Skip to content

Instantly share code, notes, and snippets.

@section-io-gists
section-io-gists / hashByProto.vcl
Created February 16, 2017 04:34
Split Varnish Cache by the request header X-Forwarded-Proto - Useful when the origin is doing GEO IP redirects or changing content according to protocol
sub vcl_hash {
#Vary cache by protocol type to avoid caching things like HTTP->HTTPS redirects and different versions of files
hash_data(req.http.X-Forwarded-Proto);
}
@section-io-gists
section-io-gists / security_headers.vcl
Last active April 3, 2017 19:40
Send standard HTTPS security headers with VCL
sub vcl_deliver {
set resp.http.X-Frame-Options = "SAMEORIGIN";
set resp.http.X-XSS-Protection = "1; mode=block";
set resp.http.X-Content-Type-Options = "nosniff";
set resp.http.Strict-Transport-Security= "max-age=31536000; includeSubDomains";
set resp.http.Content-Security-Policy-Report-Only = "default-src 'self' ; script-src 'self' r-login.wordpress.com s0.wp.com s1.wp.com s2.wp.com stats.wp.com 0.gravatar.com platform.twitter.com; style-src 'self' s2.wp.com 0.gravatar.com fonts.googleapis.com; img-src 'self' pixel.wp.com 2.gravatar.com ; font-src 'self' data: fonts.gstatic.com; upgrade-insecure-requests; report-uri https://example.report-uri-example.io/report/example-endpoint;";
unset resp.http.Server;
}
@section-io-gists
section-io-gists / GEOIPRedirection.vcl
Created May 8, 2017 04:52
Redirect traffic based on GEO IP lookup (Varnish 4)
sub vcl_recv {
# section.io Edge node automatically performs GEO IP (and city) lookup on every request.
# We create a request header called "section-io-geo-country" that you can leverage
if (req.http.section-io-geo-country ~ "^(AU|NZ)$") {
# Australia and New Zealand
#return (synth(802, "https://www.domain.com.au/"));
} else if (req.http.section-io-geo-country ~ "^(US|CA|MX)$") {
# US, Canada and Mexico
#return (synth(802, "http://www.domain.com/"));
@section-io-gists
section-io-gists / RemoveQueryString.vcl
Last active May 12, 2017 05:23
Varnish 4 - Strip browser side tracking script to improve cache hit rate
sub vcl_recv {
# Strip browser side tracking script to improve cache hit rate
if (req.url ~ "[?&](utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|mc_cid|mc_eid)=") {
set req.url = regsuball(req.url, "(?:(\?)?|&)(?:utm_source|utm_medium|utm_campaign|gclid|cx|ie|cof|siteurl|mc_cid|mc_eid)=[^&]+", "\1");
set req.url = regsuball(req.url, "(?:(\?)&|\?$)", "\1");
}
}
sub vcl_recv {
# Happens before we check if we have this in cache already.
#
# Typically you clean up the request here, removing cookies you don't need,
# rewriting the request, etc.
if (req.method != "GET" && req.method != "HEAD" && req.method != "PURGE") {
return (pass);
}
sub vcl_recv {
# section.io Edge node automatically performs GEO IP (and city) lookup on every request.
# We create a request header called "section-io-geo-country" that you can leverage
if (req.http.section-io-geo-country ~ "^RU$") {
# Block Russia
error 403 "Forbidden";
}
}
@section-io-gists
section-io-gists / staticCachingWithVaryFix.vcl
Last active September 19, 2017 22:13
Cache Static Content and also fix the Vary response header (Commonly needed when origin is responding with: Vary: Accept-Encoding,User-Agent)
#Varnish 4 config below
sub vcl_recv {
#Add font files to be cached as static caching checkbox misses .woff
if (req.url ~ ".*\.(?:css|js|jpe?g|png|gif|ico|swf|woff)(?=\?|&|$)") {
return (hash);
}
}
@section-io-gists
section-io-gists / language-header.vcl
Last active October 9, 2017 15:35
Language header based on country code.
sub vcl_recv {
# Set a X-Language header to spanish is the client is from a spanish speaking country
if (req.http.section-io-geo-country ~ "^(AR|BO|CL|CO|CR|CU|DO|EC|SV|GQ|GT|HN|MX|NI|PA|PY|PE|ES|UY|VE)$") {
set req.http.X-Language = "Spanish";
} else {
set req.http.X-Language = "English";
}
}
sub vcl_hash {
sub vcl_recv {
if the request isn't GET|HEAD|PURGE {
skip the rest of vcl_recv code
}
// Rest of vcl_recv code
perform a lookup in cache
}
sub vcl_backend_response {
if the request isn't GET|HEAD|PURGE {
sub vcl_recv {
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {
return (pass);
}
// Rest of vcl_recv code
return(lookup);
}
sub vcl_fetch {
if (req.request != "GET" && req.request != "HEAD" && req.request != "PURGE") {