.http.content-type ~ "^(text\/html|application\/x\-javascript|text\/css|application\/javascript|text\/javascript|application\/json|application\/vnd\.ms\-fontobject|application\/x\-font\-opentype|application\/x\-font\-truetype|application\/x\-font\-ttf|application\/xml|font\/eot|font\/opentype|font\/otf|image\/svg\+xml|image\/vnd\.microsoft\.icon|text\/plain|text\/xml)\s*($|;)" || req.url ~ "\.(css|js|html|eot|ico|otf|ttf|json)($|\?)" ) ) { | |
| # always set vary to make sure uncompressed versions dont always win | |
| if (!beresp.http.Vary ~ "Accept-Encoding") { | |
| if (beresp.http.Vary) { | |
| set beresp.http.Vary = beresp.http.Vary ", Accept-Encoding"; | |
| } else { | |
| set beresp.http.Vary = "Accept-Encoding"; | |
| } | |
| } | |
| if (req.http.Accept-Encoding == "gzip") { | |
| set beresp.gzip = true; | |
| } | |
| } | |
| #--FASTLY FETCH END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY HASH BEGIN | |
| # support purge all | |
| set req.hash += "#####GENERATION#####"; | |
| #--FASTLY HASH END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY HIT BEGIN | |
| # we cannot reach obj.ttl and obj.grace in deliver, save them when we can in vcl_hit | |
| set req.http.Fastly-Tmp-Obj-TTL = obj.ttl; | |
| set req.http.Fastly-Tmp-Obj-Grace = obj.grace; | |
| { | |
| set req.http.Fastly-Cachetype = "HIT"; | |
| } | |
| #--FASTLY HIT END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY MISS BEGIN | |
| # this is not a hit after all, clean up these set in vcl_hit | |
| unset req.http.Fastly-Tmp-Obj-TTL; | |
| unset req.http.Fastly-Tmp-Obj-Grace; | |
| { | |
| if (req.http.Fastly-Check-SHA1) { | |
| error 550 "Doesnt exist"; | |
| } | |
| #--FASTLY BEREQ BEGIN | |
| { | |
| if (req.http.Fastly-Original-Cookie) { | |
| set bereq.http.Cookie = req.http.Fastly-Original-Cookie; | |
| } | |
| if (req.http.Fastly-Original-URL) { | |
| set bereq.url = req.http.Fastly-Original-URL; | |
| } | |
| { | |
| if (req.http.Fastly-FF) { | |
| set bereq.http.Fastly-Client = "1"; | |
| } | |
| } | |
| { | |
| # do not send this to the backend | |
| unset bereq.http.Fastly-Original-Cookie; | |
| unset bereq.http.Fastly-Original-URL; | |
| unset bereq.http.Fastly-Vary-String; | |
| unset bereq.http.X-Varnish-Client; | |
| } | |
| if (req.http.Fastly-Temp-XFF) { | |
| if (req.http.Fastly-Temp-XFF == "") { | |
| unset bereq.http.X-Forwarded-For; | |
| } else { | |
| set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF; | |
| } | |
| # unset bereq.http.Fastly-Temp-XFF; | |
| } | |
| } | |
| #--FASTLY BEREQ END | |
| #; | |
| set req.http.Fastly-Cachetype = "MISS"; | |
| } | |
| #--FASTLY MISS END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY PASS BEGIN | |
| { | |
| #--FASTLY BEREQ BEGIN | |
| { | |
| if (req.http.Fastly-Original-Cookie) { | |
| set bereq.http.Cookie = req.http.Fastly-Original-Cookie; | |
| } | |
| if (req.http.Fastly-Original-URL) { | |
| set bereq.url = req.http.Fastly-Original-URL; | |
| } | |
| { | |
| if (req.http.Fastly-FF) { | |
| set bereq.http.Fastly-Client = "1"; | |
| } | |
| } | |
| { | |
| # do not send this to the backend | |
| unset bereq.http.Fastly-Original-Cookie; | |
| unset bereq.http.Fastly-Original-URL; | |
| unset bereq.http.Fastly-Vary-String; | |
| unset bereq.http.X-Varnish-Client; | |
| } | |
| if (req.http.Fastly-Temp-XFF) { | |
| if (req.http.Fastly-Temp-XFF == "") { | |
| unset bereq.http.X-Forwarded-For; | |
| } else { | |
| set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF; | |
| } | |
| # unset bereq.http.Fastly-Temp-XFF; | |
| } | |
| } | |
| #--FASTLY BEREQ END | |
| #; | |
| set req.http.Fastly-Cachetype = "PASS"; | |
| } | |
| #--FASTLY PASS END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY PIPE BEGIN | |
| { | |
| #--FASTLY BEREQ BEGIN | |
| { | |
| if (req.http.Fastly-Original-Cookie) { | |
| set bereq.http.Cookie = req.http.Fastly-Original-Cookie; | |
| } | |
| if (req.http.Fastly-Original-URL) { | |
| set bereq.url = req.http.Fastly-Original-URL; | |
| } | |
| { | |
| if (req.http.Fastly-FF) { | |
| set bereq.http.Fastly-Client = "1"; | |
| } | |
| } | |
| { | |
| # do not send this to the backend | |
| unset bereq.http.Fastly-Original-Cookie; | |
| unset bereq.http.Fastly-Original-URL; | |
| unset bereq.http.Fastly-Vary-String; | |
| unset bereq.http.X-Varnish-Client; | |
| } | |
| if (req.http.Fastly-Temp-XFF) { | |
| if (req.http.Fastly-Temp-XFF == "") { | |
| unset bereq.http.X-Forwarded-For; | |
| } else { | |
| set bereq.http.X-Forwarded-For = req.http.Fastly-Temp-XFF; | |
| } | |
| # unset bereq.http.Fastly-Temp-XFF; | |
| } | |
| } | |
| #--FASTLY BEREQ END | |
| #; | |
| set req.http.Fastly-Cachetype = "PIPE"; | |
| set bereq.http.connection = "close"; | |
| } | |
| #--FASTLY PIPE END |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #--FASTLY RECV BEGIN | |
| if (req.restarts == 0) { | |
| if (!req.http.X-Timer) { | |
| set req.http.X-Timer = "S" time.start.sec "." time.start.usec_frac; | |
| } | |
| set req.http.X-Timer = req.http.X-Timer ",VS0"; | |
| } | |
| set req.backend = autodirector_; | |
| # default conditions | |
| set req.backend = autodirector_; | |
| # end default conditions | |
| #--FASTLY RECV END |
Can we have a snippet for http auth for certain keywords to be used with magento mostly
From Fastly...
It looks like we set the value of
req.http.Fastly-Temp-XFFalways butX-Forwarded-Foris conditionally set, so we may just store the client IP inreq.http.Fastly-Temp-XFFand leaveX-Forwarded-Forunmodified in some circumstances.
The following is custom fastly code not included above and shows how the logic relates to X-Forwarded-For...
if (...) {
if (req.http.X-Forwarded-For) {
set req.http.Fastly-Temp-XFF = req.http.X-Forwarded-For ", " client.ip;
} else {
set req.http.Fastly-Temp-XFF = client.ip;
}
} else {
set req.http.Fastly-Temp-XFF = req.http.X-Forwarded-For;
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Might be worth including the normalisation of
Accept-EncodingFastly does. Either it'sAccept-Encoding: gzipor there is no header.It's not done in the default VCL or mentioned in the boilerplate, or viewable in the generated VCL, but does happen.