From ayberk.kimsesiz at gmail.com Mon Aug 1 07:59:00 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Mon, 1 Aug 2016 10:59:00 +0300 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: Hi again, The problem is still continue. While Varnish is active CPU usage is always close to 100%. Thanks 2016-07-31 8:54 GMT+03:00 Ayberk Kimsesiz : > Can you help? The problem is still continue. While Varnish is active CPU > usage is always close to 100%. > > 2016-07-28 19:57 GMT+03:00 Ayberk Kimsesiz : > >> Hi, >> >> *CPU Monitor: * >> >> http://i.imgur.com/5KT1xRu.jpg >> >> *Apache status:* >> >> SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest >> *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 >> ns1.***com:8080 OPTIONS * HTTP/1.0 >> *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 ns1.***.com:8080 OPTIONS >> * HTTP/1.0 >> *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 >> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 >> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> Apache error logs don't show anything about CPU. >> >> >> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >> guillaume at varnish-software.com>: >> >>> You seem to have a good hit ratio, are you seeing anything on the apache >>> logs that would explain the cpu usage? >>> >>> -- >>> Guillaume Quintard >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Mon Aug 1 08:05:59 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Mon, 1 Aug 2016 10:05:59 +0200 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: are you seeing anything on the apache logs that would explain the cpu usage? what's different for apache between with and without varnish? -- Guillaume Quintard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Mon Aug 1 08:55:55 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Mon, 1 Aug 2016 11:55:55 +0300 Subject: Default.vcl + video problem Message-ID: Hi, When i add the following codes into Default.vcl the videos (MP4 and FLV) are not working or loading properly. What can i do for this? */* SET THE HOST AND PORT OF WORDPRESS* * * *********************************************************/* *vcl 4.0;* *import std;* *backend default {* * .host = "*********";* * .port = "8080";* * .first_byte_timeout = 60s;* * .connect_timeout = 300s;* *}* *# SET THE ALLOWED IP OF PURGE REQUESTS* *# ##########################################################* *acl purge {* * "localhost";* * "127.0.0.1";* *}* *#THE RECV FUNCTION* *# ##########################################################* *sub vcl_recv {* *# set realIP by trimming CloudFlare IP which will be used for various checks* *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); * * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* * # Purge request check sections for hash_always_miss, purge and ban* * # BLOCK IF NOT IP is not in purge acl* * # ##########################################################* * # Enable smart refreshing using hash_always_miss* *if (req.http.Cache-Control ~ "no-cache") {* * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * set req.hash_always_miss = true;* * }* *}* *if (req.method == "PURGE") {* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(405,"Not allowed."));* * }* * return (purge);* * }* *if (req.method == "BAN") {* * # Same ACL check as above:* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(403, "Not allowed."));* * }* * ban("req.http.host == " + req.http.host +* * " && req.url == " + req.url);* * # Throw a synthetic page so the* * # request won't go to the backend.* * return(synth(200, "Ban added"));* *}* *# Unset cloudflare cookies* *# Remove has_js and CloudFlare/Google Analytics __* cookies.* * set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* * # Remove a ";" prefix, if present.* * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* * # For Testing: If you want to test with Varnish passing (not caching) uncomment* * # return( pass );* * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* *# DO NOT CACHE RSS FEED* * if (req.url ~ "/feed(/)?") {* * return ( pass ); * *}* *## Do not cache search results, comment these 3 lines if you do want to cache them* *if (req.url ~ "/\?s\=") {* * return ( pass ); * *}* *# CLEAN UP THE ENCODING HEADER.* * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* * # ##########################################################* * if (req.http.Accept-Encoding) {* * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* * # No point in compressing these* * unset req.http.Accept-Encoding;* * } elsif (req.http.Accept-Encoding ~ "gzip") {* * set req.http.Accept-Encoding = "gzip";* * } elsif (req.http.Accept-Encoding ~ "deflate") {* * set req.http.Accept-Encoding = "deflate";* * } else {* * # unknown algorithm* * unset req.http.Accept-Encoding;* * }* * }* * # PIPE ALL NON-STANDARD REQUESTS* * # ##########################################################* * if (req.method != "GET" &&* * req.method != "HEAD" &&* * req.method != "PUT" && * * req.method != "POST" &&* * req.method != "TRACE" &&* * req.method != "OPTIONS" &&* * req.method != "DELETE") {* * return (pipe);* * }* * # ONLY CACHE GET AND HEAD REQUESTS* * # ##########################################################* * if (req.method != "GET" && req.method != "HEAD") {* * return (pass);* * }* * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER* * # COMMENT OR UNCOMMENT BOTH* * # ##########################################################* * if ( req.http.cookie ~ "wordpress_logged_in" ) {* * return( pass );* * }* * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* * # THEN UNSET THE COOKIES* * # ##########################################################* * if (!(req.url ~ "wp-(login|admin)") * * && !(req.url ~ "&preview=true" ) * * ){* * unset req.http.cookie;* * }* * # IF BASIC AUTH IS ON THEN DO NOT CACHE* * # ##########################################################* * if (req.http.Authorization || req.http.Cookie) {* * return (pass);* * }* * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* * # ##########################################################* * return (hash);* * # This is for phpmyadmin* *if (req.http.Host == "ki1.org ") {* *return (pass);* *}* *if (req.http.Host == "mysql.ki1.org ") {* *return (pass);* *}* *}* *# HIT FUNCTION* *# ##########################################################* *sub vcl_hit {* * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* * # ##########################################################* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (deliver);* *}* *# MISS FUNCTION* *# ##########################################################* *sub vcl_miss {* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (fetch);* *}* *# FETCH FUNCTION* *# ##########################################################* *sub vcl_backend_response {* * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* * # TO DO THIS* * # ##########################################################* * set beresp.http.Vary = "Accept-Encoding";* * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * * # TIME THIS PAGE WILL STAY CACHED (TTL)* * # ##########################################################* * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {* * unset beresp.http.set-cookie;* * set beresp.ttl = 52w;* *# set beresp.grace =1w;* * }* * if (beresp.ttl <= 0s ||* * beresp.http.Set-Cookie ||* * beresp.http.Vary == "*") {* * set beresp.ttl = 120 s;* * # set beresp.ttl = 120s;* * set beresp.uncacheable = true;* * return (deliver);* * }* * return (deliver);* *}* *# DELIVER FUNCTION* *# ##########################################################* *sub vcl_deliver {* * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * * # IN THE HEADER (GREAT FOR DEBUGGING)* * # ##########################################################* * if (obj.hits > 0) {* * set resp.http.X-Cache = "HIT";* * # IF THIS IS A MISS RETURN THAT IN THE HEADER* * # ##########################################################* * } else {* * set resp.http.X-Cache = "MISS";* * }* *}* -------------- next part -------------- An HTML attachment was scrubbed... URL: From jaroslav.mitas at avg.com Mon Aug 1 11:06:47 2016 From: jaroslav.mitas at avg.com (=?iso-8859-2?Q?Jaroslav_Mit=E1=B9?=) Date: Mon, 1 Aug 2016 11:06:47 +0000 Subject: Varnish + New relic Message-ID: <3bb861ef16be444d8e4171a54a018ecb@EX13-CZ-03.cz.avg.com> Hi all, I am looking for some plugin for New Relic which to be able to read data from Varnish instances and display some statistc from them in NR. I found https://github.com/varnish/newrelic_varnish_plugin but this seems that is not continuing any more (last commint is nearly 3y old). Do you know some other solutions? Thanks for help. Jaroslav Mitas -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 06:58:54 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 01:58:54 -0500 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: Are you using the Event MPM by chance? If so, I suggest switching over to Worker since Event rarely runs into a bug/issue which causes threads to use inordinate amounts of resources while processing trivial requests. A bit off-topic, but what's that monitoring software being used from the ss? On Mon, Aug 1, 2016 at 2:59 AM, Ayberk Kimsesiz wrote: > Hi again, > > The problem is still continue. While Varnish is active CPU usage is always > close to 100%. > > Thanks > > 2016-07-31 8:54 GMT+03:00 Ayberk Kimsesiz : > >> Can you help? The problem is still continue. While Varnish is active CPU >> usage is always close to 100%. >> >> 2016-07-28 19:57 GMT+03:00 Ayberk Kimsesiz : >> >>> Hi, >>> >>> *CPU Monitor: * >>> >>> http://i.imgur.com/5KT1xRu.jpg >>> >>> *Apache status:* >>> >>> SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest >>> *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 >>> ns1.***com:8080 OPTIONS * HTTP/1.0 >>> *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 http/1.1 >>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 >>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 >>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 >>> ns1.***.com:8080 OPTIONS * HTTP/1.0 >>> *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 >>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 >>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 >>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 >>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> Apache error logs don't show anything about CPU. >>> >>> >>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>> guillaume at varnish-software.com>: >>> >>>> You seem to have a good hit ratio, are you seeing anything on the >>>> apache logs that would explain the cpu usage? >>>> >>>> -- >>>> Guillaume Quintard >>>> >>> >>> >> > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 07:28:05 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 10:28:05 +0300 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: Hi Andrei, If i disable the Varnish, everything returns to normal. I use MPM as a Prefork. Do i need to use Worker MPM for Varnish? When i check the httpd-status, i see a strong relation between high CPU usage and AJAX based codes. *wpcf7_is_ajax_call=1&_wpcf7=19211&_wpcf7_request_v* *wp-admin/admin-ajax.php HTTP/1.1* */forum/settings/analyticstick.json HTTP/1.1* Monitoring Software: Net Data https://github.com/firehol/netdata 2016-08-02 9:58 GMT+03:00 Andrei : > Are you using the Event MPM by chance? If so, I suggest switching over to > Worker since Event rarely runs into a bug/issue which causes threads to use > inordinate amounts of resources while processing trivial requests. > A bit off-topic, but what's that monitoring software being used from the > ss? > > On Mon, Aug 1, 2016 at 2:59 AM, Ayberk Kimsesiz > wrote: > >> Hi again, >> >> The problem is still continue. While Varnish is active CPU usage is >> always close to 100%. >> >> Thanks >> >> 2016-07-31 8:54 GMT+03:00 Ayberk Kimsesiz : >> >>> Can you help? The problem is still continue. While Varnish is active CPU >>> usage is always close to 100%. >>> >>> 2016-07-28 19:57 GMT+03:00 Ayberk Kimsesiz : >>> >>>> Hi, >>>> >>>> *CPU Monitor: * >>>> >>>> http://i.imgur.com/5KT1xRu.jpg >>>> >>>> *Apache status:* >>>> >>>> SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest >>>> *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 >>>> ns1.***com:8080 OPTIONS * HTTP/1.0 >>>> *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 >>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 >>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 >>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 >>>> ns1.***.com:8080 OPTIONS * HTTP/1.0 >>>> *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 >>>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 >>>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 >>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 >>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> Apache error logs don't show anything about CPU. >>>> >>>> >>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>> guillaume at varnish-software.com>: >>>> >>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>> apache logs that would explain the cpu usage? >>>>> >>>>> -- >>>>> Guillaume Quintard >>>>> >>>> >>>> >>> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 07:54:43 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 02:54:43 -0500 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: Since you're using Prefork, it requires a new process per request and can tend to spike resources especially with wp admin-ajax requests. I suggest using a threaded MPM such as Worker which will yield far better performance results. This isn't a Varnish related requirement, more of a suggested Apache config for better performance. Thanks for the netdata tip, I noticed it in the menu shortly after asking :) On Tue, Aug 2, 2016 at 2:28 AM, Ayberk Kimsesiz wrote: > Hi Andrei, > > If i disable the Varnish, everything returns to normal. I use MPM as a > Prefork. Do i need to use Worker MPM for Varnish? > When i check the httpd-status, i see a strong relation between high CPU > usage and AJAX based codes. > > *wpcf7_is_ajax_call=1&_wpcf7=19211&_wpcf7_request_v* > *wp-admin/admin-ajax.php HTTP/1.1* > */forum/settings/analyticstick.json HTTP/1.1* > > Monitoring Software: Net Data https://github.com/firehol/netdata > > 2016-08-02 9:58 GMT+03:00 Andrei : > >> Are you using the Event MPM by chance? If so, I suggest switching over to >> Worker since Event rarely runs into a bug/issue which causes threads to use >> inordinate amounts of resources while processing trivial requests. >> A bit off-topic, but what's that monitoring software being used from the >> ss? >> >> On Mon, Aug 1, 2016 at 2:59 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> Hi again, >>> >>> The problem is still continue. While Varnish is active CPU usage is >>> always close to 100%. >>> >>> Thanks >>> >>> 2016-07-31 8:54 GMT+03:00 Ayberk Kimsesiz : >>> >>>> Can you help? The problem is still continue. While Varnish is active >>>> CPU usage is always close to 100%. >>>> >>>> 2016-07-28 19:57 GMT+03:00 Ayberk Kimsesiz : >>>> >>>>> Hi, >>>>> >>>>> *CPU Monitor: * >>>>> >>>>> http://i.imgur.com/5KT1xRu.jpg >>>>> >>>>> *Apache status:* >>>>> >>>>> SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest >>>>> *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 >>>>> ns1.***com:8080 OPTIONS * HTTP/1.0 >>>>> *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 >>>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 >>>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 >>>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 >>>>> ns1.***.com:8080 OPTIONS * HTTP/1.0 >>>>> *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 >>>>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 >>>>> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 >>>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 >>>>> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> Apache error logs don't show anything about CPU. >>>>> >>>>> >>>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>>> guillaume at varnish-software.com>: >>>>> >>>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>>> apache logs that would explain the cpu usage? >>>>>> >>>>>> -- >>>>>> Guillaume Quintard >>>>>> >>>>> >>>>> >>>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stig at zedge.net Tue Aug 2 12:07:25 2016 From: stig at zedge.net (Stig Bakken) Date: Tue, 2 Aug 2016 14:07:25 +0200 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: Could it be that Varnish is not caching those POST requests, and that they are what makes Apache consume a lot of CPU? On MPMs: with PHP prefork is the safest choice, and it will work just fine as long as you have a reasonable config, especially since you have Varnish in front offloading the job of shuffling bytes back to the users. If I were you I'd try to get more data on which requests take a long time, some variant of "varnishncsa -F %D".. If you're into using Prometheus for metrics, you can try out this exporter which will give you a lot of insight into which requests take a long time to process: https://github.com/stigsb/varnish_request_exporter (Prometheus is awesome!) - Stig On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz wrote: > Hi, > > *CPU Monitor: * > > http://i.imgur.com/5KT1xRu.jpg > > *Apache status:* > > SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest > *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 ns1.***com:8080 OPTIONS > * HTTP/1.0 > *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 ns1.***.com:8080 OPTIONS > * HTTP/1.0 > *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 > http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 http/1.1 > www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 > > Apache error logs don't show anything about CPU. > > > 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < > guillaume at varnish-software.com>: > >> You seem to have a good hit ratio, are you seeing anything on the apache >> logs that would explain the cpu usage? >> >> -- >> Guillaume Quintard >> > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- Stig Bakken CTO, Zedge.net - free your phone! -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Tue Aug 2 13:08:24 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Tue, 2 Aug 2016 15:08:24 +0200 Subject: Default.vcl + video problem In-Reply-To: References: Message-ID: Please look at varnishlog and check if anything is wrong. You can also trying downloading a video chunk and check if you can play it. -- Guillaume Quintard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 13:18:15 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 16:18:15 +0300 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: I used Default.VCL in two different ways. The first with default settings and the second with settings customized for Wordpress (either case, the CPU usage increases). That is as follows: Also i couldn't find a Centos 6 installation guide for Prometheus. */* SET THE HOST AND PORT OF WORDPRESS* * * *********************************************************/* *vcl 4.0;* *import std;* *backend default {* * .host = "SERVER IP";* * .port = "8080";* * .first_byte_timeout = 60s;* * .connect_timeout = 300s;* *}* *# SET THE ALLOWED IP OF PURGE REQUESTS* *# ##########################################################* *acl purge {* * "localhost";* * "127.0.0.1";* *}* *#THE RECV FUNCTION* *# ##########################################################* *sub vcl_recv {* *# set realIP by trimming CloudFlare IP which will be used for various checks* *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); * * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* * # Purge request check sections for hash_always_miss, purge and ban* * # BLOCK IF NOT IP is not in purge acl* * # ##########################################################* * # Enable smart refreshing using hash_always_miss* *if (req.http.Cache-Control ~ "no-cache") {* * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * set req.hash_always_miss = true;* * }* *}* *if (req.method == "PURGE") {* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(405,"Not allowed."));* * }* * return (purge);* * }* *if (req.method == "BAN") {* * # Same ACL check as above:* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(403, "Not allowed."));* * }* * ban("req.http.host == " + req.http.host +* * " && req.url == " + req.url);* * # Throw a synthetic page so the* * # request won't go to the backend.* * return(synth(200, "Ban added"));* *}* *# Unset cloudflare cookies* *# Remove has_js and CloudFlare/Google Analytics __* cookies.* * set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* * # Remove a ";" prefix, if present.* * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* * # For Testing: If you want to test with Varnish passing (not caching) uncomment* * # return( pass );* * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* *# DO NOT CACHE RSS FEED* * if (req.url ~ "/feed(/)?") {* * return ( pass ); * *}* *## Do not cache search results, comment these 3 lines if you do want to cache them* *if (req.url ~ "/\?s\=") {* * return ( pass ); * *}* *# CLEAN UP THE ENCODING HEADER.* * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* * # ##########################################################* * if (req.http.Accept-Encoding) {* * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* * # No point in compressing these* * unset req.http.Accept-Encoding;* * } elsif (req.http.Accept-Encoding ~ "gzip") {* * set req.http.Accept-Encoding = "gzip";* * } elsif (req.http.Accept-Encoding ~ "deflate") {* * set req.http.Accept-Encoding = "deflate";* * } else {* * # unknown algorithm* * unset req.http.Accept-Encoding;* * }* * }* * # PIPE ALL NON-STANDARD REQUESTS* * # ##########################################################* * if (req.method != "GET" &&* * req.method != "HEAD" &&* * req.method != "PUT" && * * req.method != "POST" &&* * req.method != "TRACE" &&* * req.method != "OPTIONS" &&* * req.method != "DELETE") {* * return (pipe);* * }* * # ONLY CACHE GET AND HEAD REQUESTS* * # ##########################################################* * if (req.method != "GET" && req.method != "HEAD") {* * return (pass);* * }* * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER* * # COMMENT OR UNCOMMENT BOTH* * # ##########################################################* * if ( req.http.cookie ~ "wordpress_logged_in" ) {* * return( pass );* * }* * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* * # THEN UNSET THE COOKIES* * # ##########################################################* * if (!(req.url ~ "wp-(login|admin)") * * && !(req.url ~ "&preview=true" ) * * ){* * unset req.http.cookie;* * }* * # IF BASIC AUTH IS ON THEN DO NOT CACHE* * # ##########################################################* * if (req.http.Authorization || req.http.Cookie) {* * return (pass);* * }* * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* * # ##########################################################* * return (hash);* * # This is for phpmyadmin* *if (req.http.Host == "ki1.org ") {* *return (pass);* *}* *if (req.http.Host == "mysql.ki1.org ") {* *return (pass);* *}* *}* *# HIT FUNCTION* *# ##########################################################* *sub vcl_hit {* * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* * # ##########################################################* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (deliver);* *}* *# MISS FUNCTION* *# ##########################################################* *sub vcl_miss {* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (fetch);* *}* *# FETCH FUNCTION* *# ##########################################################* *sub vcl_backend_response {* * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* * # TO DO THIS* * # ##########################################################* * set beresp.http.Vary = "Accept-Encoding";* * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * * # TIME THIS PAGE WILL STAY CACHED (TTL)* * # ##########################################################* * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {* * unset beresp.http.set-cookie;* * set beresp.ttl = 52w;* *# set beresp.grace =1w;* * }* * if (beresp.ttl <= 0s ||* * beresp.http.Set-Cookie ||* * beresp.http.Vary == "*") {* * set beresp.ttl = 120 s;* * # set beresp.ttl = 120s;* * set beresp.uncacheable = true;* * return (deliver);* * }* * return (deliver);* *}* *# DELIVER FUNCTION* *# ##########################################################* *sub vcl_deliver {* * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * * # IN THE HEADER (GREAT FOR DEBUGGING)* * # ##########################################################* * if (obj.hits > 0) {* * set resp.http.X-Cache = "HIT";* * # IF THIS IS A MISS RETURN THAT IN THE HEADER* * # ##########################################################* * } else {* * set resp.http.X-Cache = "MISS";* * }* *}* 2016-08-02 15:07 GMT+03:00 Stig Bakken : > Could it be that Varnish is not caching those POST requests, and that they > are what makes Apache consume a lot of CPU? > > On MPMs: with PHP prefork is the safest choice, and it will work just fine > as long as you have a reasonable config, especially since you have Varnish > in front offloading the job of shuffling bytes back to the users. > > If I were you I'd try to get more data on which requests take a long time, > some variant of "varnishncsa -F %D".. > > If you're into using Prometheus for metrics, you can try out this exporter > which will give you a lot of insight into which requests take a long time > to process: https://github.com/stigsb/varnish_request_exporter > (Prometheus is awesome!) > > - Stig > > > On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > >> Hi, >> >> *CPU Monitor: * >> >> http://i.imgur.com/5KT1xRu.jpg >> >> *Apache status:* >> >> SrvPIDAccMCPUSSReqConnChildSlotClientProtocolVHostRequest >> *0-0* - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 >> ns1.***com:8080 OPTIONS * HTTP/1.0 >> *1-0* 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *2-0* 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *3-0* 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *4-0* - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 ns1.***.com:8080 OPTIONS >> * HTTP/1.0 >> *5-0* 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *6-0* 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 >> www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *7-0* 14192 11/57/8355 *K* 72.73 0 1363 106.6 0.44 52.79 176.***.10 >> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> *8-0* 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 >> http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> Apache error logs don't show anything about CPU. >> >> >> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >> guillaume at varnish-software.com>: >> >>> You seem to have a good hit ratio, are you seeing anything on the apache >>> logs that would explain the cpu usage? >>> >>> -- >>> Guillaume Quintard >>> >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > > > -- > Stig Bakken > CTO, Zedge.net - free your phone! > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thierry.magnien at sfr.com Tue Aug 2 14:43:08 2016 From: thierry.magnien at sfr.com (MAGNIEN, Thierry) Date: Tue, 2 Aug 2016 14:43:08 +0000 Subject: Varnish CPU Usage In-Reply-To: References: Message-ID: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Hi, There are known CPU issues due to WordPress HearBeat API, for example, or misbehaving plugins. See http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage for example. Maybe one of your plugins has some difficulties going through varnish. If you enable debug on your browser, can you see specific calls to /wp-admin/admin-ajax.php that take a very long time with varnish and not when varnish is disabled ? Thierry De : varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] De la part de Ayberk Kimsesiz Envoy? : mardi 2 ao?t 2016 15:18 ? : Stig Bakken Cc : varnish-misc Objet : Re: Varnish CPU Usage I used Default.VCL in two different ways. The first with default settings and the second with settings customized for Wordpress (either case, the CPU usage increases). That is as follows: Also i couldn't find a Centos 6 installation guide for Prometheus. /* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "SERVER IP"; .port = "8080"; .first_byte_timeout = 60s; .connect_timeout = 300s; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # Unset cloudflare cookies # Remove has_js and CloudFlare/Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## if ( req.http.cookie ~ "wordpress_logged_in" ) { return( pass ); } # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## if (!(req.url ~ "wp-(login|admin)") && !(req.url ~ "&preview=true" ) ){ unset req.http.cookie; } # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "ki1.org") { return (pass); } if (req.http.Host == "mysql.ki1.org") { return (pass); } } # HIT FUNCTION # ########################################################## sub vcl_hit { # IF THIS IS A PURGE REQUEST THEN DO THE PURGE # ########################################################## if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) { unset beresp.http.set-cookie; set beresp.ttl = 52w; # set beresp.grace =1w; } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } 2016-08-02 15:07 GMT+03:00 Stig Bakken >: Could it be that Varnish is not caching those POST requests, and that they are what makes Apache consume a lot of CPU? On MPMs: with PHP prefork is the safest choice, and it will work just fine as long as you have a reasonable config, especially since you have Varnish in front offloading the job of shuffling bytes back to the users. If I were you I'd try to get more data on which requests take a long time, some variant of "varnishncsa -F %D".. If you're into using Prometheus for metrics, you can try out this exporter which will give you a lot of insight into which requests take a long time to process: https://github.com/stigsb/varnish_request_exporter (Prometheus is awesome!) - Stig On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz > wrote: Hi, CPU Monitor: http://i.imgur.com/5KT1xRu.jpg Apache status: Srv PID Acc M CPU SS Req Conn Child Slot Client Protocol VHost Request 0-0 - 0/0/9766 . 134.59 37 0 0.0 0.00 64.40 ::1 http/1.1 ns1.***com:8080 OPTIONS * HTTP/1.0 1-0 14612 0/16/9058 _ 17.83 13 1498 0.0 0.02 53.29 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 2-0 10863 0/179/9795 _ 185.14 6 1424 0.0 0.58 60.32 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 3-0 13127 0/127/9435 _ 119.80 4 1419 0.0 0.42 56.51 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 4-0 - 0/0/9187 . 0.00 50 0 0.0 0.00 56.60 ::1 http/1.1 ns1.***.com:8080 OPTIONS * HTTP/1.0 5-0 14851 0/9/8761 _ 8.95 13 1559 0.0 0.01 57.90 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 6-0 14852 0/6/8130 _ 6.67 4 1482 0.0 0.01 51.88 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 7-0 14192 11/57/8355 K 72.73 0 1363 106.6 0.44 52.79 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 8-0 13067 0/125/7795 _ 121.19 13 1759 0.0 0.65 68.27 176.***.10 http/1.1 www.***.com:8080 POST /wp-admin/admin-ajax.php HTTP/1.1 Apache error logs don't show anything about CPU. 2016-07-28 19:31 GMT+03:00 Guillaume Quintard >: You seem to have a good hit ratio, are you seeing anything on the apache logs that would explain the cpu usage? -- Guillaume Quintard _______________________________________________ varnish-misc mailing list varnish-misc at varnish-cache.org https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc -- Stig Bakken CTO, Zedge.net - free your phone! -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 15:45:17 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 10:45:17 -0500 Subject: Varnish CPU Usage In-Reply-To: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Those admin-ajax.php POST requests won't get cached, and are likely related to WordPress heartbeats, or plugins. The quickest way to see what those requests actually are, which will help you identify the plugin/theme option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry wrote: > Hi, > > > > There are known CPU issues due to WordPress HearBeat API, for example, or > misbehaving plugins. > > > > See > http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage > for example. > > > > Maybe one of your plugins has some difficulties going through varnish. > > > > If you enable debug on your browser, can you see specific calls to > /wp-admin/admin-ajax.php that take a very long time with varnish and not > when varnish is disabled ? > > > > Thierry > > > > *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org > [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] *De > la part de* Ayberk Kimsesiz > *Envoy? :* mardi 2 ao?t 2016 15:18 > *? :* Stig Bakken > *Cc :* varnish-misc > *Objet :* Re: Varnish CPU Usage > > > > I used Default.VCL in two different ways. The first with default settings > and the second with settings customized for Wordpress (either case, the CPU > usage increases). That is as follows: > > > > Also i couldn't find a Centos 6 installation guide for Prometheus. > > > > */* SET THE HOST AND PORT OF WORDPRESS* > > * * *********************************************************/* > > *vcl 4.0;* > > *import std;* > > > > *backend default {* > > * .host = "SERVER IP";* > > * .port = "8080";* > > * .first_byte_timeout = 60s;* > > * .connect_timeout = 300s;* > > *}* > > > > *# SET THE ALLOWED IP OF PURGE REQUESTS* > > *# ##########################################################* > > *acl purge {* > > * "localhost";* > > * "127.0.0.1";* > > *}* > > > > *#THE RECV FUNCTION* > > *# ##########################################################* > > *sub vcl_recv {* > > > > *# set realIP by trimming CloudFlare IP which will be used for various > checks* > > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); * > > > > * # FORWARD THE IP OF THE REQUEST* > > * if (req.restarts == 0) {* > > * if (req.http.x-forwarded-for) {* > > * set req.http.X-Forwarded-For =* > > * req.http.X-Forwarded-For + ", " + client.ip;* > > * } else {* > > * set req.http.X-Forwarded-For = client.ip;* > > * }* > > * }* > > > > * # Purge request check sections for hash_always_miss, purge and ban* > > * # BLOCK IF NOT IP is not in purge acl* > > * # ##########################################################* > > > > * # Enable smart refreshing using hash_always_miss* > > *if (req.http.Cache-Control ~ "no-cache") {* > > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > > * set req.hash_always_miss = true;* > > * }* > > *}* > > > > *if (req.method == "PURGE") {* > > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > > * return(synth(405,"Not allowed."));* > > * }* > > * return (purge);* > > > > * }* > > *if (req.method == "BAN") {* > > * # Same ACL check as above:* > > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ purge) {* > > * return(synth(403, "Not allowed."));* > > * }* > > * ban("req.http.host == " + req.http.host +* > > * " && req.url == " + req.url);* > > > > * # Throw a synthetic page so the* > > * # request won't go to the backend.* > > * return(synth(200, "Ban added"));* > > *}* > > > > *# Unset cloudflare cookies* > > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > > * set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > > * # Remove a ";" prefix, if present.* > > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > > > > * # For Testing: If you want to test with Varnish passing (not caching) > uncomment* > > * # return( pass );* > > > > * # FORWARD THE IP OF THE REQUEST* > > * if (req.restarts == 0) {* > > * if (req.http.x-forwarded-for) {* > > * set req.http.X-Forwarded-For =* > > * req.http.X-Forwarded-For + ", " + client.ip;* > > * } else {* > > * set req.http.X-Forwarded-For = client.ip;* > > * }* > > * }* > > > > *# DO NOT CACHE RSS FEED* > > * if (req.url ~ "/feed(/)?") {* > > * return ( pass ); * > > *}* > > > > *## Do not cache search results, comment these 3 lines if you do want to > cache them* > > > > *if (req.url ~ "/\?s\=") {* > > * return ( pass ); * > > *}* > > > > *# CLEAN UP THE ENCODING HEADER.* > > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* > > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > > * # ##########################################################* > > * if (req.http.Accept-Encoding) {* > > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > > * # No point in compressing these* > > * unset req.http.Accept-Encoding;* > > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > > * set req.http.Accept-Encoding = "gzip";* > > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > > * set req.http.Accept-Encoding = "deflate";* > > * } else {* > > * # unknown algorithm* > > * unset req.http.Accept-Encoding;* > > * }* > > * }* > > > > * # PIPE ALL NON-STANDARD REQUESTS* > > * # ##########################################################* > > * if (req.method != "GET" &&* > > * req.method != "HEAD" &&* > > * req.method != "PUT" && * > > * req.method != "POST" &&* > > * req.method != "TRACE" &&* > > * req.method != "OPTIONS" &&* > > * req.method != "DELETE") {* > > * return (pipe);* > > * }* > > > > * # ONLY CACHE GET AND HEAD REQUESTS* > > * # ##########################################################* > > * if (req.method != "GET" && req.method != "HEAD") {* > > * return (pass);* > > * }* > > > > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER* > > * # COMMENT OR UNCOMMENT BOTH* > > * # ##########################################################* > > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > > * return( pass );* > > * }* > > > > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > > * # THEN UNSET THE COOKIES* > > * # ##########################################################* > > * if (!(req.url ~ "wp-(login|admin)") * > > * && !(req.url ~ "&preview=true" ) * > > * ){* > > * unset req.http.cookie;* > > * }* > > > > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > > * # ##########################################################* > > * if (req.http.Authorization || req.http.Cookie) {* > > * return (pass);* > > * }* > > > > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > > * # ##########################################################* > > * return (hash);* > > * # This is for phpmyadmin* > > *if (req.http.Host == "ki1.org ") {* > > *return (pass);* > > *}* > > > > *if (req.http.Host == "mysql.ki1.org ") {* > > *return (pass);* > > *}* > > > > *}* > > > > *# HIT FUNCTION* > > *# ##########################################################* > > *sub vcl_hit {* > > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > > * # ##########################################################* > > * if (req.method == "PURGE") {* > > * #* > > * # This is now handled in vcl_recv.* > > * #* > > * # purge;* > > * return (synth(200, "Purged."));* > > * }* > > * return (deliver);* > > *}* > > > > *# MISS FUNCTION* > > *# ##########################################################* > > *sub vcl_miss {* > > * if (req.method == "PURGE") {* > > * #* > > * # This is now handled in vcl_recv.* > > * #* > > * # purge;* > > * return (synth(200, "Purged."));* > > * }* > > * return (fetch);* > > *}* > > > > *# FETCH FUNCTION* > > *# ##########################################################* > > *sub vcl_backend_response {* > > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > > * # TO DO THIS* > > * # ##########################################################* > > * set beresp.http.Vary = "Accept-Encoding";* > > > > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > > * # ##########################################################* > > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) {* > > * unset beresp.http.set-cookie;* > > * set beresp.ttl = 52w;* > > *# set beresp.grace =1w;* > > * }* > > > > * if (beresp.ttl <= 0s ||* > > * beresp.http.Set-Cookie ||* > > * beresp.http.Vary == "*") {* > > * set beresp.ttl = 120 s;* > > * # set beresp.ttl = 120s;* > > * set beresp.uncacheable = true;* > > * return (deliver);* > > * }* > > > > * return (deliver);* > > *}* > > > > *# DELIVER FUNCTION* > > *# ##########################################################* > > *sub vcl_deliver {* > > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > > * # IN THE HEADER (GREAT FOR DEBUGGING)* > > * # ##########################################################* > > * if (obj.hits > 0) {* > > * set resp.http.X-Cache = "HIT";* > > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > > * # ##########################################################* > > * } else {* > > * set resp.http.X-Cache = "MISS";* > > * }* > > *}* > > > > > > > > 2016-08-02 15:07 GMT+03:00 Stig Bakken : > > Could it be that Varnish is not caching those POST requests, and that they > are what makes Apache consume a lot of CPU? > > > > On MPMs: with PHP prefork is the safest choice, and it will work just fine > as long as you have a reasonable config, especially since you have Varnish > in front offloading the job of shuffling bytes back to the users. > > > > If I were you I'd try to get more data on which requests take a long time, > some variant of "varnishncsa -F %D".. > > > > If you're into using Prometheus for metrics, you can try out this exporter > which will give you a lot of insight into which requests take a long time > to process: https://github.com/stigsb/varnish_request_exporter > (Prometheus is awesome!) > > > > - Stig > > > > > > On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > > Hi, > > > > *CPU Monitor: * > > > > http://i.imgur.com/5KT1xRu.jpg > > > > *Apache status:* > > > > *Srv* > > *PID* > > *Acc* > > *M* > > *CPU* > > *SS* > > *Req* > > *Conn* > > *Child* > > *Slot* > > *Client* > > *Protocol* > > *VHost* > > *Request* > > *0-0* > > - > > 0/0/9766 > > . > > 134.59 > > 37 > > 0 > > 0.0 > > 0.00 > > 64.40 > > ::1 > > http/1.1 > > ns1.***com:8080 > > OPTIONS * HTTP/1.0 > > *1-0* > > 14612 > > 0/16/9058 > > _ > > 17.83 > > 13 > > 1498 > > 0.0 > > 0.02 > > 53.29 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *2-0* > > 10863 > > 0/179/9795 > > _ > > 185.14 > > 6 > > 1424 > > 0.0 > > 0.58 > > 60.32 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *3-0* > > 13127 > > 0/127/9435 > > _ > > 119.80 > > 4 > > 1419 > > 0.0 > > 0.42 > > 56.51 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *4-0* > > - > > 0/0/9187 > > . > > 0.00 > > 50 > > 0 > > 0.0 > > 0.00 > > 56.60 > > ::1 > > http/1.1 > > ns1.***.com:8080 > > OPTIONS * HTTP/1.0 > > *5-0* > > 14851 > > 0/9/8761 > > _ > > 8.95 > > 13 > > 1559 > > 0.0 > > 0.01 > > 57.90 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *6-0* > > 14852 > > 0/6/8130 > > _ > > 6.67 > > 4 > > 1482 > > 0.0 > > 0.01 > > 51.88 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *7-0* > > 14192 > > 11/57/8355 > > *K* > > 72.73 > > 0 > > 1363 > > 106.6 > > 0.44 > > 52.79 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > *8-0* > > 13067 > > 0/125/7795 > > _ > > 121.19 > > 13 > > 1759 > > 0.0 > > 0.65 > > 68.27 > > 176.***.10 > > http/1.1 > > www.***.com:8080 > > POST /wp-admin/admin-ajax.php HTTP/1.1 > > > > Apache error logs don't show anything about CPU. > > > > > > 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < > guillaume at varnish-software.com>: > > You seem to have a good hit ratio, are you seeing anything on the apache > logs that would explain the cpu usage? > > > -- > > Guillaume Quintard > > > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > > > > -- > > Stig Bakken > CTO, Zedge.net - free your phone! > > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 15:58:25 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 18:58:25 +0300 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Hi Andrei, Here are the results: T *****:56538 -> ******:8080 [AP] POST /wp-admin/admin-ajax.php HTTP/1.1. Host: *******.com. Accept-Language: tr-tr. User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d Safari/602.1. X-Requested-With: XMLHttpRequest. Accept: application/json, text/javascript, */*; q=0.01. Referer: http://******/. Content-Type: application/x-www-form-urlencoded; charset=UTF-8. Content-Length: 130. Origin: http://****.com. X-Actual-IP: 5.46.70.115. Cookie: pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 9; pps_times_showed_100=1. X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. Accept-Encoding: gzip. X-Varnish: 39754073. . mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax T *****:56652 -> ******:8080 [AP] POST /wp-admin/admin-ajax.php HTTP/1.1. Host: *****.com. Content-Length: 130. Origin: http://*****.com. X-Requested-With: XMLHttpRequest. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.19. Content-Type: application/x-www-form-urlencoded; charset=UTF-8. Accept: application/json, text/javascript, */*; q=0.01. Referer: https://www.yandex.com.tr/. Accept-Language: en-us,en. Accept-Charset: iso-8859-1,*,utf-8. X-Actual-IP: 78.173.206.179. Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 Time%29; pps_times_showed_100=2. X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. Accept-Encoding: gzip. X-Varnish: 37456291. . mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax T *****:56630 -> *****.10:8080 [AP] POST /wp-admin/admin-ajax.php HTTP/1.1. Host: *****.com. Content-Length: 130. Origin: http://*****.com. X-Requested-With: XMLHttpRequest. User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) Gecko/20100101 Firefox/46.8. Content-Type: application/x-www-form-urlencoded; charset=UTF-8. Accept: application/json, text/javascript, */*; q=0.01. Referer: https://google.com.tr/. Accept-Language: en-us,en. Accept-Charset: iso-8859-1,*,utf-8. X-Actual-IP: 46.197.96.35. Cookie: pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; pps_times_showed_100=1. X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. Accept-Encoding: gzip. X-Varnish: 35061669. Heartbeat plugin didn't fix it by the way. 2016-08-02 18:45 GMT+03:00 Andrei : > Those admin-ajax.php POST requests won't get cached, and are likely > related to WordPress heartbeats, or plugins. The quickest way to see what > those requests actually are, which will help you identify the plugin/theme > option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q > > On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry > wrote: > >> Hi, >> >> >> >> There are known CPU issues due to WordPress HearBeat API, for example, or >> misbehaving plugins. >> >> >> >> See >> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >> for example. >> >> >> >> Maybe one of your plugins has some difficulties going through varnish. >> >> >> >> If you enable debug on your browser, can you see specific calls to >> /wp-admin/admin-ajax.php that take a very long time with varnish and not >> when varnish is disabled ? >> >> >> >> Thierry >> >> >> >> *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org >> [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] *De >> la part de* Ayberk Kimsesiz >> *Envoy? :* mardi 2 ao?t 2016 15:18 >> *? :* Stig Bakken >> *Cc :* varnish-misc >> *Objet :* Re: Varnish CPU Usage >> >> >> >> I used Default.VCL in two different ways. The first with default settings >> and the second with settings customized for Wordpress (either case, the CPU >> usage increases). That is as follows: >> >> >> >> Also i couldn't find a Centos 6 installation guide for Prometheus. >> >> >> >> */* SET THE HOST AND PORT OF WORDPRESS* >> >> * * *********************************************************/* >> >> *vcl 4.0;* >> >> *import std;* >> >> >> >> *backend default {* >> >> * .host = "SERVER IP";* >> >> * .port = "8080";* >> >> * .first_byte_timeout = 60s;* >> >> * .connect_timeout = 300s;* >> >> *}* >> >> >> >> *# SET THE ALLOWED IP OF PURGE REQUESTS* >> >> *# ##########################################################* >> >> *acl purge {* >> >> * "localhost";* >> >> * "127.0.0.1";* >> >> *}* >> >> >> >> *#THE RECV FUNCTION* >> >> *# ##########################################################* >> >> *sub vcl_recv {* >> >> >> >> *# set realIP by trimming CloudFlare IP which will be used for various >> checks* >> >> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> ""); * >> >> >> >> * # FORWARD THE IP OF THE REQUEST* >> >> * if (req.restarts == 0) {* >> >> * if (req.http.x-forwarded-for) {* >> >> * set req.http.X-Forwarded-For =* >> >> * req.http.X-Forwarded-For + ", " + client.ip;* >> >> * } else {* >> >> * set req.http.X-Forwarded-For = client.ip;* >> >> * }* >> >> * }* >> >> >> >> * # Purge request check sections for hash_always_miss, purge and ban* >> >> * # BLOCK IF NOT IP is not in purge acl* >> >> * # ##########################################################* >> >> >> >> * # Enable smart refreshing using hash_always_miss* >> >> *if (req.http.Cache-Control ~ "no-cache") {* >> >> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> >> * set req.hash_always_miss = true;* >> >> * }* >> >> *}* >> >> >> >> *if (req.method == "PURGE") {* >> >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> >> * return(synth(405,"Not allowed."));* >> >> * }* >> >> * return (purge);* >> >> >> >> * }* >> >> *if (req.method == "BAN") {* >> >> * # Same ACL check as above:* >> >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ purge) {* >> >> * return(synth(403, "Not allowed."));* >> >> * }* >> >> * ban("req.http.host == " + req.http.host +* >> >> * " && req.url == " + req.url);* >> >> >> >> * # Throw a synthetic page so the* >> >> * # request won't go to the backend.* >> >> * return(synth(200, "Ban added"));* >> >> *}* >> >> >> >> *# Unset cloudflare cookies* >> >> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> >> * set req.http.Cookie = regsuball(req.http.Cookie, >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> >> * # Remove a ";" prefix, if present.* >> >> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> >> >> >> * # For Testing: If you want to test with Varnish passing (not caching) >> uncomment* >> >> * # return( pass );* >> >> >> >> * # FORWARD THE IP OF THE REQUEST* >> >> * if (req.restarts == 0) {* >> >> * if (req.http.x-forwarded-for) {* >> >> * set req.http.X-Forwarded-For =* >> >> * req.http.X-Forwarded-For + ", " + client.ip;* >> >> * } else {* >> >> * set req.http.X-Forwarded-For = client.ip;* >> >> * }* >> >> * }* >> >> >> >> *# DO NOT CACHE RSS FEED* >> >> * if (req.url ~ "/feed(/)?") {* >> >> * return ( pass ); * >> >> *}* >> >> >> >> *## Do not cache search results, comment these 3 lines if you do want to >> cache them* >> >> >> >> *if (req.url ~ "/\?s\=") {* >> >> * return ( pass ); * >> >> *}* >> >> >> >> *# CLEAN UP THE ENCODING HEADER.* >> >> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* >> >> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> >> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> >> * # ##########################################################* >> >> * if (req.http.Accept-Encoding) {* >> >> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> >> * # No point in compressing these* >> >> * unset req.http.Accept-Encoding;* >> >> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> >> * set req.http.Accept-Encoding = "gzip";* >> >> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> >> * set req.http.Accept-Encoding = "deflate";* >> >> * } else {* >> >> * # unknown algorithm* >> >> * unset req.http.Accept-Encoding;* >> >> * }* >> >> * }* >> >> >> >> * # PIPE ALL NON-STANDARD REQUESTS* >> >> * # ##########################################################* >> >> * if (req.method != "GET" &&* >> >> * req.method != "HEAD" &&* >> >> * req.method != "PUT" && * >> >> * req.method != "POST" &&* >> >> * req.method != "TRACE" &&* >> >> * req.method != "OPTIONS" &&* >> >> * req.method != "DELETE") {* >> >> * return (pipe);* >> >> * }* >> >> >> >> * # ONLY CACHE GET AND HEAD REQUESTS* >> >> * # ##########################################################* >> >> * if (req.method != "GET" && req.method != "HEAD") {* >> >> * return (pass);* >> >> * }* >> >> >> >> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> EITHER* >> >> * # COMMENT OR UNCOMMENT BOTH* >> >> * # ##########################################################* >> >> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> >> * return( pass );* >> >> * }* >> >> >> >> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> >> * # THEN UNSET THE COOKIES* >> >> * # ##########################################################* >> >> * if (!(req.url ~ "wp-(login|admin)") * >> >> * && !(req.url ~ "&preview=true" ) * >> >> * ){* >> >> * unset req.http.cookie;* >> >> * }* >> >> >> >> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> >> * # ##########################################################* >> >> * if (req.http.Authorization || req.http.Cookie) {* >> >> * return (pass);* >> >> * }* >> >> >> >> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> >> * # ##########################################################* >> >> * return (hash);* >> >> * # This is for phpmyadmin* >> >> *if (req.http.Host == "ki1.org ") {* >> >> *return (pass);* >> >> *}* >> >> >> >> *if (req.http.Host == "mysql.ki1.org ") {* >> >> *return (pass);* >> >> *}* >> >> >> >> *}* >> >> >> >> *# HIT FUNCTION* >> >> *# ##########################################################* >> >> *sub vcl_hit {* >> >> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> >> * # ##########################################################* >> >> * if (req.method == "PURGE") {* >> >> * #* >> >> * # This is now handled in vcl_recv.* >> >> * #* >> >> * # purge;* >> >> * return (synth(200, "Purged."));* >> >> * }* >> >> * return (deliver);* >> >> *}* >> >> >> >> *# MISS FUNCTION* >> >> *# ##########################################################* >> >> *sub vcl_miss {* >> >> * if (req.method == "PURGE") {* >> >> * #* >> >> * # This is now handled in vcl_recv.* >> >> * #* >> >> * # purge;* >> >> * return (synth(200, "Purged."));* >> >> * }* >> >> * return (fetch);* >> >> *}* >> >> >> >> *# FETCH FUNCTION* >> >> *# ##########################################################* >> >> *sub vcl_backend_response {* >> >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> >> * # TO DO THIS* >> >> * # ##########################################################* >> >> * set beresp.http.Vary = "Accept-Encoding";* >> >> >> >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> >> * # ##########################################################* >> >> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> "wordpress_logged_in" ) {* >> >> * unset beresp.http.set-cookie;* >> >> * set beresp.ttl = 52w;* >> >> *# set beresp.grace =1w;* >> >> * }* >> >> >> >> * if (beresp.ttl <= 0s ||* >> >> * beresp.http.Set-Cookie ||* >> >> * beresp.http.Vary == "*") {* >> >> * set beresp.ttl = 120 s;* >> >> * # set beresp.ttl = 120s;* >> >> * set beresp.uncacheable = true;* >> >> * return (deliver);* >> >> * }* >> >> >> >> * return (deliver);* >> >> *}* >> >> >> >> *# DELIVER FUNCTION* >> >> *# ##########################################################* >> >> *sub vcl_deliver {* >> >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> >> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> >> * # ##########################################################* >> >> * if (obj.hits > 0) {* >> >> * set resp.http.X-Cache = "HIT";* >> >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> >> * # ##########################################################* >> >> * } else {* >> >> * set resp.http.X-Cache = "MISS";* >> >> * }* >> >> *}* >> >> >> >> >> >> >> >> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >> >> Could it be that Varnish is not caching those POST requests, and that >> they are what makes Apache consume a lot of CPU? >> >> >> >> On MPMs: with PHP prefork is the safest choice, and it will work just >> fine as long as you have a reasonable config, especially since you have >> Varnish in front offloading the job of shuffling bytes back to the users. >> >> >> >> If I were you I'd try to get more data on which requests take a long >> time, some variant of "varnishncsa -F %D".. >> >> >> >> If you're into using Prometheus for metrics, you can try out this >> exporter which will give you a lot of insight into which requests take a >> long time to process: https://github.com/stigsb/varnish_request_exporter >> (Prometheus is awesome!) >> >> >> >> - Stig >> >> >> >> >> >> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >> Hi, >> >> >> >> *CPU Monitor: * >> >> >> >> http://i.imgur.com/5KT1xRu.jpg >> >> >> >> *Apache status:* >> >> >> >> *Srv* >> >> *PID* >> >> *Acc* >> >> *M* >> >> *CPU* >> >> *SS* >> >> *Req* >> >> *Conn* >> >> *Child* >> >> *Slot* >> >> *Client* >> >> *Protocol* >> >> *VHost* >> >> *Request* >> >> *0-0* >> >> - >> >> 0/0/9766 >> >> . >> >> 134.59 >> >> 37 >> >> 0 >> >> 0.0 >> >> 0.00 >> >> 64.40 >> >> ::1 >> >> http/1.1 >> >> ns1.***com:8080 >> >> OPTIONS * HTTP/1.0 >> >> *1-0* >> >> 14612 >> >> 0/16/9058 >> >> _ >> >> 17.83 >> >> 13 >> >> 1498 >> >> 0.0 >> >> 0.02 >> >> 53.29 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *2-0* >> >> 10863 >> >> 0/179/9795 >> >> _ >> >> 185.14 >> >> 6 >> >> 1424 >> >> 0.0 >> >> 0.58 >> >> 60.32 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *3-0* >> >> 13127 >> >> 0/127/9435 >> >> _ >> >> 119.80 >> >> 4 >> >> 1419 >> >> 0.0 >> >> 0.42 >> >> 56.51 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *4-0* >> >> - >> >> 0/0/9187 >> >> . >> >> 0.00 >> >> 50 >> >> 0 >> >> 0.0 >> >> 0.00 >> >> 56.60 >> >> ::1 >> >> http/1.1 >> >> ns1.***.com:8080 >> >> OPTIONS * HTTP/1.0 >> >> *5-0* >> >> 14851 >> >> 0/9/8761 >> >> _ >> >> 8.95 >> >> 13 >> >> 1559 >> >> 0.0 >> >> 0.01 >> >> 57.90 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *6-0* >> >> 14852 >> >> 0/6/8130 >> >> _ >> >> 6.67 >> >> 4 >> >> 1482 >> >> 0.0 >> >> 0.01 >> >> 51.88 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *7-0* >> >> 14192 >> >> 11/57/8355 >> >> *K* >> >> 72.73 >> >> 0 >> >> 1363 >> >> 106.6 >> >> 0.44 >> >> 52.79 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> *8-0* >> >> 13067 >> >> 0/125/7795 >> >> _ >> >> 121.19 >> >> 13 >> >> 1759 >> >> 0.0 >> >> 0.65 >> >> 68.27 >> >> 176.***.10 >> >> http/1.1 >> >> www.***.com:8080 >> >> POST /wp-admin/admin-ajax.php HTTP/1.1 >> >> >> >> Apache error logs don't show anything about CPU. >> >> >> >> >> >> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >> guillaume at varnish-software.com>: >> >> You seem to have a good hit ratio, are you seeing anything on the apache >> logs that would explain the cpu usage? >> >> >> -- >> >> Guillaume Quintard >> >> >> >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >> >> >> >> >> -- >> >> Stig Bakken >> CTO, Zedge.net - free your phone! >> >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 16:20:29 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 11:20:29 -0500 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Ok now just type the following from the wp docroot to find your culprit: egrep -Rn 'sm_type|is_unique|connect_hash|reqType' wp-content/{plugins,themes} On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz wrote: > Hi Andrei, > > Here are the results: > > T *****:56538 -> ******:8080 [AP] > POST /wp-admin/admin-ajax.php HTTP/1.1. > Host: *******.com. > Accept-Language: tr-tr. > User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) > AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d > Safari/602.1. > X-Requested-With: XMLHttpRequest. > Accept: application/json, text/javascript, */*; q=0.01. > Referer: http://******/. > Content-Type: application/x-www-form-urlencoded; charset=UTF-8. > Content-Length: 130. > Origin: http://****.com. > X-Actual-IP: 5.46.70.115. > Cookie: > pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 > 9; > pps_times_showed_100=1. > X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. > Accept-Encoding: gzip. > X-Varnish: 39754073. > . > mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 > > 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax > > > > T *****:56652 -> ******:8080 [AP] > POST /wp-admin/admin-ajax.php HTTP/1.1. > Host: *****.com. > Content-Length: 130. > Origin: http://*****.com. > X-Requested-With: XMLHttpRequest. > User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) > Gecko/20100101 Firefox/46.19. > Content-Type: application/x-www-form-urlencoded; charset=UTF-8. > Accept: application/json, text/javascript, */*; q=0.01. > Referer: https://www.yandex.com.tr/. > Accept-Language: en-us,en. > Accept-Charset: iso-8859-1,*,utf-8. > X-Actual-IP: 78.173.206.179. > Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; > pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 > Time%29; pps_times_showed_100=2. > X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. > Accept-Encoding: gzip. > X-Varnish: 37456291. > . > > mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax > > > T *****:56630 -> *****.10:8080 [AP] > POST /wp-admin/admin-ajax.php HTTP/1.1. > Host: *****.com. > Content-Length: 130. > Origin: http://*****.com. > X-Requested-With: XMLHttpRequest. > User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) > Gecko/20100101 Firefox/46.8. > Content-Type: application/x-www-form-urlencoded; charset=UTF-8. > Accept: application/json, text/javascript, */*; q=0.01. > Referer: https://google.com.tr/. > Accept-Language: en-us,en. > Accept-Charset: iso-8859-1,*,utf-8. > X-Actual-IP: 46.197.96.35. > Cookie: > pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; > pps_times_showed_100=1. > X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. > Accept-Encoding: gzip. > X-Varnish: 35061669. > > Heartbeat plugin didn't fix it by the way. > > 2016-08-02 18:45 GMT+03:00 Andrei : > >> Those admin-ajax.php POST requests won't get cached, and are likely >> related to WordPress heartbeats, or plugins. The quickest way to see what >> those requests actually are, which will help you identify the plugin/theme >> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >> >> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry > > wrote: >> >>> Hi, >>> >>> >>> >>> There are known CPU issues due to WordPress HearBeat API, for example, >>> or misbehaving plugins. >>> >>> >>> >>> See >>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>> for example. >>> >>> >>> >>> Maybe one of your plugins has some difficulties going through varnish. >>> >>> >>> >>> If you enable debug on your browser, can you see specific calls to >>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>> when varnish is disabled ? >>> >>> >>> >>> Thierry >>> >>> >>> >>> *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org >>> [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] *De >>> la part de* Ayberk Kimsesiz >>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>> *? :* Stig Bakken >>> *Cc :* varnish-misc >>> *Objet :* Re: Varnish CPU Usage >>> >>> >>> >>> I used Default.VCL in two different ways. The first with default >>> settings and the second with settings customized for Wordpress (either >>> case, the CPU usage increases). That is as follows: >>> >>> >>> >>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>> >>> >>> >>> */* SET THE HOST AND PORT OF WORDPRESS* >>> >>> * * *********************************************************/* >>> >>> *vcl 4.0;* >>> >>> *import std;* >>> >>> >>> >>> *backend default {* >>> >>> * .host = "SERVER IP";* >>> >>> * .port = "8080";* >>> >>> * .first_byte_timeout = 60s;* >>> >>> * .connect_timeout = 300s;* >>> >>> *}* >>> >>> >>> >>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>> >>> *# ##########################################################* >>> >>> *acl purge {* >>> >>> * "localhost";* >>> >>> * "127.0.0.1";* >>> >>> *}* >>> >>> >>> >>> *#THE RECV FUNCTION* >>> >>> *# ##########################################################* >>> >>> *sub vcl_recv {* >>> >>> >>> >>> *# set realIP by trimming CloudFlare IP which will be used for various >>> checks* >>> >>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>> ""); * >>> >>> >>> >>> * # FORWARD THE IP OF THE REQUEST* >>> >>> * if (req.restarts == 0) {* >>> >>> * if (req.http.x-forwarded-for) {* >>> >>> * set req.http.X-Forwarded-For =* >>> >>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>> * } else {* >>> >>> * set req.http.X-Forwarded-For = client.ip;* >>> >>> * }* >>> >>> * }* >>> >>> >>> >>> * # Purge request check sections for hash_always_miss, purge and ban* >>> >>> * # BLOCK IF NOT IP is not in purge acl* >>> >>> * # ##########################################################* >>> >>> >>> >>> * # Enable smart refreshing using hash_always_miss* >>> >>> *if (req.http.Cache-Control ~ "no-cache") {* >>> >>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>> purge) {* >>> >>> * set req.hash_always_miss = true;* >>> >>> * }* >>> >>> *}* >>> >>> >>> >>> *if (req.method == "PURGE") {* >>> >>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>> ~ purge) {* >>> >>> * return(synth(405,"Not allowed."));* >>> >>> * }* >>> >>> * return (purge);* >>> >>> >>> >>> * }* >>> >>> *if (req.method == "BAN") {* >>> >>> * # Same ACL check as above:* >>> >>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ purge) {* >>> >>> * return(synth(403, "Not allowed."));* >>> >>> * }* >>> >>> * ban("req.http.host == " + req.http.host +* >>> >>> * " && req.url == " + req.url);* >>> >>> >>> >>> * # Throw a synthetic page so the* >>> >>> * # request won't go to the backend.