Created
September 14, 2015 03:40
-
-
Save meinemitternacht/438bd021d620af2032c3 to your computer and use it in GitHub Desktop.
Varnish Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# This is an example VCL file for Varnish. | |
# | |
# It does not do anything by default, delegating control to the | |
# builtin VCL. The builtin VCL is called when there is no explicit | |
# return statement. | |
# | |
# See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ | |
# and http://varnish-cache.org/trac/wiki/VCLExamples for more examples. | |
# Marker to tell the VCL compiler that this VCL has been adapted to the | |
# new 4.0 format. | |
vcl 4.0; | |
# Default backend definition. Set this to point to your content server. | |
backend default { | |
.host = "127.0.0.1"; | |
.port = "8080"; | |
} | |
sub vcl_recv { | |
# Happens before we check if we have this in cache already. | |
# | |
# Typically you clean up the request here, removing cookies you don't need, | |
# rewriting the request, etc. | |
if (req.http.host == "www.fourseasonsoils.com" || | |
req.http.host == "fourseasonsoils.com" || | |
req.http.host == "www.virginiabeach.com" || | |
req.http.host == "virginiabeach.com" || | |
req.http.host == "events.virginiabeach.com") { | |
# Return (pass) instructs Varnish not to cache the request | |
# when the condition is met. | |
## Hotlinking Images ## | |
if (req.http.host == "www.virginiabeach.com" && req.url ~ "(?i)\.(jpg|jpeg|gif|png)(\?.*)?$" && (req.http.referer && req.http.referer !~ "^http://www.virginiabeach.com/" && req.http.referer !~ "^http(|s)://(www|login|api|groups|developers|graph)\.([Ff][Aa][Cc][Ee][Bb][Oo][Oo][Kk]|[Ff][Bb][Cc][Dd][Nn])\.(net|ca|com|co\.uk|nl|dk|jp|in|fr|kr)")) { | |
return (synth(403, "Image Hotlinking Forbidden")); | |
} | |
## ADMIN PAGES ## | |
# Here we filter out all URLs containing Drupal administrative sections | |
if (req.url ~ "^/status\.php$" || | |
req.url ~ "^/update\.php$" || | |
req.url ~ "^/admin$" || | |
req.url ~ "^/admin/.*$" || | |
req.url ~ "^/user$" || | |
req.url ~ "^/user/.*$" || | |
req.url ~ "^/flag/.*$" || | |
req.url ~ "^/batch/.*$" || | |
req.url ~ "^.*/ajax/.*$" || | |
req.url ~ "^.*/ahah/.*$") { | |
return (pass); | |
} | |
## BACKUP AND MIGRATE MODULE ## | |
# Backup and Migrate is a very popular Drupal module that needs to be excluded | |
# It won't work with Varnish | |
if (req.url ~ "^/admin/content/backup_migrate/export") { | |
return (pipe); | |
} | |
if (req.url ~ "^/user/register$") { | |
return (pass); | |
} | |
if (req.url ~ "^/user/register/.*$") { | |
return (pass); | |
} | |
if (req.url ~ "^/contact") { | |
return (pass); | |
} | |
## COOKIES ## | |
# Always cache the following file types for all users. | |
if (req.url ~ "(?i).(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[\w\d=.-]+)?$") { | |
unset req.http.Cookie; | |
} | |
# Remove all cookies that are not necessary for Drupal to work properly. | |
# Since it would be cumbersome to REMOVE certain cookies, we specify | |
# which ones are of interest to us, and remove all others. In this particular | |
# case we leave SESS, SSESS and NO_CACHE cookies used by Drupal's administrative | |
# interface. Cookies in cookie header are delimited with ";", so when there are | |
# many cookies, the header looks like "Cookie1=value1; Cookie2=value2; Cookie3..." | |
# and so on. That allows us to work with ";" to split cookies into individual | |
# ones. | |
# | |
# The method for filtering unnecessary cookies has been adopted from: | |
# https://fourkitchens.atlassian.net/wiki/display/TECH/Configure+Varnish+3+for+Drupal+7 | |
if (req.http.Cookie) { | |
# 1. We add ; to the beginning of cookie header | |
set req.http.Cookie = ";" + req.http.Cookie; | |
# 2. We remove spaces following each occurence of ";". After this operation | |
# all cookies are delimited with no spaces. | |
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";"); | |
# 3. We replace ";" INTO "; " (adding the space we have previously removed) in cookies | |
# named SESS..., SSESS... and NO_CACHE. After this operation those cookies will be | |
# easy to differentiate from the others, because those will be the only one with space | |
# after ";" | |
set req.http.Cookie = regsuball(req.http.Cookie, ";(SESS[a-z0-9]+|SSESS[a-z0-9]+|NO_CACHE)=", "; \1="); | |
# 4. We remove all cookies with no space after ";", so basically we remove all cookies other | |
# than those above. | |
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", ""); | |
# 5. We strip leading and trailing whitespace and semicolons. | |
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", ""); | |
# If there are no cookies after our striping procedure, we remove the header altogether, | |
# thus allowing Varnish to cache this page | |
if (req.http.Cookie == "") { | |
unset req.http.Cookie; | |
} | |
# if any of our cookies of interest are still there, we disable caching and pass the request | |
# straight to Apache and Drupal | |
else { | |
return (pass); | |
} | |
} | |
} | |
if (req.http.host == "api.cdcmastery.com" || | |
req.http.host == "mail.cdcmastery.com" || | |
req.http.host == "rc.cdcmastery.com" || | |
req.http.host == "db.cdcmastery.com" || | |
req.http.host == "webmin.cdcmastery.com" || | |
req.http.host == "www.cdcmastery.com" || | |
req.http.host == "cdcmastery.com" || | |
req.http.host == "vbprojects.claudebing.com" || | |
req.http.host == "awstats.basil.atl.ga.us.bingnetwork.io" || | |
req.http.host == "db.basil.atl.ga.us.bingnetwork.io" || | |
req.http.host == "nagios.basil.atl.ga.us.bingnetwork.io" || | |
req.http.host == "cloud.bingnetwork.io" || | |
req.http.host == "bingnetwork.io" || | |
req.http.host == "mail.wfto.cc" || | |
req.http.host == "tourists.virginiabeach.com" || | |
req.http.host == "ppc.virginiabeach.com" || | |
req.http.host == "terminal.cdcmastery.com") { | |
return (pipe); | |
} | |
} | |
sub vcl_backend_response { | |
# Happens after we have read the response headers from the backend. | |
# | |
# Here you clean the response headers, removing silly Set-Cookie headers | |
# and other mistakes your backend does. | |
if (bereq.url ~ "(?i)\.(css|js|jpg|jpeg|gif|png|ico)(\?.*)?$") { | |
unset beresp.http.set-cookie; | |
} | |
} | |
sub vcl_deliver { | |
# Happens when we have all the pieces we need, and are about to send the | |
# response to the client. | |
# | |
# You can do accounting or modifying the final object here. | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment