twinge/default.vcl

## default.vcl
## Redirect requests to Apache, running on port 8000 on localhost
backend apache {
	.host = "ttp.26am.com";
        .port = "8080";
}
sub vcl_pipe {
        # Note that only the first request to the backend will have
        # X-Forwarded-For set.  If you use X-Forwarded-For and want to
        # have it set for all requests, make sure to have:
        # set req.http.connection = "close";

        # This is otherwise not necessary if you do not do any request rewriting.

        set req.http.connection = "close";
}

sub vcl_recv {
  if (req.http.X-Forwarded-Proto == "https" ) {
   set req.http.X-Forwarded-Port = "443";
  } else {
   set req.http.X-Forwarded-Port = "80";
   set req.http.X-Forwarded-Proto = "http";
  }
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
        # No point in compressing these
        remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
    } else {
        # unkown algorithm
        remove req.http.Accept-Encoding;
    }
  }
   if (req.request != "GET" && req.request != "HEAD") {
      /* We only deal with GET and HEAD by default */
      return (pass);
  }
  if (req.url ~ "^/system") {
    unset req.http.Cookie;
  }
  if (req.http.Authorization || req.http.Cookie) {
    return(lookup);
  }
}
## Fetch
sub vcl_fetch {

		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;

		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
 #       set    req.http.X-Real-IP = req.http.rlnclientipaddr;
		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
		## Deliver the content
        return(deliver);
}

## Deliver
sub vcl_deliver {
		## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
              ## Since we're not caching (yet), why bother telling people we use it?
#        remove resp.http.X-Varnish;
#        remove resp.http.Via;
#        remove resp.http.Age;

		## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
}
	## Redirect requests to Apache, running on port 8000 on localhost
	backend apache {
	.host = "ttp.26am.com";
	.port = "8080";
	}
	sub vcl_pipe {
	# Note that only the first request to the backend will have
	# X-Forwarded-For set. If you use X-Forwarded-For and want to
	# have it set for all requests, make sure to have:
	# set req.http.connection = "close";

	# This is otherwise not necessary if you do not do any request rewriting.

	set req.http.connection = "close";
	}

	sub vcl_recv {
	if (req.http.X-Forwarded-Proto == "https" ) {
	set req.http.X-Forwarded-Port = "443";
	} else {
	set req.http.X-Forwarded-Port = "80";
	set req.http.X-Forwarded-Proto = "http";
	}
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg)$") {
	# No point in compressing these
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	# unkown algorithm
	remove req.http.Accept-Encoding;
	}
	}
	if (req.request != "GET" && req.request != "HEAD") {
	/* We only deal with GET and HEAD by default */
	return (pass);
	}
	if (req.url ~ "^/system") {
	unset req.http.Cookie;
	}
	if (req.http.Authorization \|\| req.http.Cookie) {
	return(lookup);
	}
	}
	## Fetch
	sub vcl_fetch {

	## Remove the X-Forwarded-For header if it exists.
	remove req.http.X-Forwarded-For;

	## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
	set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
	# set req.http.X-Real-IP = req.http.rlnclientipaddr;
	## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
	if (req.url ~ "^/w00tw00t") {
	error 403 "Not permitted";
	}
	## Deliver the content
	return(deliver);
	}

	## Deliver
	sub vcl_deliver {
	## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
	## Since we're not caching (yet), why bother telling people we use it?
	# remove resp.http.X-Varnish;
	# remove resp.http.Via;
	# remove resp.http.Age;

	## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
	remove resp.http.X-Powered-By;
	}