* >>> >>> * return(synth(200, "Ban added"));* >>> >>> *}* >>> >>> >>> >>> *# Unset cloudflare cookies* >>> >>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>> >>> * set req.http.Cookie = regsuball(req.http.Cookie, >>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>> >>> * # Remove a ";" prefix, if present.* >>> >>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>> >>> >>> >>> * # For Testing: If you want to test with Varnish passing (not caching) >>> uncomment* >>> >>> * # return( pass );* >>> >>> >>> >>> * # FORWARD THE IP OF THE REQUEST* >>> >>> * if (req.restarts == 0) {* >>> >>> * if (req.http.x-forwarded-for) {* >>> >>> * set req.http.X-Forwarded-For =* >>> >>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>> * } else {* >>> >>> * set req.http.X-Forwarded-For = client.ip;* >>> >>> * }* >>> >>> * }* >>> >>> >>> >>> *# DO NOT CACHE RSS FEED* >>> >>> * if (req.url ~ "/feed(/)?") {* >>> >>> * return ( pass ); * >>> >>> *}* >>> >>> >>> >>> *## Do not cache search results, comment these 3 lines if you do want to >>> cache them* >>> >>> >>> >>> *if (req.url ~ "/\?s\=") {* >>> >>> * return ( pass ); * >>> >>> *}* >>> >>> >>> >>> *# CLEAN UP THE ENCODING HEADER.* >>> >>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING* >>> >>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>> >>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>> >>> * # ##########################################################* >>> >>> * if (req.http.Accept-Encoding) {* >>> >>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>> >>> * # No point in compressing these* >>> >>> * unset req.http.Accept-Encoding;* >>> >>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>> >>> * set req.http.Accept-Encoding = "gzip";* >>> >>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>> >>> * set req.http.Accept-Encoding = "deflate";* >>> >>> * } else {* >>> >>> * # unknown algorithm* >>> >>> * unset req.http.Accept-Encoding;* >>> >>> * }* >>> >>> * }* >>> >>> >>> >>> * # PIPE ALL NON-STANDARD REQUESTS* >>> >>> * # ##########################################################* >>> >>> * if (req.method != "GET" &&* >>> >>> * req.method != "HEAD" &&* >>> >>> * req.method != "PUT" && * >>> >>> * req.method != "POST" &&* >>> >>> * req.method != "TRACE" &&* >>> >>> * req.method != "OPTIONS" &&* >>> >>> * req.method != "DELETE") {* >>> >>> * return (pipe);* >>> >>> * }* >>> >>> >>> >>> * # ONLY CACHE GET AND HEAD REQUESTS* >>> >>> * # ##########################################################* >>> >>> * if (req.method != "GET" && req.method != "HEAD") {* >>> >>> * return (pass);* >>> >>> * }* >>> >>> >>> >>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>> EITHER* >>> >>> * # COMMENT OR UNCOMMENT BOTH* >>> >>> * # ##########################################################* >>> >>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>> >>> * return( pass );* >>> >>> * }* >>> >>> >>> >>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>> >>> * # THEN UNSET THE COOKIES* >>> >>> * # ##########################################################* >>> >>> * if (!(req.url ~ "wp-(login|admin)") * >>> >>> * && !(req.url ~ "&preview=true" ) * >>> >>> * ){* >>> >>> * unset req.http.cookie;* >>> >>> * }* >>> >>> >>> >>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>> >>> * # ##########################################################* >>> >>> * if (req.http.Authorization || req.http.Cookie) {* >>> >>> * return (pass);* >>> >>> * }* >>> >>> >>> >>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>> >>> * # ##########################################################* >>> >>> * return (hash);* >>> >>> * # This is for phpmyadmin* >>> >>> *if (req.http.Host == "ki1.org ") {* >>> >>> *return (pass);* >>> >>> *}* >>> >>> >>> >>> *if (req.http.Host == "mysql.ki1.org ") {* >>> >>> *return (pass);* >>> >>> *}* >>> >>> >>> >>> *}* >>> >>> >>> >>> *# HIT FUNCTION* >>> >>> *# ##########################################################* >>> >>> *sub vcl_hit {* >>> >>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>> >>> * # ##########################################################* >>> >>> * if (req.method == "PURGE") {* >>> >>> * #* >>> >>> * # This is now handled in vcl_recv.* >>> >>> * #* >>> >>> * # purge;* >>> >>> * return (synth(200, "Purged."));* >>> >>> * }* >>> >>> * return (deliver);* >>> >>> *}* >>> >>> >>> >>> *# MISS FUNCTION* >>> >>> *# ##########################################################* >>> >>> *sub vcl_miss {* >>> >>> * if (req.method == "PURGE") {* >>> >>> * #* >>> >>> * # This is now handled in vcl_recv.* >>> >>> * #* >>> >>> * # purge;* >>> >>> * return (synth(200, "Purged."));* >>> >>> * }* >>> >>> * return (fetch);* >>> >>> *}* >>> >>> >>> >>> *# FETCH FUNCTION* >>> >>> *# ##########################################################* >>> >>> *sub vcl_backend_response {* >>> >>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> >>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> >>> * # TO DO THIS* >>> >>> * # ##########################################################* >>> >>> * set beresp.http.Vary = "Accept-Encoding";* >>> >>> >>> >>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> >>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> >>> * # ##########################################################* >>> >>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> "wordpress_logged_in" ) {* >>> >>> * unset beresp.http.set-cookie;* >>> >>> * set beresp.ttl = 52w;* >>> >>> *# set beresp.grace =1w;* >>> >>> * }* >>> >>> >>> >>> * if (beresp.ttl <= 0s ||* >>> >>> * beresp.http.Set-Cookie ||* >>> >>> * beresp.http.Vary == "*") {* >>> >>> * set beresp.ttl = 120 s;* >>> >>> * # set beresp.ttl = 120s;* >>> >>> * set beresp.uncacheable = true;* >>> >>> * return (deliver);* >>> >>> * }* >>> >>> >>> >>> * return (deliver);* >>> >>> *}* >>> >>> >>> >>> *# DELIVER FUNCTION* >>> >>> *# ##########################################################* >>> >>> *sub vcl_deliver {* >>> >>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> >>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> >>> * # ##########################################################* >>> >>> * if (obj.hits > 0) {* >>> >>> * set resp.http.X-Cache = "HIT";* >>> >>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> >>> * # ##########################################################* >>> >>> * } else {* >>> >>> * set resp.http.X-Cache = "MISS";* >>> >>> * }* >>> >>> *}* >>> >>> >>> >>> >>> >>> >>> >>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>> >>> Could it be that Varnish is not caching those POST requests, and that >>> they are what makes Apache consume a lot of CPU? >>> >>> >>> >>> On MPMs: with PHP prefork is the safest choice, and it will work just >>> fine as long as you have a reasonable config, especially since you have >>> Varnish in front offloading the job of shuffling bytes back to the users. >>> >>> >>> >>> If I were you I'd try to get more data on which requests take a long >>> time, some variant of "varnishncsa -F %D".. >>> >>> >>> >>> If you're into using Prometheus for metrics, you can try out this >>> exporter which will give you a lot of insight into which requests take a >>> long time to process: https://github.com/stigsb/varnish_request_exporter >>> (Prometheus is awesome!) >>> >>> >>> >>> - Stig >>> >>> >>> >>> >>> >>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>> Hi, >>> >>> >>> >>> *CPU Monitor: * >>> >>> >>> >>> http://i.imgur.com/5KT1xRu.jpg >>> >>> >>> >>> *Apache status:* >>> >>> >>> >>> *Srv* >>> >>> *PID* >>> >>> *Acc* >>> >>> *M* >>> >>> *CPU* >>> >>> *SS* >>> >>> *Req* >>> >>> *Conn* >>> >>> *Child* >>> >>> *Slot* >>> >>> *Client* >>> >>> *Protocol* >>> >>> *VHost* >>> >>> *Request* >>> >>> *0-0* >>> >>> - >>> >>> 0/0/9766 >>> >>> . >>> >>> 134.59 >>> >>> 37 >>> >>> 0 >>> >>> 0.0 >>> >>> 0.00 >>> >>> 64.40 >>> >>> ::1 >>> >>> http/1.1 >>> >>> ns1.***com:8080 >>> >>> OPTIONS * HTTP/1.0 >>> >>> *1-0* >>> >>> 14612 >>> >>> 0/16/9058 >>> >>> _ >>> >>> 17.83 >>> >>> 13 >>> >>> 1498 >>> >>> 0.0 >>> >>> 0.02 >>> >>> 53.29 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *2-0* >>> >>> 10863 >>> >>> 0/179/9795 >>> >>> _ >>> >>> 185.14 >>> >>> 6 >>> >>> 1424 >>> >>> 0.0 >>> >>> 0.58 >>> >>> 60.32 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *3-0* >>> >>> 13127 >>> >>> 0/127/9435 >>> >>> _ >>> >>> 119.80 >>> >>> 4 >>> >>> 1419 >>> >>> 0.0 >>> >>> 0.42 >>> >>> 56.51 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *4-0* >>> >>> - >>> >>> 0/0/9187 >>> >>> . >>> >>> 0.00 >>> >>> 50 >>> >>> 0 >>> >>> 0.0 >>> >>> 0.00 >>> >>> 56.60 >>> >>> ::1 >>> >>> http/1.1 >>> >>> ns1.***.com:8080 >>> >>> OPTIONS * HTTP/1.0 >>> >>> *5-0* >>> >>> 14851 >>> >>> 0/9/8761 >>> >>> _ >>> >>> 8.95 >>> >>> 13 >>> >>> 1559 >>> >>> 0.0 >>> >>> 0.01 >>> >>> 57.90 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *6-0* >>> >>> 14852 >>> >>> 0/6/8130 >>> >>> _ >>> >>> 6.67 >>> >>> 4 >>> >>> 1482 >>> >>> 0.0 >>> >>> 0.01 >>> >>> 51.88 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *7-0* >>> >>> 14192 >>> >>> 11/57/8355 >>> >>> *K* >>> >>> 72.73 >>> >>> 0 >>> >>> 1363 >>> >>> 106.6 >>> >>> 0.44 >>> >>> 52.79 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> *8-0* >>> >>> 13067 >>> >>> 0/125/7795 >>> >>> _ >>> >>> 121.19 >>> >>> 13 >>> >>> 1759 >>> >>> 0.0 >>> >>> 0.65 >>> >>> 68.27 >>> >>> 176.***.10 >>> >>> http/1.1 >>> >>> www.***.com:8080 >>> >>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>> >>> >>> >>> Apache error logs don't show anything about CPU. >>> >>> >>> >>> >>> >>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>> guillaume at varnish-software.com>: >>> >>> You seem to have a good hit ratio, are you seeing anything on the apache >>> logs that would explain the cpu usage? >>> >>> >>> -- >>> >>> Guillaume Quintard >>> >>> >>> >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>> >>> >>> >>> >>> -- >>> >>> Stig Bakken >>> CTO, Zedge.net - free your phone! >>> >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 16:39:22 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 19:39:22 +0300 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: I'm getting "*no such file or directory*" error. 2016-08-02 19:20 GMT+03:00 Andrei : > Ok now just type the following from the wp docroot to find your culprit: > egrep -Rn 'sm_type|is_unique|connect_hash|reqType' > wp-content/{plugins,themes} > > On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > >> Hi Andrei, >> >> Here are the results: >> >> T *****:56538 -> ******:8080 [AP] >> POST /wp-admin/admin-ajax.php HTTP/1.1. >> Host: *******.com. >> Accept-Language: tr-tr. >> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) >> AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d >> Safari/602.1. >> X-Requested-With: XMLHttpRequest. >> Accept: application/json, text/javascript, */*; q=0.01. >> Referer: http://******/. >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >> Content-Length: 130. >> Origin: http://****.com. >> X-Actual-IP: 5.46.70.115. >> Cookie: >> pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 >> 9; >> pps_times_showed_100=1. >> X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. >> Accept-Encoding: gzip. >> X-Varnish: 39754073. >> . >> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 >> >> 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >> >> >> >> T *****:56652 -> ******:8080 [AP] >> POST /wp-admin/admin-ajax.php HTTP/1.1. >> Host: *****.com. >> Content-Length: 130. >> Origin: http://*****.com. >> X-Requested-With: XMLHttpRequest. >> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >> Gecko/20100101 Firefox/46.19. >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >> Accept: application/json, text/javascript, */*; q=0.01. >> Referer: https://www.yandex.com.tr/. >> Accept-Language: en-us,en. >> Accept-Charset: iso-8859-1,*,utf-8. >> X-Actual-IP: 78.173.206.179. >> Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; >> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 >> Time%29; pps_times_showed_100=2. >> X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. >> Accept-Encoding: gzip. >> X-Varnish: 37456291. >> . >> >> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >> >> >> T *****:56630 -> *****.10:8080 [AP] >> POST /wp-admin/admin-ajax.php HTTP/1.1. >> Host: *****.com. >> Content-Length: 130. >> Origin: http://*****.com. >> X-Requested-With: XMLHttpRequest. >> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >> Gecko/20100101 Firefox/46.8. >> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >> Accept: application/json, text/javascript, */*; q=0.01. >> Referer: https://google.com.tr/. >> Accept-Language: en-us,en. >> Accept-Charset: iso-8859-1,*,utf-8. >> X-Actual-IP: 46.197.96.35. >> Cookie: >> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; >> pps_times_showed_100=1. >> X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. >> Accept-Encoding: gzip. >> X-Varnish: 35061669. >> >> Heartbeat plugin didn't fix it by the way. >> >> 2016-08-02 18:45 GMT+03:00 Andrei : >> >>> Those admin-ajax.php POST requests won't get cached, and are likely >>> related to WordPress heartbeats, or plugins. The quickest way to see what >>> those requests actually are, which will help you identify the plugin/theme >>> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >>> >>> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry < >>> thierry.magnien at sfr.com> wrote: >>> >>>> Hi, >>>> >>>> >>>> >>>> There are known CPU issues due to WordPress HearBeat API, for example, >>>> or misbehaving plugins. >>>> >>>> >>>> >>>> See >>>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>>> for example. >>>> >>>> >>>> >>>> Maybe one of your plugins has some difficulties going through varnish. >>>> >>>> >>>> >>>> If you enable debug on your browser, can you see specific calls to >>>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>>> when varnish is disabled ? >>>> >>>> >>>> >>>> Thierry >>>> >>>> >>>> >>>> *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org >>>> [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] >>>> *De la part de* Ayberk Kimsesiz >>>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>>> *? :* Stig Bakken >>>> *Cc :* varnish-misc >>>> *Objet :* Re: Varnish CPU Usage >>>> >>>> >>>> >>>> I used Default.VCL in two different ways. The first with default >>>> settings and the second with settings customized for Wordpress (either >>>> case, the CPU usage increases). That is as follows: >>>> >>>> >>>> >>>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>>> >>>> >>>> >>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>> >>>> * * *********************************************************/* >>>> >>>> *vcl 4.0;* >>>> >>>> *import std;* >>>> >>>> >>>> >>>> *backend default {* >>>> >>>> * .host = "SERVER IP";* >>>> >>>> * .port = "8080";* >>>> >>>> * .first_byte_timeout = 60s;* >>>> >>>> * .connect_timeout = 300s;* >>>> >>>> *}* >>>> >>>> >>>> >>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>> >>>> *# ##########################################################* >>>> >>>> *acl purge {* >>>> >>>> * "localhost";* >>>> >>>> * "127.0.0.1";* >>>> >>>> *}* >>>> >>>> >>>> >>>> *#THE RECV FUNCTION* >>>> >>>> *# ##########################################################* >>>> >>>> *sub vcl_recv {* >>>> >>>> >>>> >>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>> checks* >>>> >>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>>> ""); * >>>> >>>> >>>> >>>> * # FORWARD THE IP OF THE REQUEST* >>>> >>>> * if (req.restarts == 0) {* >>>> >>>> * if (req.http.x-forwarded-for) {* >>>> >>>> * set req.http.X-Forwarded-For =* >>>> >>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>> * } else {* >>>> >>>> * set req.http.X-Forwarded-For = client.ip;* >>>> >>>> * }* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>> >>>> * # BLOCK IF NOT IP is not in purge acl* >>>> >>>> * # ##########################################################* >>>> >>>> >>>> >>>> * # Enable smart refreshing using hash_always_miss* >>>> >>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>> >>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>> ~ purge) {* >>>> >>>> * set req.hash_always_miss = true;* >>>> >>>> * }* >>>> >>>> *}* >>>> >>>> >>>> >>>> *if (req.method == "PURGE") {* >>>> >>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>> ~ purge) {* >>>> >>>> * return(synth(405,"Not allowed."));* >>>> >>>> * }* >>>> >>>> * return (purge);* >>>> >>>> >>>> >>>> * }* >>>> >>>> *if (req.method == "BAN") {* >>>> >>>> * # Same ACL check as above:* >>>> >>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ purge) {* >>>> >>>> * return(synth(403, "Not allowed."));* >>>> >>>> * }* >>>> >>>> * ban("req.http.host == " + req.http.host +* >>>> >>>> * " && req.url == " + req.url);* >>>> >>>> >>>> >>>> * # Throw a synthetic page so the* >>>> >>>> * # request won't go to the backend.* >>>> >>>> * return(synth(200, "Ban added"));* >>>> >>>> *}* >>>> >>>> >>>> >>>> *# Unset cloudflare cookies* >>>> >>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>> >>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>> >>>> * # Remove a ";" prefix, if present.* >>>> >>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>> >>>> >>>> >>>> * # For Testing: If you want to test with Varnish passing (not >>>> caching) uncomment* >>>> >>>> * # return( pass );* >>>> >>>> >>>> >>>> * # FORWARD THE IP OF THE REQUEST* >>>> >>>> * if (req.restarts == 0) {* >>>> >>>> * if (req.http.x-forwarded-for) {* >>>> >>>> * set req.http.X-Forwarded-For =* >>>> >>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>> * } else {* >>>> >>>> * set req.http.X-Forwarded-For = client.ip;* >>>> >>>> * }* >>>> >>>> * }* >>>> >>>> >>>> >>>> *# DO NOT CACHE RSS FEED* >>>> >>>> * if (req.url ~ "/feed(/)?") {* >>>> >>>> * return ( pass ); * >>>> >>>> *}* >>>> >>>> >>>> >>>> *## Do not cache search results, comment these 3 lines if you do want >>>> to cache them* >>>> >>>> >>>> >>>> *if (req.url ~ "/\?s\=") {* >>>> >>>> * return ( pass ); * >>>> >>>> *}* >>>> >>>> >>>> >>>> *# CLEAN UP THE ENCODING HEADER.