michaelsbradleyjr/wordpress.vcl

## wordpress.vcl
# Use external IP for best compatibility with apache2 vhosts listening on *:8888
backend default {
        .host = "X.X.X.X";
        .port = "8888";
}

acl purge {
        "localhost";
}

sub vcl_recv {
        # Allow banning
        if (req.request == "BAN") {
                if(!(client.ip ~ purge)) {
                        error 405 "Not allowed";
                }
                ban("req.url ~ "+req.url+" && req.http.host == "+req.http.host);
                error 200 "Banned";
        }

        # Allow purging
        if (req.request == "PURGE") {
                if (!(client.ip ~ purge)) {
                        error 405 "Not allowed";
                }
                return (lookup);
        }

        # Requests for phpmyadmin should not go through varnish, use ssh local
        # port forwarding instead and access it on the backend port
        if (req.url ~ "phpmyadmin") {
                error 405 "Not allowed";
        }

        # Pipe if the request method is non-standard
        if (req.request != "GET" &&
        req.request != "HEAD" &&
        req.request != "PUT" &&
        req.request != "POST" &&
        req.request != "TRACE" &&
        req.request != "OPTIONS" &&
        req.request != "DELETE") {
                return (pipe);
        }

        # Bypass cache if the request method is not GET or HEAD
        if (!(req.request == "GET" || req.request == "HEAD")) {
                return (pass);
        }

	# Handle compression correctly; different browsers send different
	# "Accept-Encoding" headers, even though they mostly all support the
	# same compression mechanisms; by consolidating these compression
	# headers into a consistent format, we can reduce the size of the cache
	# and get more hits
        # @see: https://www.varnish-cache.org/trac/wiki/FAQ/Compression
	if (req.http.Accept-Encoding) {
                if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
                        # No point in compressing these
                        remove req.http.Accept-Encoding;
                } elsif (req.http.Accept-Encoding ~ "gzip") {
                        set req.http.Accept-Encoding = "gzip";
                } elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
                        set req.http.Accept-Encoding = "deflate";
                } else {
                        # unkown algorithm
                        remove req.http.Accept-Encoding;
                }
        }

	# Don't serve cached pages to logged in users
	if (req.http.cookie ~ "wordpress_logged_in" || req.url ~ "vaultpress=true") {
		return (pass);
	}

        # Drop all cookies for all static files
        if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
                remove req.http.cookie;
        }

	# Drop any cookies sent to WordPress except for login, admin and preview pages
	if (!(req.url ~ "wp-(login|admin)" || req.url ~ "preview=true")) {
		remove req.http.cookie;
	}

        # Bypass cache for WordPress login, admin and preview pages
        if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
                return (pass);
        }

        return (lookup);
}

sub vcl_fetch {
	# Allow items to be stale if needed
	set beresp.grace = 2m;

	# Drop any cookies WordPress tries to send back to the client except
	# those for login, admin and preview pages and those for logged in users
	if (!(req.url ~ "wp-(login|admin)" ||
        req.url ~ "preview=true" ||
        req.http.cookie ~ "wordpress_logged_in")) {
		remove beresp.http.set-cookie;
	}

        # Never cache a 404 and cache the decision not to cache
        if (beresp.status == 404) {
                set beresp.ttl = 0m;
                return (hit_for_pass);
        }

        # Cache the decision not to cache login, admin and preview pages
        if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true") {
                return (hit_for_pass);
        }

        # Only cache static files for 720 minutes; client-side cache directives
        # and CDN caching are (generally) better solutions for such resources
        # given the (typically) limited resources of the server, e.g. a small
        # VPS
        if (req.url ~ "(?i)\.(png|gif|jpeg|jpg|ico|swf|css|js|html|htm)(\?[a-z0-9]+)?$") {
                set beresp.ttl = 720m;
                return (deliver);
        }

        # Cache everything else for 84 hours; basically, the idea is to cache
        # dynamic content and to entrust wp-varnish plugin with responsibility
        # of purging when those resources have been updated or removed
        set beresp.ttl = 84h;
        return (deliver);
}

# Purge on cache hit
sub vcl_hit {
	if (req.request == "PURGE") {
		purge;
		error 200 "Purged";
	}
}

# Purge on cache miss too (idempotent PURGE)
sub vcl_miss {
	if (req.request == "PURGE") {
		purge;
		error 200 "Purged";
	}
}

# Track cache object hit count or miss in response headers
sub vcl_deliver {
        if (obj.hits > 0) {
                set resp.http.X-Varnish-Cache = "HIT ("+obj.hits+")";
        } else {
                set resp.http.X-Varnish-Cache = "MISS";
        }
}
	# Use external IP for best compatibility with apache2 vhosts listening on *:8888
	backend default {
	.host = "X.X.X.X";
	.port = "8888";
	}

	acl purge {
	"localhost";
	}

	sub vcl_recv {
	# Allow banning
	if (req.request == "BAN") {
	if(!(client.ip ~ purge)) {
	error 405 "Not allowed";
	}
	ban("req.url ~ "+req.url+" && req.http.host == "+req.http.host);
	error 200 "Banned";
	}

	# Allow purging
	if (req.request == "PURGE") {
	if (!(client.ip ~ purge)) {
	error 405 "Not allowed";
	}
	return (lookup);
	}

	# Requests for phpmyadmin should not go through varnish, use ssh local
	# port forwarding instead and access it on the backend port
	if (req.url ~ "phpmyadmin") {
	error 405 "Not allowed";
	}

	# Pipe if the request method is non-standard
	if (req.request != "GET" &&
	req.request != "HEAD" &&
	req.request != "PUT" &&
	req.request != "POST" &&
	req.request != "TRACE" &&
	req.request != "OPTIONS" &&
	req.request != "DELETE") {
	return (pipe);
	}

	# Bypass cache if the request method is not GET or HEAD
	if (!(req.request == "GET" \|\| req.request == "HEAD")) {
	return (pass);
	}

	# Handle compression correctly; different browsers send different
	# "Accept-Encoding" headers, even though they mostly all support the
	# same compression mechanisms; by consolidating these compression
	# headers into a consistent format, we can reduce the size of the cache
	# and get more hits
	# @see: https://www.varnish-cache.org/trac/wiki/FAQ/Compression
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg)$") {
	# No point in compressing these
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate" && req.http.user-agent !~ "MSIE") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	# unkown algorithm
	remove req.http.Accept-Encoding;
	}
	}

	# Don't serve cached pages to logged in users
	if (req.http.cookie ~ "wordpress_logged_in" \|\| req.url ~ "vaultpress=true") {
	return (pass);
	}

	# Drop all cookies for all static files
	if (req.url ~ "(?i)\.(png\|gif\|jpeg\|jpg\|ico\|swf\|css\|js\|html\|htm)(\?[a-z0-9]+)?$") {
	remove req.http.cookie;
	}

	# Drop any cookies sent to WordPress except for login, admin and preview pages
	if (!(req.url ~ "wp-(login\|admin)" \|\| req.url ~ "preview=true")) {
	remove req.http.cookie;
	}

	# Bypass cache for WordPress login, admin and preview pages
	if (req.url ~ "wp-(login\|admin)" \|\| req.url ~ "preview=true") {
	return (pass);
	}

	return (lookup);
	}

	sub vcl_fetch {
	# Allow items to be stale if needed
	set beresp.grace = 2m;

	# Drop any cookies WordPress tries to send back to the client except
	# those for login, admin and preview pages and those for logged in users
	if (!(req.url ~ "wp-(login\|admin)" \|\|
	req.url ~ "preview=true" \|\|
	req.http.cookie ~ "wordpress_logged_in")) {
	remove beresp.http.set-cookie;
	}

	# Never cache a 404 and cache the decision not to cache
	if (beresp.status == 404) {
	set beresp.ttl = 0m;
	return (hit_for_pass);
	}

	# Cache the decision not to cache login, admin and preview pages
	if (req.url ~ "wp-(login\|admin)" \|\| req.url ~ "preview=true") {
	return (hit_for_pass);
	}

	# Only cache static files for 720 minutes; client-side cache directives
	# and CDN caching are (generally) better solutions for such resources
	# given the (typically) limited resources of the server, e.g. a small
	# VPS
	if (req.url ~ "(?i)\.(png\|gif\|jpeg\|jpg\|ico\|swf\|css\|js\|html\|htm)(\?[a-z0-9]+)?$") {
	set beresp.ttl = 720m;
	return (deliver);
	}

	# Cache everything else for 84 hours; basically, the idea is to cache
	# dynamic content and to entrust wp-varnish plugin with responsibility
	# of purging when those resources have been updated or removed
	set beresp.ttl = 84h;
	return (deliver);
	}

	# Purge on cache hit
	sub vcl_hit {
	if (req.request == "PURGE") {
	purge;
	error 200 "Purged";
	}
	}

	# Purge on cache miss too (idempotent PURGE)
	sub vcl_miss {
	if (req.request == "PURGE") {
	purge;
	error 200 "Purged";
	}
	}

	# Track cache object hit count or miss in response headers
	sub vcl_deliver {
	if (obj.hits > 0) {
	set resp.http.X-Varnish-Cache = "HIT ("+obj.hits+")";
	} else {
	set resp.http.X-Varnish-Cache = "MISS";
	}
	}