* >>>> >>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING* >>>> >>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>> >>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>> >>>> * # ##########################################################* >>>> >>>> * if (req.http.Accept-Encoding) {* >>>> >>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>> >>>> * # No point in compressing these* >>>> >>>> * unset req.http.Accept-Encoding;* >>>> >>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>> >>>> * set req.http.Accept-Encoding = "gzip";* >>>> >>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>> >>>> * set req.http.Accept-Encoding = "deflate";* >>>> >>>> * } else {* >>>> >>>> * # unknown algorithm* >>>> >>>> * unset req.http.Accept-Encoding;* >>>> >>>> * }* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>> >>>> * # ##########################################################* >>>> >>>> * if (req.method != "GET" &&* >>>> >>>> * req.method != "HEAD" &&* >>>> >>>> * req.method != "PUT" && * >>>> >>>> * req.method != "POST" &&* >>>> >>>> * req.method != "TRACE" &&* >>>> >>>> * req.method != "OPTIONS" &&* >>>> >>>> * req.method != "DELETE") {* >>>> >>>> * return (pipe);* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>> >>>> * # ##########################################################* >>>> >>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>> >>>> * return (pass);* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>> EITHER* >>>> >>>> * # COMMENT OR UNCOMMENT BOTH* >>>> >>>> * # ##########################################################* >>>> >>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>> >>>> * return( pass );* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>> >>>> * # THEN UNSET THE COOKIES* >>>> >>>> * # ##########################################################* >>>> >>>> * if (!(req.url ~ "wp-(login|admin)") * >>>> >>>> * && !(req.url ~ "&preview=true" ) * >>>> >>>> * ){* >>>> >>>> * unset req.http.cookie;* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>> >>>> * # ##########################################################* >>>> >>>> * if (req.http.Authorization || req.http.Cookie) {* >>>> >>>> * return (pass);* >>>> >>>> * }* >>>> >>>> >>>> >>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>> >>>> * # ##########################################################* >>>> >>>> * return (hash);* >>>> >>>> * # This is for phpmyadmin* >>>> >>>> *if (req.http.Host == "ki1.org ") {* >>>> >>>> *return (pass);* >>>> >>>> *}* >>>> >>>> >>>> >>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>> >>>> *return (pass);* >>>> >>>> *}* >>>> >>>> >>>> >>>> *}* >>>> >>>> >>>> >>>> *# HIT FUNCTION* >>>> >>>> *# ##########################################################* >>>> >>>> *sub vcl_hit {* >>>> >>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>> >>>> * # ##########################################################* >>>> >>>> * if (req.method == "PURGE") {* >>>> >>>> * #* >>>> >>>> * # This is now handled in vcl_recv.* >>>> >>>> * #* >>>> >>>> * # purge;* >>>> >>>> * return (synth(200, "Purged."));* >>>> >>>> * }* >>>> >>>> * return (deliver);* >>>> >>>> *}* >>>> >>>> >>>> >>>> *# MISS FUNCTION* >>>> >>>> *# ##########################################################* >>>> >>>> *sub vcl_miss {* >>>> >>>> * if (req.method == "PURGE") {* >>>> >>>> * #* >>>> >>>> * # This is now handled in vcl_recv.* >>>> >>>> * #* >>>> >>>> * # purge;* >>>> >>>> * return (synth(200, "Purged."));* >>>> >>>> * }* >>>> >>>> * return (fetch);* >>>> >>>> *}* >>>> >>>> >>>> >>>> *# FETCH FUNCTION* >>>> >>>> *# ##########################################################* >>>> >>>> *sub vcl_backend_response {* >>>> >>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> >>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> >>>> * # TO DO THIS* >>>> >>>> * # ##########################################################* >>>> >>>> * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>> >>>> >>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> >>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> >>>> * # ##########################################################* >>>> >>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> "wordpress_logged_in" ) {* >>>> >>>> * unset beresp.http.set-cookie;* >>>> >>>> * set beresp.ttl = 52w;* >>>> >>>> *# set beresp.grace =1w;* >>>> >>>> * }* >>>> >>>> >>>> >>>> * if (beresp.ttl <= 0s ||* >>>> >>>> * beresp.http.Set-Cookie ||* >>>> >>>> * beresp.http.Vary == "*") {* >>>> >>>> * set beresp.ttl = 120 s;* >>>> >>>> * # set beresp.ttl = 120s;* >>>> >>>> * set beresp.uncacheable = true;* >>>> >>>> * return (deliver);* >>>> >>>> * }* >>>> >>>> >>>> >>>> * return (deliver);* >>>> >>>> *}* >>>> >>>> >>>> >>>> *# DELIVER FUNCTION* >>>> >>>> *# ##########################################################* >>>> >>>> *sub vcl_deliver {* >>>> >>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> >>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> >>>> * # ##########################################################* >>>> >>>> * if (obj.hits > 0) {* >>>> >>>> * set resp.http.X-Cache = "HIT";* >>>> >>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> >>>> * # ##########################################################* >>>> >>>> * } else {* >>>> >>>> * set resp.http.X-Cache = "MISS";* >>>> >>>> * }* >>>> >>>> *}* >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>>> >>>> Could it be that Varnish is not caching those POST requests, and that >>>> they are what makes Apache consume a lot of CPU? >>>> >>>> >>>> >>>> On MPMs: with PHP prefork is the safest choice, and it will work just >>>> fine as long as you have a reasonable config, especially since you have >>>> Varnish in front offloading the job of shuffling bytes back to the users. >>>> >>>> >>>> >>>> If I were you I'd try to get more data on which requests take a long >>>> time, some variant of "varnishncsa -F %D".. >>>> >>>> >>>> >>>> If you're into using Prometheus for metrics, you can try out this >>>> exporter which will give you a lot of insight into which requests take a >>>> long time to process: >>>> https://github.com/stigsb/varnish_request_exporter (Prometheus is >>>> awesome!) >>>> >>>> >>>> >>>> - Stig >>>> >>>> >>>> >>>> >>>> >>>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>> Hi, >>>> >>>> >>>> >>>> *CPU Monitor: * >>>> >>>> >>>> >>>> http://i.imgur.com/5KT1xRu.jpg >>>> >>>> >>>> >>>> *Apache status:* >>>> >>>> >>>> >>>> *Srv* >>>> >>>> *PID* >>>> >>>> *Acc* >>>> >>>> *M* >>>> >>>> *CPU* >>>> >>>> *SS* >>>> >>>> *Req* >>>> >>>> *Conn* >>>> >>>> *Child* >>>> >>>> *Slot* >>>> >>>> *Client* >>>> >>>> *Protocol* >>>> >>>> *VHost* >>>> >>>> *Request* >>>> >>>> *0-0* >>>> >>>> - >>>> >>>> 0/0/9766 >>>> >>>> . >>>> >>>> 134.59 >>>> >>>> 37 >>>> >>>> 0 >>>> >>>> 0.0 >>>> >>>> 0.00 >>>> >>>> 64.40 >>>> >>>> ::1 >>>> >>>> http/1.1 >>>> >>>> ns1.***com:8080 >>>> >>>> OPTIONS * HTTP/1.0 >>>> >>>> *1-0* >>>> >>>> 14612 >>>> >>>> 0/16/9058 >>>> >>>> _ >>>> >>>> 17.83 >>>> >>>> 13 >>>> >>>> 1498 >>>> >>>> 0.0 >>>> >>>> 0.02 >>>> >>>> 53.29 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *2-0* >>>> >>>> 10863 >>>> >>>> 0/179/9795 >>>> >>>> _ >>>> >>>> 185.14 >>>> >>>> 6 >>>> >>>> 1424 >>>> >>>> 0.0 >>>> >>>> 0.58 >>>> >>>> 60.32 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *3-0* >>>> >>>> 13127 >>>> >>>> 0/127/9435 >>>> >>>> _ >>>> >>>> 119.80 >>>> >>>> 4 >>>> >>>> 1419 >>>> >>>> 0.0 >>>> >>>> 0.42 >>>> >>>> 56.51 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *4-0* >>>> >>>> - >>>> >>>> 0/0/9187 >>>> >>>> . >>>> >>>> 0.00 >>>> >>>> 50 >>>> >>>> 0 >>>> >>>> 0.0 >>>> >>>> 0.00 >>>> >>>> 56.60 >>>> >>>> ::1 >>>> >>>> http/1.1 >>>> >>>> ns1.***.com:8080 >>>> >>>> OPTIONS * HTTP/1.0 >>>> >>>> *5-0* >>>> >>>> 14851 >>>> >>>> 0/9/8761 >>>> >>>> _ >>>> >>>> 8.95 >>>> >>>> 13 >>>> >>>> 1559 >>>> >>>> 0.0 >>>> >>>> 0.01 >>>> >>>> 57.90 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *6-0* >>>> >>>> 14852 >>>> >>>> 0/6/8130 >>>> >>>> _ >>>> >>>> 6.67 >>>> >>>> 4 >>>> >>>> 1482 >>>> >>>> 0.0 >>>> >>>> 0.01 >>>> >>>> 51.88 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *7-0* >>>> >>>> 14192 >>>> >>>> 11/57/8355 >>>> >>>> *K* >>>> >>>> 72.73 >>>> >>>> 0 >>>> >>>> 1363 >>>> >>>> 106.6 >>>> >>>> 0.44 >>>> >>>> 52.79 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> *8-0* >>>> >>>> 13067 >>>> >>>> 0/125/7795 >>>> >>>> _ >>>> >>>> 121.19 >>>> >>>> 13 >>>> >>>> 1759 >>>> >>>> 0.0 >>>> >>>> 0.65 >>>> >>>> 68.27 >>>> >>>> 176.***.10 >>>> >>>> http/1.1 >>>> >>>> www.***.com:8080 >>>> >>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>> >>>> >>>> >>>> Apache error logs don't show anything about CPU. >>>> >>>> >>>> >>>> >>>> >>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>> guillaume at varnish-software.com>: >>>> >>>> You seem to have a good hit ratio, are you seeing anything on the >>>> apache logs that would explain the cpu usage? >>>> >>>> >>>> -- >>>> >>>> Guillaume Quintard >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>>> >>>> >>>> >>>> >>>> -- >>>> >>>> Stig Bakken >>>> CTO, Zedge.net - free your phone! >>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 16:54:44 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 11:54:44 -0500 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Can you copy/paste what you're seeing? As long as you run it from the WordPress docroot, and the plugins/themes folder locations haven't been customized, it should look something like this but with matches from grep: root at aviator [/home/gog/public_html]# egrep -Rn 'sm_type|is_unique|connect_hash|reqType' wp-content/{plugins,themes} root at aviator [/home/gog/public_html]# On Tue, Aug 2, 2016 at 11:39 AM, Ayberk Kimsesiz wrote: > I'm getting "*no such file or directory*" error. > > 2016-08-02 19:20 GMT+03:00 Andrei : > >> Ok now just type the following from the wp docroot to find your culprit: >> egrep -Rn 'sm_type|is_unique|connect_hash|reqType' >> wp-content/{plugins,themes} >> >> On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> Hi Andrei, >>> >>> Here are the results: >>> >>> T *****:56538 -> ******:8080 [AP] >>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>> Host: *******.com. >>> Accept-Language: tr-tr. >>> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) >>> AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d >>> Safari/602.1. >>> X-Requested-With: XMLHttpRequest. >>> Accept: application/json, text/javascript, */*; q=0.01. >>> Referer: http://******/. >>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>> Content-Length: 130. >>> Origin: http://****.com. >>> X-Actual-IP: 5.46.70.115. >>> Cookie: >>> pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 >>> 9; >>> pps_times_showed_100=1. >>> X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. >>> Accept-Encoding: gzip. >>> X-Varnish: 39754073. >>> . >>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 >>> >>> 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>> >>> >>> >>> T *****:56652 -> ******:8080 [AP] >>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>> Host: *****.com. >>> Content-Length: 130. >>> Origin: http://*****.com. >>> X-Requested-With: XMLHttpRequest. >>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>> Gecko/20100101 Firefox/46.19. >>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>> Accept: application/json, text/javascript, */*; q=0.01. >>> Referer: https://www.yandex.com.tr/. >>> Accept-Language: en-us,en. >>> Accept-Charset: iso-8859-1,*,utf-8. >>> X-Actual-IP: 78.173.206.179. >>> Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; >>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 >>> Time%29; pps_times_showed_100=2. >>> X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. >>> Accept-Encoding: gzip. >>> X-Varnish: 37456291. >>> . >>> >>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>> >>> >>> T *****:56630 -> *****.10:8080 [AP] >>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>> Host: *****.com. >>> Content-Length: 130. >>> Origin: http://*****.com. >>> X-Requested-With: XMLHttpRequest. >>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>> Gecko/20100101 Firefox/46.8. >>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>> Accept: application/json, text/javascript, */*; q=0.01. >>> Referer: https://google.com.tr/. >>> Accept-Language: en-us,en. >>> Accept-Charset: iso-8859-1,*,utf-8. >>> X-Actual-IP: 46.197.96.35. >>> Cookie: >>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; >>> pps_times_showed_100=1. >>> X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. >>> Accept-Encoding: gzip. >>> X-Varnish: 35061669. >>> >>> Heartbeat plugin didn't fix it by the way. >>> >>> 2016-08-02 18:45 GMT+03:00 Andrei : >>> >>>> Those admin-ajax.php POST requests won't get cached, and are likely >>>> related to WordPress heartbeats, or plugins. The quickest way to see what >>>> those requests actually are, which will help you identify the plugin/theme >>>> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >>>> >>>> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry < >>>> thierry.magnien at sfr.com> wrote: >>>> >>>>> Hi, >>>>> >>>>> >>>>> >>>>> There are known CPU issues due to WordPress HearBeat API, for example, >>>>> or misbehaving plugins. >>>>> >>>>> >>>>> >>>>> See >>>>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>>>> for example. >>>>> >>>>> >>>>> >>>>> Maybe one of your plugins has some difficulties going through varnish. >>>>> >>>>> >>>>> >>>>> If you enable debug on your browser, can you see specific calls to >>>>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>>>> when varnish is disabled ? >>>>> >>>>> >>>>> >>>>> Thierry >>>>> >>>>> >>>>> >>>>> *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org >>>>> [mailto:varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] >>>>> *De la part de* Ayberk Kimsesiz >>>>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>>>> *? :* Stig Bakken >>>>> *Cc :* varnish-misc >>>>> *Objet :* Re: Varnish CPU Usage >>>>> >>>>> >>>>> >>>>> I used Default.VCL in two different ways. The first with default >>>>> settings and the second with settings customized for Wordpress (either >>>>> case, the CPU usage increases). That is as follows: >>>>> >>>>> >>>>> >>>>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>>>> >>>>> >>>>> >>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>> >>>>> * * *********************************************************/* >>>>> >>>>> *vcl 4.0;* >>>>> >>>>> *import std;* >>>>> >>>>> >>>>> >>>>> *backend default {* >>>>> >>>>> * .host = "SERVER IP";* >>>>> >>>>> * .port = "8080";* >>>>> >>>>> * .first_byte_timeout = 60s;* >>>>> >>>>> * .connect_timeout = 300s;* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *acl purge {* >>>>> >>>>> * "localhost";* >>>>> >>>>> * "127.0.0.1";* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *#THE RECV FUNCTION* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *sub vcl_recv {* >>>>> >>>>> >>>>> >>>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>>> checks* >>>>> >>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>> ].*$", ""); * >>>>> >>>>> >>>>> >>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>> * if (req.restarts == 0) {* >>>>> >>>>> * if (req.http.x-forwarded-for) {* >>>>> >>>>> * set req.http.X-Forwarded-For =* >>>>> >>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>> * } else {* >>>>> >>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>> * }* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>> >>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> >>>>> >>>>> * # Enable smart refreshing using hash_always_miss* >>>>> >>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>> >>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>> ~ purge) {* >>>>> >>>>> * set req.hash_always_miss = true;* >>>>> >>>>> * }* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *if (req.method == "PURGE") {* >>>>> >>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ purge) {* >>>>> >>>>> * return(synth(405,"Not allowed."));* >>>>> >>>>> * }* >>>>> >>>>> * return (purge);* >>>>> >>>>> >>>>> >>>>> * }* >>>>> >>>>> *if (req.method == "BAN") {* >>>>> >>>>> * # Same ACL check as above:* >>>>> >>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ purge) {* >>>>> >>>>> * return(synth(403, "Not allowed."));* >>>>> >>>>> * }* >>>>> >>>>> * ban("req.http.host == " + req.http.host +* >>>>> >>>>> * " && req.url == " + req.url);* >>>>> >>>>> >>>>> >>>>> * # Throw a synthetic page so the* >>>>> >>>>> * # request won't go to the backend.* >>>>> >>>>> * return(synth(200, "Ban added"));* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# Unset cloudflare cookies* >>>>> >>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>> >>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>> >>>>> * # Remove a ";" prefix, if present.* >>>>> >>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>> >>>>> >>>>> >>>>> * # For Testing: If you want to test with Varnish passing (not >>>>> caching) uncomment* >>>>> >>>>> * # return( pass );* >>>>> >>>>> >>>>> >>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>> * if (req.restarts == 0) {* >>>>> >>>>> * if (req.http.x-forwarded-for) {* >>>>> >>>>> * set req.http.X-Forwarded-For =* >>>>> >>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>> * } else {* >>>>> >>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>> * }* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> >>>>> * return ( pass ); * >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *## Do not cache search results, comment these 3 lines if you do want >>>>> to cache them* >>>>> >>>>> >>>>> >>>>> *if (req.url ~ "/\?s\=") {* >>>>> >>>>> * return ( pass ); * >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>> >>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING* >>>>> >>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>> >>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (req.http.Accept-Encoding) {* >>>>> >>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>> >>>>> * # No point in compressing these* >>>>> >>>>> * unset req.http.Accept-Encoding;* >>>>> >>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>> >>>>> * set req.http.Accept-Encoding = "gzip";* >>>>> >>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>> >>>>> * set req.http.Accept-Encoding = "deflate";* >>>>> >>>>> * } else {* >>>>> >>>>> * # unknown algorithm* >>>>> >>>>> * unset req.http.Accept-Encoding;* >>>>> >>>>> * }* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (req.method != "GET" &&* >>>>> >>>>> * req.method != "HEAD" &&* >>>>> >>>>> * req.method != "PUT" && * >>>>> >>>>> * req.method != "POST" &&* >>>>> >>>>> * req.method != "TRACE" &&* >>>>> >>>>> * req.method != "OPTIONS" &&* >>>>> >>>>> * req.method != "DELETE") {* >>>>> >>>>> * return (pipe);* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>> >>>>> * return (pass);* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>> EITHER* >>>>> >>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>> >>>>> * return( pass );* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>> >>>>> * # THEN UNSET THE COOKIES* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>> >>>>> * && !(req.url ~ "&preview=true" ) * >>>>> >>>>> * ){* >>>>> >>>>> * unset req.http.cookie;* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>> >>>>> * return (pass);* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * return (hash);* >>>>> >>>>> * # This is for phpmyadmin* >>>>> >>>>> *if (req.http.Host == "ki1.org ") {* >>>>> >>>>> *return (pass);* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>> >>>>> *return (pass);* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# HIT FUNCTION* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *sub vcl_hit {* >>>>> >>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (req.method == "PURGE") {* >>>>> >>>>> * #* >>>>> >>>>> * # This is now handled in vcl_recv.* >>>>> >>>>> * #* >>>>> >>>>> * # purge;* >>>>> >>>>> * return (synth(200, "Purged."));* >>>>> >>>>> * }* >>>>> >>>>> * return (deliver);* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# MISS FUNCTION* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *sub vcl_miss {* >>>>> >>>>> * if (req.method == "PURGE") {* >>>>> >>>>> * #* >>>>> >>>>> * # This is now handled in vcl_recv.* >>>>> >>>>> * #* >>>>> >>>>> * # purge;* >>>>> >>>>> * return (synth(200, "Purged."));* >>>>> >>>>> * }* >>>>> >>>>> * return (fetch);* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# FETCH FUNCTION* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *sub vcl_backend_response {* >>>>> >>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> >>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>> >>>>> * # TO DO THIS* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>> >>>>> >>>>> >>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>> >>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> "wordpress_logged_in" ) {* >>>>> >>>>> * unset beresp.http.set-cookie;* >>>>> >>>>> * set beresp.ttl = 52w;* >>>>> >>>>> *# set beresp.grace =1w;* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * if (beresp.ttl <= 0s ||* >>>>> >>>>> * beresp.http.Set-Cookie ||* >>>>> >>>>> * beresp.http.Vary == "*") {* >>>>> >>>>> * set beresp.ttl = 120 s;* >>>>> >>>>> * # set beresp.ttl = 120s;* >>>>> >>>>> * set beresp.uncacheable = true;* >>>>> >>>>> * return (deliver);* >>>>> >>>>> * }* >>>>> >>>>> >>>>> >>>>> * return (deliver);* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# DELIVER FUNCTION* >>>>> >>>>> *# ##########################################################* >>>>> >>>>> *sub vcl_deliver {* >>>>> >>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> >>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * if (obj.hits > 0) {* >>>>> >>>>> * set resp.http.X-Cache = "HIT";* >>>>> >>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> >>>>> * # ##########################################################* >>>>> >>>>> * } else {* >>>>> >>>>> * set resp.http.X-Cache = "MISS";* >>>>> >>>>> * }* >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>>>> >>>>> Could it be that Varnish is not caching those POST requests, and that >>>>> they are what makes Apache consume a lot of CPU? >>>>> >>>>> >>>>> >>>>> On MPMs: with PHP prefork is the safest choice, and it will work just >>>>> fine as long as you have a reasonable config, especially since you have >>>>> Varnish in front offloading the job of shuffling bytes back to the users. >>>>> >>>>> >>>>> >>>>> If I were you I'd try to get more data on which requests take a long >>>>> time, some variant of "varnishncsa -F %D".. >>>>> >>>>> >>>>> >>>>> If you're into using Prometheus for metrics, you can try out this >>>>> exporter which will give you a lot of insight into which requests take a >>>>> long time to process: >>>>> https://github.com/stigsb/varnish_request_exporter (Prometheus is >>>>> awesome!) >>>>> >>>>> >>>>> >>>>> - Stig >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> >>>>> Hi, >>>>> >>>>> >>>>> >>>>> *CPU Monitor: * >>>>> >>>>> >>>>> >>>>> http://i.imgur.com/5KT1xRu.jpg >>>>> >>>>> >>>>> >>>>> *Apache status:* >>>>> >>>>> >>>>> >>>>> *Srv* >>>>> >>>>> *PID* >>>>> >>>>> *Acc* >>>>> >>>>> *M* >>>>> >>>>> *CPU* >>>>> >>>>> *SS* >>>>> >>>>> *Req* >>>>> >>>>> *Conn* >>>>> >>>>> *Child* >>>>> >>>>> *Slot* >>>>> >>>>> *Client* >>>>> >>>>> *Protocol* >>>>> >>>>> *VHost* >>>>> >>>>> *Request* >>>>> >>>>> *0-0* >>>>> >>>>> - >>>>> >>>>> 0/0/9766 >>>>> >>>>> . >>>>> >>>>> 134.59 >>>>> >>>>> 37 >>>>> >>>>> 0 >>>>> >>>>> 0.0 >>>>> >>>>> 0.00 >>>>> >>>>> 64.40 >>>>> >>>>> ::1 >>>>> >>>>> http/1.1 >>>>> >>>>> ns1.***com:8080 >>>>> >>>>> OPTIONS * HTTP/1.0 >>>>> >>>>> *1-0* >>>>> >>>>> 14612 >>>>> >>>>> 0/16/9058 >>>>> >>>>> _ >>>>> >>>>> 17.83 >>>>> >>>>> 13 >>>>> >>>>> 1498 >>>>> >>>>> 0.0 >>>>> >>>>> 0.02 >>>>> >>>>> 53.29 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *2-0* >>>>> >>>>> 10863 >>>>> >>>>> 0/179/9795 >>>>> >>>>> _ >>>>> >>>>> 185.14 >>>>> >>>>> 6 >>>>> >>>>> 1424 >>>>> >>>>> 0.0 >>>>> >>>>> 0.58 >>>>> >>>>> 60.32 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *3-0* >>>>> >>>>> 13127 >>>>> >>>>> 0/127/9435 >>>>> >>>>> _ >>>>> >>>>> 119.80 >>>>> >>>>> 4 >>>>> >>>>> 1419 >>>>> >>>>> 0.0 >>>>> >>>>> 0.42 >>>>> >>>>> 56.51 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *4-0* >>>>> >>>>> - >>>>> >>>>> 0/0/9187 >>>>> >>>>> . >>>>> >>>>> 0.00 >>>>> >>>>> 50 >>>>> >>>>> 0 >>>>> >>>>> 0.0 >>>>> >>>>> 0.00 >>>>> >>>>> 56.60 >>>>> >>>>> ::1 >>>>> >>>>> http/1.1 >>>>> >>>>> ns1.***.com:8080 >>>>> >>>>> OPTIONS * HTTP/1.0 >>>>> >>>>> *5-0* >>>>> >>>>> 14851 >>>>> >>>>> 0/9/8761 >>>>> >>>>> _ >>>>> >>>>> 8.95 >>>>> >>>>> 13 >>>>> >>>>> 1559 >>>>> >>>>> 0.0 >>>>> >>>>> 0.01 >>>>> >>>>> 57.90 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *6-0* >>>>> >>>>> 14852 >>>>> >>>>> 0/6/8130 >>>>> >>>>> _ >>>>> >>>>> 6.67 >>>>> >>>>> 4 >>>>> >>>>> 1482 >>>>> >>>>> 0.0 >>>>> >>>>> 0.01 >>>>> >>>>> 51.88 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *7-0* >>>>> >>>>> 14192 >>>>> >>>>> 11/57/8355 >>>>> >>>>> *K* >>>>> >>>>> 72.73 >>>>> >>>>> 0 >>>>> >>>>> 1363 >>>>> >>>>> 106.6 >>>>> >>>>> 0.44 >>>>> >>>>> 52.79 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> *8-0* >>>>> >>>>> 13067 >>>>> >>>>> 0/125/7795 >>>>> >>>>> _ >>>>> >>>>> 121.19 >>>>> >>>>> 13 >>>>> >>>>> 1759 >>>>> >>>>> 0.0 >>>>> >>>>> 0.65 >>>>> >>>>> 68.27 >>>>> >>>>> 176.***.10 >>>>> >>>>> http/1.1 >>>>> >>>>> www.***.com:8080 >>>>> >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>> >>>>> >>>>> >>>>> Apache error logs don't show anything about CPU. >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>>> guillaume at varnish-software.com>: >>>>> >>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>> apache logs that would explain the cpu usage? >>>>> >>>>> >>>>> -- >>>>> >>>>> Guillaume Quintard >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> varnish-misc at varnish-cache.org >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> >>>>> Stig Bakken >>>>> CTO, Zedge.net - free your phone! >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> varnish-misc at varnish-cache.org >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 17:05:02 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 20:05:02 +0300 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Results: wp-content/plugins/popup-by-supsystic/js/core.js:108: data += '&reqType=ajax'; wp-content/plugins/popup-by-supsystic/js/core.js:111: data['reqType'] = 'ajax'; wp-content/plugins/popup-by-supsystic/classes/frame.php:252: switch(reqPps::getVar('reqType')) { wp-content/plugins/popup-by-supsystic/classes/helpers/recapcha.php:22: if(reqPps::getVar('reqType') == 'ajax') { wp-content/plugins/popup-by-supsystic/classes/tables/statistics.php:11: ->_addField('is_unique', 'text', 'int') // Is stat value - unique wp-content/plugins/popup-by-supsystic/classes/installer.php:140: `is_unique` TINYINT(1) NOT NULL DEFAULT '0', wp-content/plugins/popup-by-supsystic/classes/installer.php:148: if(!dbPps::exist("@__statistics", "is_unique")) { // Uniqu e wp-content/plugins/popup-by-supsystic/classes/installer.php:149: dbPps::query("ALTER TABLE `@__statistics` ADD COLUMN `is _unique` TINYINT(1) NOT NULL DEFAULT '0';"); wp-content/plugins/popup-by-supsystic/classes/response.php:14: return reqPps::getVar('reqType'); wp-content/plugins/popup-by-supsystic/classes/uri.php:67: if(isset($data['reqType']) && $data['reqType'] == 'ajax' ) { wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:12: if($d['type'] == 'share' && isset($d['sm _type']) && !empty($d['sm_type'])) { wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:13: $smId = (int) framePps::_()->get Module('sm')->getTypeIdByCode( $d['sm_type'] ); wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:16: if(isset($d['is_unique']) && !empty($d[' is_unique'])) { wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:32: 'is_unique' => $isUnique, wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:70: return $this->setSelectFields('COUNT(*) AS total _requests, SUM(is_unique) AS unique_requests, '. $sqlDateFormat. ' AS date') wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:85: $data[ $i ]['sm_type'] = framePp s::_()->getModule('sm')->getTypeById( $row['sm_id'] ); wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:151: if(ppsPopupAllShareStats [i].sm_type) { wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:152: plotData.push([ ppsPopupAllShareStats[i].sm_type.label, parseInt(ppsPopupAllShareStats[i].total_requests) ]); wp-content/plugins/popup-by-supsystic/modules/statistics/controller.php:5: $connectHash = reqPps::getVar('connect_hash', 'post'); wp-content/plugins/popup-by-supsystic/modules/popup/views/popup.php:11: framePps::_()->addJSVar('admin.popup.list', 'ppsTblDataUrl', uri Pps::mod('popup', 'getListForTbl', array('reqType' => 'ajax'))); wp-content/plugins/popup-by-supsystic/modules/popup/mod.php:299: $popups[ $i ]['connect_hash'] = md5(date('m-d-Y'). $popu ps[ $i ]['id']. NONCE_KEY); wp-content/plugins/popup-by-supsystic/modules/popup/js/frontend.popup.js:451: , data: {mod: 'statistics', action: 'add', id: popup.id, t ype: action, sm_type: smType, is_unique: isUnique, 'connect_hash': popup.connect_hash} 2016-08-02 19:54 GMT+03:00 Andrei : > Can you copy/paste what you're seeing? As long as you run it from the > WordPress docroot, and the plugins/themes folder locations haven't been > customized, it should look something like this but with matches from grep: > > root at aviator [/home/gog/public_html]# egrep -Rn > 'sm_type|is_unique|connect_hash|reqType' wp-content/{plugins,themes} > root at aviator [/home/gog/public_html]# > > > On Tue, Aug 2, 2016 at 11:39 AM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > >> I'm getting "*no such file or directory*" error. >> >> 2016-08-02 19:20 GMT+03:00 Andrei : >> >>> Ok now just type the following from the wp docroot to find your culprit: >>> egrep -Rn 'sm_type|is_unique|connect_hash|reqType' >>> wp-content/{plugins,themes} >>> >>> On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> Hi Andrei, >>>> >>>> Here are the results: >>>> >>>> T *****:56538 -> ******:8080 [AP] >>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>> Host: *******.com. >>>> Accept-Language: tr-tr. >>>> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) >>>> AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d >>>> Safari/602.1. >>>> X-Requested-With: XMLHttpRequest. >>>> Accept: application/json, text/javascript, */*; q=0.01. >>>> Referer: http://******/. >>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>> Content-Length: 130. >>>> Origin: http://****.com. >>>> X-Actual-IP: 5.46.70.115. >>>> Cookie: >>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 >>>> 9; >>>> pps_times_showed_100=1. >>>> X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. >>>> Accept-Encoding: gzip. >>>> X-Varnish: 39754073. >>>> . >>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 >>>> >>>> 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>> >>>> >>>> >>>> T *****:56652 -> ******:8080 [AP] >>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>> Host: *****.com. >>>> Content-Length: 130. >>>> Origin: http://*****.com. >>>> X-Requested-With: XMLHttpRequest. >>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>> Gecko/20100101 Firefox/46.19. >>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>> Accept: application/json, text/javascript, */*; q=0.01. >>>> Referer: https://www.yandex.com.tr/. >>>> Accept-Language: en-us,en. >>>> Accept-Charset: iso-8859-1,*,utf-8. >>>> X-Actual-IP: 78.173.206.179. >>>> Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; >>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 >>>> Time%29; pps_times_showed_100=2. >>>> X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. >>>> Accept-Encoding: gzip. >>>> X-Varnish: 37456291. >>>> . >>>> >>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>> >>>> >>>> T *****:56630 -> *****.10:8080 [AP] >>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>> Host: *****.com. >>>> Content-Length: 130. >>>> Origin: http://*****.com. >>>> X-Requested-With: XMLHttpRequest. >>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>> Gecko/20100101 Firefox/46.8. >>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>> Accept: application/json, text/javascript, */*; q=0.01. >>>> Referer: https://google.com.tr/. >>>> Accept-Language: en-us,en. >>>> Accept-Charset: iso-8859-1,*,utf-8. >>>> X-Actual-IP: 46.197.96.35. >>>> Cookie: >>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; >>>> pps_times_showed_100=1. >>>> X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. >>>> Accept-Encoding: gzip. >>>> X-Varnish: 35061669. >>>> >>>> Heartbeat plugin didn't fix it by the way. >>>> >>>> 2016-08-02 18:45 GMT+03:00 Andrei : >>>> >>>>> Those admin-ajax.php POST requests won't get cached, and are likely >>>>> related to WordPress heartbeats, or plugins. The quickest way to see what >>>>> those requests actually are, which will help you identify the plugin/theme >>>>> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >>>>> >>>>> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry < >>>>> thierry.magnien at sfr.com> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> There are known CPU issues due to WordPress HearBeat API, for >>>>>> example, or misbehaving plugins. >>>>>> >>>>>> >>>>>> >>>>>> See >>>>>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>>>>> for example. >>>>>> >>>>>> >>>>>> >>>>>> Maybe one of your plugins has some difficulties going through varnish. >>>>>> >>>>>> >>>>>> >>>>>> If you enable debug on your browser, can you see specific calls to >>>>>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>>>>> when varnish is disabled ? >>>>>> >>>>>> >>>>>> >>>>>> Thierry >>>>>> >>>>>> >>>>>> >>>>>> *De :* varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org >>>>>> [mailto:varnish-misc-bounces+thierry.magnien= >>>>>> sfr.com at varnish-cache.org] *De la part de* Ayberk Kimsesiz >>>>>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>>>>> *? :* Stig Bakken >>>>>> *Cc :* varnish-misc >>>>>> *Objet :* Re: Varnish CPU Usage >>>>>> >>>>>> >>>>>> >>>>>> I used Default.VCL in two different ways. The first with default >>>>>> settings and the second with settings customized for Wordpress (either >>>>>> case, the CPU usage increases). That is as follows: >>>>>> >>>>>> >>>>>> >>>>>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>>>>> >>>>>> >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> >>>>>> * * *********************************************************/* >>>>>> >>>>>> *vcl 4.0;* >>>>>> >>>>>> *import std;* >>>>>> >>>>>> >>>>>> >>>>>> *backend default {* >>>>>> >>>>>> * .host = "SERVER IP";* >>>>>> >>>>>> * .port = "8080";* >>>>>> >>>>>> * .first_byte_timeout = 60s;* >>>>>> >>>>>> * .connect_timeout = 300s;* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *acl purge {* >>>>>> >>>>>> * "localhost";* >>>>>> >>>>>> * "127.0.0.1";* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_recv {* >>>>>> >>>>>> >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>>> various checks* >>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", ""); * >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) {* >>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) {* >>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (purge);* >>>>>> >>>>>> >>>>>> >>>>>> * }* >>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>> >>>>>> * # Same ACL check as above:* >>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) {* >>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> >>>>>> * # request won't go to the backend.* >>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> >>>>>> >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>>> caching) uncomment* >>>>>> >>>>>> * # return( pass );* >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do want >>>>>> to cache them* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> >>>>>> * # No point in compressing these* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * # unknown algorithm* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>> >>>>>> * req.method != "PUT" && * >>>>>> >>>>>> * req.method != "POST" &&* >>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>> >>>>>> * req.method != "DELETE") {* >>>>>> >>>>>> * return (pipe);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>> TOO, EITHER* >>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> >>>>>> * return( pass );* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> >>>>>> * ){* >>>>>> >>>>>> * unset req.http.cookie;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * return (hash);* >>>>>> >>>>>> * # This is for phpmyadmin* >>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_hit {* >>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_miss {* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (fetch);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_backend_response {* >>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> >>>>>> * # TO DO THIS* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) {* >>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_deliver {* >>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> >>>>>> * # ##########################################################* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>>>>> >>>>>> Could it be that Varnish is not caching those POST requests, and that >>>>>> they are what makes Apache consume a lot of CPU? >>>>>> >>>>>> >>>>>> >>>>>> On MPMs: with PHP prefork is the safest choice, and it will work just >>>>>> fine as long as you have a reasonable config, especially since you have >>>>>> Varnish in front offloading the job of shuffling bytes back to the users. >>>>>> >>>>>> >>>>>> >>>>>> If I were you I'd try to get more data on which requests take a long >>>>>> time, some variant of "varnishncsa -F %D".. >>>>>> >>>>>> >>>>>> >>>>>> If you're into using Prometheus for metrics, you can try out this >>>>>> exporter which will give you a lot of insight into which requests take a >>>>>> long time to process: >>>>>> https://github.com/stigsb/varnish_request_exporter (Prometheus is >>>>>> awesome!) >>>>>> >>>>>> >>>>>> >>>>>> - Stig >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> *CPU Monitor: * >>>>>> >>>>>> >>>>>> >>>>>> http://i.imgur.com/5KT1xRu.jpg >>>>>> >>>>>> >>>>>> >>>>>> *Apache status:* >>>>>> >>>>>> >>>>>> >>>>>> *Srv* >>>>>> >>>>>> *PID* >>>>>> >>>>>> *Acc* >>>>>> >>>>>> *M* >>>>>> >>>>>> *CPU* >>>>>> >>>>>> *SS* >>>>>> >>>>>> *Req* >>>>>> >>>>>> *Conn* >>>>>> >>>>>> *Child* >>>>>> >>>>>> *Slot* >>>>>> >>>>>> *Client* >>>>>> >>>>>> *Protocol* >>>>>> >>>>>> *VHost* >>>>>> >>>>>> *Request* >>>>>> >>>>>> *0-0* >>>>>> >>>>>> - >>>>>> >>>>>> 0/0/9766 >>>>>> >>>>>> . >>>>>> >>>>>> 134.59 >>>>>> >>>>>> 37 >>>>>> >>>>>> 0 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.00 >>>>>> >>>>>> 64.40 >>>>>> >>>>>> ::1 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> ns1.***com:8080 >>>>>> >>>>>> OPTIONS * HTTP/1.0 >>>>>> >>>>>> *1-0* >>>>>> >>>>>> 14612 >>>>>> >>>>>> 0/16/9058 >>>>>> >>>>>> _ >>>>>> >>>>>> 17.83 >>>>>> >>>>>> 13 >>>>>> >>>>>> 1498 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.02 >>>>>> >>>>>> 53.29 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *2-0* >>>>>> >>>>>> 10863 >>>>>> >>>>>> 0/179/9795 >>>>>> >>>>>> _ >>>>>> >>>>>> 185.14 >>>>>> >>>>>> 6 >>>>>> >>>>>> 1424 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.58 >>>>>> >>>>>> 60.32 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *3-0* >>>>>> >>>>>> 13127 >>>>>> >>>>>> 0/127/9435 >>>>>> >>>>>> _ >>>>>> >>>>>> 119.80 >>>>>> >>>>>> 4 >>>>>> >>>>>> 1419 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.42 >>>>>> >>>>>> 56.51 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *4-0* >>>>>> >>>>>> - >>>>>> >>>>>> 0/0/9187 >>>>>> >>>>>> . >>>>>> >>>>>> 0.00 >>>>>> >>>>>> 50 >>>>>> >>>>>> 0 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.00 >>>>>> >>>>>> 56.60 >>>>>> >>>>>> ::1 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> ns1.***.com:8080 >>>>>> >>>>>> OPTIONS * HTTP/1.0 >>>>>> >>>>>> *5-0* >>>>>> >>>>>> 14851 >>>>>> >>>>>> 0/9/8761 >>>>>> >>>>>> _ >>>>>> >>>>>> 8.95 >>>>>> >>>>>> 13 >>>>>> >>>>>> 1559 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.01 >>>>>> >>>>>> 57.90 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *6-0* >>>>>> >>>>>> 14852 >>>>>> >>>>>> 0/6/8130 >>>>>> >>>>>> _ >>>>>> >>>>>> 6.67 >>>>>> >>>>>> 4 >>>>>> >>>>>> 1482 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.01 >>>>>> >>>>>> 51.88 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *7-0* >>>>>> >>>>>> 14192 >>>>>> >>>>>> 11/57/8355 >>>>>> >>>>>> *K* >>>>>> >>>>>> 72.73 >>>>>> >>>>>> 0 >>>>>> >>>>>> 1363 >>>>>> >>>>>> 106.6 >>>>>> >>>>>> 0.44 >>>>>> >>>>>> 52.79 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> *8-0* >>>>>> >>>>>> 13067 >>>>>> >>>>>> 0/125/7795 >>>>>> >>>>>> _ >>>>>> >>>>>> 121.19 >>>>>> >>>>>> 13 >>>>>> >>>>>> 1759 >>>>>> >>>>>> 0.0 >>>>>> >>>>>> 0.65 >>>>>> >>>>>> 68.27 >>>>>> >>>>>> 176.***.10 >>>>>> >>>>>> http/1.1 >>>>>> >>>>>> www.***.com:8080 >>>>>> >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>> >>>>>> >>>>>> >>>>>> Apache error logs don't show anything about CPU. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>>>> guillaume at varnish-software.com>: >>>>>> >>>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>>> apache logs that would explain the cpu usage? >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Guillaume Quintard >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> varnish-misc mailing list >>>>>> varnish-misc at varnish-cache.org >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> >>>>>> Stig Bakken >>>>>> CTO, Zedge.net - free your phone! >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> varnish-misc mailing list >>>>>> varnish-misc at varnish-cache.org >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>> >>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Tue Aug 2 17:11:17 2016 From: lagged at gmail.com (Andrei) Date: Tue, 2 Aug 2016 12:11:17 -0500 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: Ok, now try disabling that plugin, then monitor your CPU usage after. You'll see some obvious improvements if those POST requests seen in ngrep were in majority related to the strings we searched for. On Tue, Aug 2, 2016 at 12:05 PM, Ayberk Kimsesiz wrote: > Results: > > wp-content/plugins/popup-by-supsystic/js/core.js:108: data += > '&reqType=ajax'; > wp-content/plugins/popup-by-supsystic/js/core.js:111: > data['reqType'] = 'ajax'; > wp-content/plugins/popup-by-supsystic/classes/frame.php:252: > switch(reqPps::getVar('reqType')) { > wp-content/plugins/popup-by-supsystic/classes/helpers/recapcha.php:22: > if(reqPps::getVar('reqType') == 'ajax') { > wp-content/plugins/popup-by-supsystic/classes/tables/statistics.php:11: > ->_addField('is_unique', 'text', 'int') // Is stat value > - unique > wp-content/plugins/popup-by-supsystic/classes/installer.php:140: > `is_unique` TINYINT(1) NOT NULL DEFAULT '0', > wp-content/plugins/popup-by-supsystic/classes/installer.php:148: > if(!dbPps::exist("@__statistics", "is_unique")) { // Uniqu > e > wp-content/plugins/popup-by-supsystic/classes/installer.php:149: > dbPps::query("ALTER TABLE `@__statistics` ADD COLUMN `is > _unique` TINYINT(1) NOT NULL DEFAULT > '0';"); > wp-content/plugins/popup-by-supsystic/classes/response.php:14: > return reqPps::getVar('reqType'); > wp-content/plugins/popup-by-supsystic/classes/uri.php:67: > if(isset($data['reqType']) && $data['reqType'] == 'ajax' > ) { > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:12: > if($d['type'] == 'share' && isset($d['sm > _type']) && !empty($d['sm_type'])) { > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:13: > $smId = (int) framePps::_()->get > Module('sm')->getTypeIdByCode( $d['sm_type'] > ); > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:16: > if(isset($d['is_unique']) && !empty($d[' > is_unique'])) { > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:32: > 'is_unique' => $isUnique, > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:70: > return $this->setSelectFields('COUNT(*) AS total > _requests, SUM(is_unique) AS unique_requests, > '. $sqlDateFormat. ' AS date') > wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:85: > $data[ $i ]['sm_type'] = framePp > s::_()->getModule('sm')->getTypeById( > $row['sm_id'] ); > wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:151: > if(ppsPopupAllShareStats > [i].sm_type) { > wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:152: > plotData.push([ > ppsPopupAllShareStats[i].sm_type.label, > parseInt(ppsPopupAllShareStats[i].total_requests) ]); > wp-content/plugins/popup-by-supsystic/modules/statistics/controller.php:5: > $connectHash = reqPps::getVar('connect_hash', 'post'); > wp-content/plugins/popup-by-supsystic/modules/popup/views/popup.php:11: > framePps::_()->addJSVar('admin.popup.list', 'ppsTblDataUrl', uri > Pps::mod('popup', 'getListForTbl', > array('reqType' => 'ajax'))); > wp-content/plugins/popup-by-supsystic/modules/popup/mod.php:299: > $popups[ $i ]['connect_hash'] = md5(date('m-d-Y'). $popu > ps[ $i ]['id']. NONCE_KEY); > wp-content/plugins/popup-by-supsystic/modules/popup/js/frontend.popup.js:451: > , data: {mod: 'statistics', action: 'add', id: popup.id, t > ype: action, sm_type: smType, > is_unique: isUnique, 'connect_hash': popup.connect_hash} > > > 2016-08-02 19:54 GMT+03:00 Andrei : > >> Can you copy/paste what you're seeing? As long as you run it from the >> WordPress docroot, and the plugins/themes folder locations haven't been >> customized, it should look something like this but with matches from grep: >> >> root at aviator [/home/gog/public_html]# egrep -Rn >> 'sm_type|is_unique|connect_hash|reqType' wp-content/{plugins,themes} >> root at aviator [/home/gog/public_html]# >> >> >> On Tue, Aug 2, 2016 at 11:39 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> I'm getting "*no such file or directory*" error. >>> >>> 2016-08-02 19:20 GMT+03:00 Andrei : >>> >>>> Ok now just type the following from the wp docroot to find your >>>> culprit: egrep -Rn 'sm_type|is_unique|connect_hash|reqType' >>>> wp-content/{plugins,themes} >>>> >>>> On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>>> Hi Andrei, >>>>> >>>>> Here are the results: >>>>> >>>>> T *****:56538 -> ******:8080 [AP] >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>> Host: *******.com. >>>>> Accept-Language: tr-tr. >>>>> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) >>>>> AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d >>>>> Safari/602.1. >>>>> X-Requested-With: XMLHttpRequest. >>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>> Referer: http://******/. >>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>> Content-Length: 130. >>>>> Origin: http://****.com. >>>>> X-Actual-IP: 5.46.70.115. >>>>> Cookie: >>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 >>>>> 9; >>>>> pps_times_showed_100=1. >>>>> X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. >>>>> Accept-Encoding: gzip. >>>>> X-Varnish: 39754073. >>>>> . >>>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 >>>>> >>>>> 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>>> >>>>> >>>>> >>>>> T *****:56652 -> ******:8080 [AP] >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>> Host: *****.com. >>>>> Content-Length: 130. >>>>> Origin: http://*****.com. >>>>> X-Requested-With: XMLHttpRequest. >>>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>>> Gecko/20100101 Firefox/46.19. >>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>> Referer: https://www.yandex.com.tr/. >>>>> Accept-Language: en-us,en. >>>>> Accept-Charset: iso-8859-1,*,utf-8. >>>>> X-Actual-IP: 78.173.206.179. >>>>> Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; >>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 >>>>> Time%29; pps_times_showed_100=2. >>>>> X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. >>>>> Accept-Encoding: gzip. >>>>> X-Varnish: 37456291. >>>>> . >>>>> >>>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>>> >>>>> >>>>> T *****:56630 -> *****.10:8080 [AP] >>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>> Host: *****.com. >>>>> Content-Length: 130. >>>>> Origin: http://*****.com. >>>>> X-Requested-With: XMLHttpRequest. >>>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>>> Gecko/20100101 Firefox/46.8. >>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>> Referer: https://google.com.tr/. >>>>> Accept-Language: en-us,en. >>>>> Accept-Charset: iso-8859-1,*,utf-8. >>>>> X-Actual-IP: 46.197.96.35. >>>>> Cookie: >>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; >>>>> pps_times_showed_100=1. >>>>> X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. >>>>> Accept-Encoding: gzip. >>>>> X-Varnish: 35061669. >>>>> >>>>> Heartbeat plugin didn't fix it by the way. >>>>> >>>>> 2016-08-02 18:45 GMT+03:00 Andrei : >>>>> >>>>>> Those admin-ajax.php POST requests won't get cached, and are likely >>>>>> related to WordPress heartbeats, or plugins. The quickest way to see what >>>>>> those requests actually are, which will help you identify the plugin/theme >>>>>> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >>>>>> >>>>>> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry < >>>>>> thierry.magnien at sfr.com> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>> >>>>>>> There are known CPU issues due to WordPress HearBeat API, for >>>>>>> example, or misbehaving plugins. >>>>>>> >>>>>>> >>>>>>> >>>>>>> See >>>>>>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>>>>>> for example. >>>>>>> >>>>>>> >>>>>>> >>>>>>> Maybe one of your plugins has some difficulties going through >>>>>>> varnish. >>>>>>> >>>>>>> >>>>>>> >>>>>>> If you enable debug on your browser, can you see specific calls to >>>>>>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>>>>>> when varnish is disabled ? >>>>>>> >>>>>>> >>>>>>> >>>>>>> Thierry >>>>>>> >>>>>>> >>>>>>> >>>>>>> *De :* varnish-misc-bounces+thierry.magnien= >>>>>>> sfr.com at varnish-cache.org [mailto: >>>>>>> varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] *De >>>>>>> la part de* Ayberk Kimsesiz >>>>>>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>>>>>> *? :* Stig Bakken >>>>>>> *Cc :* varnish-misc >>>>>>> *Objet :* Re: Varnish CPU Usage >>>>>>> >>>>>>> >>>>>>> >>>>>>> I used Default.VCL in two different ways. The first with default >>>>>>> settings and the second with settings customized for Wordpress (either >>>>>>> case, the CPU usage increases). That is as follows: >>>>>>> >>>>>>> >>>>>>> >>>>>>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>>>>>> >>>>>>> >>>>>>> >>>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>> >>>>>>> * * *********************************************************/* >>>>>>> >>>>>>> *vcl 4.0;* >>>>>>> >>>>>>> *import std;* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *backend default {* >>>>>>> >>>>>>> * .host = "SERVER IP";* >>>>>>> >>>>>>> * .port = "8080";* >>>>>>> >>>>>>> * .first_byte_timeout = 60s;* >>>>>>> >>>>>>> * .connect_timeout = 300s;* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *acl purge {* >>>>>>> >>>>>>> * "localhost";* >>>>>>> >>>>>>> * "127.0.0.1";* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *#THE RECV FUNCTION* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *sub vcl_recv {* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>>>> various checks* >>>>>>> >>>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>> ].*$", ""); * >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>>> * if (req.restarts == 0) {* >>>>>>> >>>>>>> * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>>> * set req.http.X-Forwarded-For =* >>>>>>> >>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>>> * } else {* >>>>>>> >>>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>>>> >>>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>> >>>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>> >>>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) {* >>>>>>> >>>>>>> * set req.hash_always_miss = true;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *if (req.method == "PURGE") {* >>>>>>> >>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) {* >>>>>>> >>>>>>> * return(synth(405,"Not allowed."));* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * return (purge);* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> *if (req.method == "BAN") {* >>>>>>> >>>>>>> * # Same ACL check as above:* >>>>>>> >>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) {* >>>>>>> >>>>>>> * return(synth(403, "Not allowed."));* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>> >>>>>>> * " && req.url == " + req.url);* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # Throw a synthetic page so the* >>>>>>> >>>>>>> * # request won't go to the backend.* >>>>>>> >>>>>>> * return(synth(200, "Ban added"));* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# Unset cloudflare cookies* >>>>>>> >>>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>>> >>>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>> >>>>>>> * # Remove a ";" prefix, if present.* >>>>>>> >>>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>>>> caching) uncomment* >>>>>>> >>>>>>> * # return( pass );* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>>> * if (req.restarts == 0) {* >>>>>>> >>>>>>> * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>>> * set req.http.X-Forwarded-For =* >>>>>>> >>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>>> * } else {* >>>>>>> >>>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# DO NOT CACHE RSS FEED* >>>>>>> >>>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>> >>>>>>> * return ( pass ); * >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *## Do not cache search results, comment these 3 lines if you do >>>>>>> want to cache them* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>> >>>>>>> * return ( pass ); * >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>> >>>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>> ACCEPT-ENCODING* >>>>>>> >>>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>> >>>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (req.http.Accept-Encoding) {* >>>>>>> >>>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>>> >>>>>>> * # No point in compressing these* >>>>>>> >>>>>>> * unset req.http.Accept-Encoding;* >>>>>>> >>>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>> >>>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>> >>>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>> >>>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>> >>>>>>> * } else {* >>>>>>> >>>>>>> * # unknown algorithm* >>>>>>> >>>>>>> * unset req.http.Accept-Encoding;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (req.method != "GET" &&* >>>>>>> >>>>>>> * req.method != "HEAD" &&* >>>>>>> >>>>>>> * req.method != "PUT" && * >>>>>>> >>>>>>> * req.method != "POST" &&* >>>>>>> >>>>>>> * req.method != "TRACE" &&* >>>>>>> >>>>>>> * req.method != "OPTIONS" &&* >>>>>>> >>>>>>> * req.method != "DELETE") {* >>>>>>> >>>>>>> * return (pipe);* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>> >>>>>>> * return (pass);* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>> TOO, EITHER* >>>>>>> >>>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>> >>>>>>> * return( pass );* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>>> >>>>>>> * # THEN UNSET THE COOKIES* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>> >>>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>> >>>>>>> * ){* >>>>>>> >>>>>>> * unset req.http.cookie;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>> >>>>>>> * return (pass);* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * return (hash);* >>>>>>> >>>>>>> * # This is for phpmyadmin* >>>>>>> >>>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>> >>>>>>> *return (pass);* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>>>> >>>>>>> *return (pass);* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# HIT FUNCTION* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *sub vcl_hit {* >>>>>>> >>>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (req.method == "PURGE") {* >>>>>>> >>>>>>> * #* >>>>>>> >>>>>>> * # This is now handled in vcl_recv.* >>>>>>> >>>>>>> * #* >>>>>>> >>>>>>> * # purge;* >>>>>>> >>>>>>> * return (synth(200, "Purged."));* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * return (deliver);* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# MISS FUNCTION* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *sub vcl_miss {* >>>>>>> >>>>>>> * if (req.method == "PURGE") {* >>>>>>> >>>>>>> * #* >>>>>>> >>>>>>> * # This is now handled in vcl_recv.* >>>>>>> >>>>>>> * #* >>>>>>> >>>>>>> * # purge;* >>>>>>> >>>>>>> * return (synth(200, "Purged."));* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> * return (fetch);* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# FETCH FUNCTION* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *sub vcl_backend_response {* >>>>>>> >>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>> >>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>>> >>>>>>> * # TO DO THIS* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>>> >>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>> "wordpress_logged_in" ) {* >>>>>>> >>>>>>> * unset beresp.http.set-cookie;* >>>>>>> >>>>>>> * set beresp.ttl = 52w;* >>>>>>> >>>>>>> *# set beresp.grace =1w;* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * if (beresp.ttl <= 0s ||* >>>>>>> >>>>>>> * beresp.http.Set-Cookie ||* >>>>>>> >>>>>>> * beresp.http.Vary == "*") {* >>>>>>> >>>>>>> * set beresp.ttl = 120 s;* >>>>>>> >>>>>>> * # set beresp.ttl = 120s;* >>>>>>> >>>>>>> * set beresp.uncacheable = true;* >>>>>>> >>>>>>> * return (deliver);* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> >>>>>>> * return (deliver);* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *# DELIVER FUNCTION* >>>>>>> >>>>>>> *# ##########################################################* >>>>>>> >>>>>>> *sub vcl_deliver {* >>>>>>> >>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>> >>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * if (obj.hits > 0) {* >>>>>>> >>>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>> >>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>> >>>>>>> * # ##########################################################* >>>>>>> >>>>>>> * } else {* >>>>>>> >>>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>> >>>>>>> * }* >>>>>>> >>>>>>> *}* >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>>>>>> >>>>>>> Could it be that Varnish is not caching those POST requests, and >>>>>>> that they are what makes Apache consume a lot of CPU? >>>>>>> >>>>>>> >>>>>>> >>>>>>> On MPMs: with PHP prefork is the safest choice, and it will work >>>>>>> just fine as long as you have a reasonable config, especially since you >>>>>>> have Varnish in front offloading the job of shuffling bytes back to the >>>>>>> users. >>>>>>> >>>>>>> >>>>>>> >>>>>>> If I were you I'd try to get more data on which requests take a long >>>>>>> time, some variant of "varnishncsa -F %D".. >>>>>>> >>>>>>> >>>>>>> >>>>>>> If you're into using Prometheus for metrics, you can try out this >>>>>>> exporter which will give you a lot of insight into which requests take a >>>>>>> long time to process: >>>>>>> https://github.com/stigsb/varnish_request_exporter (Prometheus is >>>>>>> awesome!) >>>>>>> >>>>>>> >>>>>>> >>>>>>> - Stig >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>> >>>>>>> *CPU Monitor: * >>>>>>> >>>>>>> >>>>>>> >>>>>>> http://i.imgur.com/5KT1xRu.jpg >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Apache status:* >>>>>>> >>>>>>> >>>>>>> >>>>>>> *Srv* >>>>>>> >>>>>>> *PID* >>>>>>> >>>>>>> *Acc* >>>>>>> >>>>>>> *M* >>>>>>> >>>>>>> *CPU* >>>>>>> >>>>>>> *SS* >>>>>>> >>>>>>> *Req* >>>>>>> >>>>>>> *Conn* >>>>>>> >>>>>>> *Child* >>>>>>> >>>>>>> *Slot* >>>>>>> >>>>>>> *Client* >>>>>>> >>>>>>> *Protocol* >>>>>>> >>>>>>> *VHost* >>>>>>> >>>>>>> *Request* >>>>>>> >>>>>>> *0-0* >>>>>>> >>>>>>> - >>>>>>> >>>>>>> 0/0/9766 >>>>>>> >>>>>>> . >>>>>>> >>>>>>> 134.59 >>>>>>> >>>>>>> 37 >>>>>>> >>>>>>> 0 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.00 >>>>>>> >>>>>>> 64.40 >>>>>>> >>>>>>> ::1 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> ns1.***com:8080 >>>>>>> >>>>>>> OPTIONS * HTTP/1.0 >>>>>>> >>>>>>> *1-0* >>>>>>> >>>>>>> 14612 >>>>>>> >>>>>>> 0/16/9058 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 17.83 >>>>>>> >>>>>>> 13 >>>>>>> >>>>>>> 1498 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.02 >>>>>>> >>>>>>> 53.29 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *2-0* >>>>>>> >>>>>>> 10863 >>>>>>> >>>>>>> 0/179/9795 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 185.14 >>>>>>> >>>>>>> 6 >>>>>>> >>>>>>> 1424 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.58 >>>>>>> >>>>>>> 60.32 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *3-0* >>>>>>> >>>>>>> 13127 >>>>>>> >>>>>>> 0/127/9435 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 119.80 >>>>>>> >>>>>>> 4 >>>>>>> >>>>>>> 1419 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.42 >>>>>>> >>>>>>> 56.51 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *4-0* >>>>>>> >>>>>>> - >>>>>>> >>>>>>> 0/0/9187 >>>>>>> >>>>>>> . >>>>>>> >>>>>>> 0.00 >>>>>>> >>>>>>> 50 >>>>>>> >>>>>>> 0 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.00 >>>>>>> >>>>>>> 56.60 >>>>>>> >>>>>>> ::1 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> ns1.***.com:8080 >>>>>>> >>>>>>> OPTIONS * HTTP/1.0 >>>>>>> >>>>>>> *5-0* >>>>>>> >>>>>>> 14851 >>>>>>> >>>>>>> 0/9/8761 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 8.95 >>>>>>> >>>>>>> 13 >>>>>>> >>>>>>> 1559 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.01 >>>>>>> >>>>>>> 57.90 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *6-0* >>>>>>> >>>>>>> 14852 >>>>>>> >>>>>>> 0/6/8130 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 6.67 >>>>>>> >>>>>>> 4 >>>>>>> >>>>>>> 1482 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.01 >>>>>>> >>>>>>> 51.88 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *7-0* >>>>>>> >>>>>>> 14192 >>>>>>> >>>>>>> 11/57/8355 >>>>>>> >>>>>>> *K* >>>>>>> >>>>>>> 72.73 >>>>>>> >>>>>>> 0 >>>>>>> >>>>>>> 1363 >>>>>>> >>>>>>> 106.6 >>>>>>> >>>>>>> 0.44 >>>>>>> >>>>>>> 52.79 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> *8-0* >>>>>>> >>>>>>> 13067 >>>>>>> >>>>>>> 0/125/7795 >>>>>>> >>>>>>> _ >>>>>>> >>>>>>> 121.19 >>>>>>> >>>>>>> 13 >>>>>>> >>>>>>> 1759 >>>>>>> >>>>>>> 0.0 >>>>>>> >>>>>>> 0.65 >>>>>>> >>>>>>> 68.27 >>>>>>> >>>>>>> 176.***.10 >>>>>>> >>>>>>> http/1.1 >>>>>>> >>>>>>> www.***.com:8080 >>>>>>> >>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>> >>>>>>> >>>>>>> >>>>>>> Apache error logs don't show anything about CPU. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>>>>> guillaume at varnish-software.com>: >>>>>>> >>>>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>>>> apache logs that would explain the cpu usage? >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Guillaume Quintard >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> varnish-misc mailing list >>>>>>> varnish-misc at varnish-cache.org >>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> Stig Bakken >>>>>>> CTO, Zedge.net - free your phone! >>>>>>> >>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> varnish-misc mailing list >>>>>>> varnish-misc at varnish-cache.org >>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 2 17:47:51 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 2 Aug 2016 20:47:51 +0300 Subject: Varnish CPU Usage In-Reply-To: References: <5D103CE839D50E4CBC62C9FD7B83287C01F1486718@EXCN015.encara.local.ads> Message-ID: We had recently installed that plugin. This problem persists since last 2 weeks. Still, i disabled the plugin but that didn't help. 2016-08-02 20:11 GMT+03:00 Andrei : > Ok, now try disabling that plugin, then monitor your CPU usage after. > You'll see some obvious improvements if those POST requests seen in ngrep > were in majority related to the strings we searched for. > > On Tue, Aug 2, 2016 at 12:05 PM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > >> Results: >> >> wp-content/plugins/popup-by-supsystic/js/core.js:108: data += >> '&reqType=ajax'; >> wp-content/plugins/popup-by-supsystic/js/core.js:111: >> data['reqType'] = 'ajax'; >> wp-content/plugins/popup-by-supsystic/classes/frame.php:252: >> switch(reqPps::getVar('reqType')) { >> wp-content/plugins/popup-by-supsystic/classes/helpers/recapcha.php:22: >> if(reqPps::getVar('reqType') == 'ajax') { >> wp-content/plugins/popup-by-supsystic/classes/tables/statistics.php:11: >> ->_addField('is_unique', 'text', 'int') // Is stat value >> - unique >> wp-content/plugins/popup-by-supsystic/classes/installer.php:140: >> `is_unique` TINYINT(1) NOT NULL DEFAULT '0', >> wp-content/plugins/popup-by-supsystic/classes/installer.php:148: >> if(!dbPps::exist("@__statistics", "is_unique")) { // Uniqu >> e >> wp-content/plugins/popup-by-supsystic/classes/installer.php:149: >> dbPps::query("ALTER TABLE `@__statistics` ADD COLUMN `is >> _unique` TINYINT(1) NOT NULL >> DEFAULT '0';"); >> wp-content/plugins/popup-by-supsystic/classes/response.php:14: >> return reqPps::getVar('reqType'); >> wp-content/plugins/popup-by-supsystic/classes/uri.php:67: >> if(isset($data['reqType']) && $data['reqType'] == 'ajax' >> ) { >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:12: >> if($d['type'] == 'share' && isset($d['sm >> _type']) && !empty($d['sm_type'])) { >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:13: >> $smId = (int) framePps::_()->get >> Module('sm')->getTypeIdByCode( $d['sm_type'] >> ); >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:16: >> if(isset($d['is_unique']) && !empty($d[' >> is_unique'])) { >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:32: >> 'is_unique' => $isUnique, >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:70: >> return $this->setSelectFields('COUNT(*) AS total >> _requests, SUM(is_unique) AS unique_requests, >> '. $sqlDateFormat. ' AS date') >> wp-content/plugins/popup-by-supsystic/modules/statistics/models/statistics.php:85: >> $data[ $i ]['sm_type'] = framePp >> s::_()->getModule('sm')->getTypeById( >> $row['sm_id'] ); >> wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:151: >> if(ppsPopupAllShareStats >> [i].sm_type) { >> wp-content/plugins/popup-by-supsystic/modules/statistics/js/admin.statistics.popup.edit.js:152: >> plotData.push([ >> ppsPopupAllShareStats[i].sm_type.label, >> parseInt(ppsPopupAllShareStats[i].total_requests) ]); >> wp-content/plugins/popup-by-supsystic/modules/statistics/controller.php:5: >> $connectHash = reqPps::getVar('connect_hash', 'post'); >> wp-content/plugins/popup-by-supsystic/modules/popup/views/popup.php:11: >> framePps::_()->addJSVar('admin.popup.list', 'ppsTblDataUrl', uri >> Pps::mod('popup', 'getListForTbl', >> array('reqType' => 'ajax'))); >> wp-content/plugins/popup-by-supsystic/modules/popup/mod.php:299: >> $popups[ $i ]['connect_hash'] = md5(date('m-d-Y'). $popu >> ps[ $i ]['id']. NONCE_KEY); >> wp-content/plugins/popup-by-supsystic/modules/popup/js/frontend.popup.js:451: >> , data: {mod: 'statistics', action: 'add', id: popup.id, t >> ype: action, sm_type: smType, >> is_unique: isUnique, 'connect_hash': popup.connect_hash} >> >> >> 2016-08-02 19:54 GMT+03:00 Andrei : >> >>> Can you copy/paste what you're seeing? As long as you run it from the >>> WordPress docroot, and the plugins/themes folder locations haven't been >>> customized, it should look something like this but with matches from grep: >>> >>> root at aviator [/home/gog/public_html]# egrep -Rn >>> 'sm_type|is_unique|connect_hash|reqType' wp-content/{plugins,themes} >>> root at aviator [/home/gog/public_html]# >>> >>> >>> On Tue, Aug 2, 2016 at 11:39 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> I'm getting "*no such file or directory*" error. >>>> >>>> 2016-08-02 19:20 GMT+03:00 Andrei : >>>> >>>>> Ok now just type the following from the wp docroot to find your >>>>> culprit: egrep -Rn 'sm_type|is_unique|connect_hash|reqType' >>>>> wp-content/{plugins,themes} >>>>> >>>>> On Tue, Aug 2, 2016 at 10:58 AM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> >>>>>> Hi Andrei, >>>>>> >>>>>> Here are the results: >>>>>> >>>>>> T *****:56538 -> ******:8080 [AP] >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>>> Host: *******.com. >>>>>> Accept-Language: tr-tr. >>>>>> User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) >>>>>> AppleWebKit/6 02.1.40 (KHTML, like Gecko) Version/10.0 Mobile/14A5309d >>>>>> Safari/602.1. >>>>>> X-Requested-With: XMLHttpRequest. >>>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>>> Referer: http://******/. >>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>>> Content-Length: 130. >>>>>> Origin: http://****.com. >>>>>> X-Actual-IP: 5.46.70.115. >>>>>> Cookie: >>>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A50%3A21%20GMT+0300%20%28EEST%2 >>>>>> 9; >>>>>> pps_times_showed_100=1. >>>>>> X-Forwarded-For: 5.46.70.115, 5.46.70.115, 5.46.70.115. >>>>>> Accept-Encoding: gzip. >>>>>> X-Varnish: 39754073. >>>>>> . >>>>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=1&connect_hash=c1 >>>>>> >>>>>> 532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>>>> >>>>>> >>>>>> >>>>>> T *****:56652 -> ******:8080 [AP] >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>>> Host: *****.com. >>>>>> Content-Length: 130. >>>>>> Origin: http://*****.com. >>>>>> X-Requested-With: XMLHttpRequest. >>>>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>>>> Gecko/20100101 Firefox/46.19. >>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>>> Referer: https://www.yandex.com.tr/. >>>>>> Accept-Language: en-us,en. >>>>>> Accept-Charset: iso-8859-1,*,utf-8. >>>>>> X-Actual-IP: 78.173.206.179. >>>>>> Cookie: PHPSESSID=br4avjrtmgd0e2j04eoelev4r6; >>>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A14%20GMT+0300%20%28Turkey%20Daylight%20 >>>>>> Time%29; pps_times_showed_100=2. >>>>>> X-Forwarded-For: 78.173.206.179, 78.173.206.179, 78.173.206.179. >>>>>> Accept-Encoding: gzip. >>>>>> X-Varnish: 37456291. >>>>>> . >>>>>> >>>>>> mod=statistics&action=add&id=100&type=show&sm_type=0&is_unique=0&connect_hash=c1532a201e2ee25540c61d3199e0e960&pl=pps&reqType=ajax >>>>>> >>>>>> >>>>>> T *****:56630 -> *****.10:8080 [AP] >>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1. >>>>>> Host: *****.com. >>>>>> Content-Length: 130. >>>>>> Origin: http://*****.com. >>>>>> X-Requested-With: XMLHttpRequest. >>>>>> User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:46.0) >>>>>> Gecko/20100101 Firefox/46.8. >>>>>> Content-Type: application/x-www-form-urlencoded; charset=UTF-8. >>>>>> Accept: application/json, text/javascript, */*; q=0.01. >>>>>> Referer: https://google.com.tr/. >>>>>> Accept-Language: en-us,en. >>>>>> Accept-Charset: iso-8859-1,*,utf-8. >>>>>> X-Actual-IP: 46.197.96.35. >>>>>> Cookie: >>>>>> pps_show_100=Tue%20Aug%2002%202016%2018%3A51%3A27%20GMT+0300%20%28T%FCrkiye%20Yaz%20Saati%29; >>>>>> pps_times_showed_100=1. >>>>>> X-Forwarded-For: 46.197.96.35, 46.197.96.35, 46.197.96.35. >>>>>> Accept-Encoding: gzip. >>>>>> X-Varnish: 35061669. >>>>>> >>>>>> Heartbeat plugin didn't fix it by the way. >>>>>> >>>>>> 2016-08-02 18:45 GMT+03:00 Andrei : >>>>>> >>>>>>> Those admin-ajax.php POST requests won't get cached, and are likely >>>>>>> related to WordPress heartbeats, or plugins. The quickest way to see what >>>>>>> those requests actually are, which will help you identify the plugin/theme >>>>>>> option is using ngrep: ngrep 'admin-ajax' -d any dst port 8080 -W byline -q >>>>>>> >>>>>>> On Tue, Aug 2, 2016 at 9:43 AM, MAGNIEN, Thierry < >>>>>>> thierry.magnien at sfr.com> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> There are known CPU issues due to WordPress HearBeat API, for >>>>>>>> example, or misbehaving plugins. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> See >>>>>>>> http://www.inmotionhosting.com/support/website/wordpress/heartbeat-ajax-php-usage >>>>>>>> for example. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Maybe one of your plugins has some difficulties going through >>>>>>>> varnish. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> If you enable debug on your browser, can you see specific calls to >>>>>>>> /wp-admin/admin-ajax.php that take a very long time with varnish and not >>>>>>>> when varnish is disabled ? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Thierry >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *De :* varnish-misc-bounces+thierry.magnien= >>>>>>>> sfr.com at varnish-cache.org [mailto: >>>>>>>> varnish-misc-bounces+thierry.magnien=sfr.com at varnish-cache.org] *De >>>>>>>> la part de* Ayberk Kimsesiz >>>>>>>> *Envoy? :* mardi 2 ao?t 2016 15:18 >>>>>>>> *? :* Stig Bakken >>>>>>>> *Cc :* varnish-misc >>>>>>>> *Objet :* Re: Varnish CPU Usage >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> I used Default.VCL in two different ways. The first with default >>>>>>>> settings and the second with settings customized for Wordpress (either >>>>>>>> case, the CPU usage increases). That is as follows: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Also i couldn't find a Centos 6 installation guide for Prometheus. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>> >>>>>>>> * * *********************************************************/* >>>>>>>> >>>>>>>> *vcl 4.0;* >>>>>>>> >>>>>>>> *import std;* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *backend default {* >>>>>>>> >>>>>>>> * .host = "SERVER IP";* >>>>>>>> >>>>>>>> * .port = "8080";* >>>>>>>> >>>>>>>> * .first_byte_timeout = 60s;* >>>>>>>> >>>>>>>> * .connect_timeout = 300s;* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *acl purge {* >>>>>>>> >>>>>>>> * "localhost";* >>>>>>>> >>>>>>>> * "127.0.0.1";* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *#THE RECV FUNCTION* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *sub vcl_recv {* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>>>>> various checks* >>>>>>>> >>>>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>>> ].*$", ""); * >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>>>> * } else {* >>>>>>>> >>>>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # Purge request check sections for hash_always_miss, purge and >>>>>>>> ban* >>>>>>>> >>>>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>> >>>>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>> >>>>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) {* >>>>>>>> >>>>>>>> * set req.hash_always_miss = true;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *if (req.method == "PURGE") {* >>>>>>>> >>>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) {* >>>>>>>> >>>>>>>> * return(synth(405,"Not allowed."));* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * return (purge);* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> *if (req.method == "BAN") {* >>>>>>>> >>>>>>>> * # Same ACL check as above:* >>>>>>>> >>>>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) {* >>>>>>>> >>>>>>>> * return(synth(403, "Not allowed."));* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>> >>>>>>>> * " && req.url == " + req.url);* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # Throw a synthetic page so the* >>>>>>>> >>>>>>>> * # request won't go to the backend.* >>>>>>>> >>>>>>>> * return(synth(200, "Ban added"));* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# Unset cloudflare cookies* >>>>>>>> >>>>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>>>> >>>>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>> >>>>>>>> * # Remove a ";" prefix, if present.* >>>>>>>> >>>>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>>>>> caching) uncomment* >>>>>>>> >>>>>>>> * # return( pass );* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>>>> * } else {* >>>>>>>> >>>>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>>>>> * return ( pass ); * >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *## Do not cache search results, comment these 3 lines if you do >>>>>>>> want to cache them* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>> >>>>>>>> * return ( pass ); * >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>> >>>>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING* >>>>>>>> >>>>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>> >>>>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>> >>>>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>>>> >>>>>>>> * # No point in compressing these* >>>>>>>> >>>>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>> >>>>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>> >>>>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>> >>>>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>> >>>>>>>> * } else {* >>>>>>>> >>>>>>>> * # unknown algorithm* >>>>>>>> >>>>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (req.method != "GET" &&* >>>>>>>> >>>>>>>> * req.method != "HEAD" &&* >>>>>>>> >>>>>>>> * req.method != "PUT" && * >>>>>>>> >>>>>>>> * req.method != "POST" &&* >>>>>>>> >>>>>>>> * req.method != "TRACE" &&* >>>>>>>> >>>>>>>> * req.method != "OPTIONS" &&* >>>>>>>> >>>>>>>> * req.method != "DELETE") {* >>>>>>>> >>>>>>>> * return (pipe);* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>> >>>>>>>> * return (pass);* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>>> TOO, EITHER* >>>>>>>> >>>>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>> >>>>>>>> * return( pass );* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>>>> >>>>>>>> * # THEN UNSET THE COOKIES* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>> >>>>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>> >>>>>>>> * ){* >>>>>>>> >>>>>>>> * unset req.http.cookie;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>> >>>>>>>> * return (pass);* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * return (hash);* >>>>>>>> >>>>>>>> * # This is for phpmyadmin* >>>>>>>> >>>>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>> >>>>>>>> *return (pass);* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>>>>> >>>>>>>> *return (pass);* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# HIT FUNCTION* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *sub vcl_hit {* >>>>>>>> >>>>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>>>> * #* >>>>>>>> >>>>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>>>> * #* >>>>>>>> >>>>>>>> * # purge;* >>>>>>>> >>>>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * return (deliver);* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# MISS FUNCTION* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *sub vcl_miss {* >>>>>>>> >>>>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>>>> * #* >>>>>>>> >>>>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>>>> * #* >>>>>>>> >>>>>>>> * # purge;* >>>>>>>> >>>>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> * return (fetch);* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# FETCH FUNCTION* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *sub vcl_backend_response {* >>>>>>>> >>>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>>> >>>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>>>> >>>>>>>> * # TO DO THIS* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>>>> >>>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>> "wordpress_logged_in" ) {* >>>>>>>> >>>>>>>> * unset beresp.http.set-cookie;* >>>>>>>> >>>>>>>> * set beresp.ttl = 52w;* >>>>>>>> >>>>>>>> *# set beresp.grace =1w;* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>> >>>>>>>> * beresp.http.Set-Cookie ||* >>>>>>>> >>>>>>>> * beresp.http.Vary == "*") {* >>>>>>>> >>>>>>>> * set beresp.ttl = 120 s;* >>>>>>>> >>>>>>>> * # set beresp.ttl = 120s;* >>>>>>>> >>>>>>>> * set beresp.uncacheable = true;* >>>>>>>> >>>>>>>> * return (deliver);* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> * return (deliver);* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *# DELIVER FUNCTION* >>>>>>>> >>>>>>>> *# ##########################################################* >>>>>>>> >>>>>>>> *sub vcl_deliver {* >>>>>>>> >>>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>>> >>>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * if (obj.hits > 0) {* >>>>>>>> >>>>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>> >>>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> >>>>>>>> * # ##########################################################* >>>>>>>> >>>>>>>> * } else {* >>>>>>>> >>>>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>> >>>>>>>> * }* >>>>>>>> >>>>>>>> *}* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2016-08-02 15:07 GMT+03:00 Stig Bakken : >>>>>>>> >>>>>>>> Could it be that Varnish is not caching those POST requests, and >>>>>>>> that they are what makes Apache consume a lot of CPU? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On MPMs: with PHP prefork is the safest choice, and it will work >>>>>>>> just fine as long as you have a reasonable config, especially since you >>>>>>>> have Varnish in front offloading the job of shuffling bytes back to the >>>>>>>> users. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> If I were you I'd try to get more data on which requests take a >>>>>>>> long time, some variant of "varnishncsa -F %D".. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> If you're into using Prometheus for metrics, you can try out this >>>>>>>> exporter which will give you a lot of insight into which requests take a >>>>>>>> long time to process: >>>>>>>> https://github.com/stigsb/varnish_request_exporter (Prometheus is >>>>>>>> awesome!) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> - Stig >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Jul 28, 2016 at 6:57 PM, Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *CPU Monitor: * >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> http://i.imgur.com/5KT1xRu.jpg >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *Apache status:* >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> *Srv* >>>>>>>> >>>>>>>> *PID* >>>>>>>> >>>>>>>> *Acc* >>>>>>>> >>>>>>>> *M* >>>>>>>> >>>>>>>> *CPU* >>>>>>>> >>>>>>>> *SS* >>>>>>>> >>>>>>>> *Req* >>>>>>>> >>>>>>>> *Conn* >>>>>>>> >>>>>>>> *Child* >>>>>>>> >>>>>>>> *Slot* >>>>>>>> >>>>>>>> *Client* >>>>>>>> >>>>>>>> *Protocol* >>>>>>>> >>>>>>>> *VHost* >>>>>>>> >>>>>>>> *Request* >>>>>>>> >>>>>>>> *0-0* >>>>>>>> >>>>>>>> - >>>>>>>> >>>>>>>> 0/0/9766 >>>>>>>> >>>>>>>> . >>>>>>>> >>>>>>>> 134.59 >>>>>>>> >>>>>>>> 37 >>>>>>>> >>>>>>>> 0 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.00 >>>>>>>> >>>>>>>> 64.40 >>>>>>>> >>>>>>>> ::1 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> ns1.***com:8080 >>>>>>>> >>>>>>>> OPTIONS * HTTP/1.0 >>>>>>>> >>>>>>>> *1-0* >>>>>>>> >>>>>>>> 14612 >>>>>>>> >>>>>>>> 0/16/9058 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 17.83 >>>>>>>> >>>>>>>> 13 >>>>>>>> >>>>>>>> 1498 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.02 >>>>>>>> >>>>>>>> 53.29 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *2-0* >>>>>>>> >>>>>>>> 10863 >>>>>>>> >>>>>>>> 0/179/9795 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 185.14 >>>>>>>> >>>>>>>> 6 >>>>>>>> >>>>>>>> 1424 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.58 >>>>>>>> >>>>>>>> 60.32 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *3-0* >>>>>>>> >>>>>>>> 13127 >>>>>>>> >>>>>>>> 0/127/9435 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 119.80 >>>>>>>> >>>>>>>> 4 >>>>>>>> >>>>>>>> 1419 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.42 >>>>>>>> >>>>>>>> 56.51 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *4-0* >>>>>>>> >>>>>>>> - >>>>>>>> >>>>>>>> 0/0/9187 >>>>>>>> >>>>>>>> . >>>>>>>> >>>>>>>> 0.00 >>>>>>>> >>>>>>>> 50 >>>>>>>> >>>>>>>> 0 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.00 >>>>>>>> >>>>>>>> 56.60 >>>>>>>> >>>>>>>> ::1 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> ns1.***.com:8080 >>>>>>>> >>>>>>>> OPTIONS * HTTP/1.0 >>>>>>>> >>>>>>>> *5-0* >>>>>>>> >>>>>>>> 14851 >>>>>>>> >>>>>>>> 0/9/8761 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 8.95 >>>>>>>> >>>>>>>> 13 >>>>>>>> >>>>>>>> 1559 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.01 >>>>>>>> >>>>>>>> 57.90 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *6-0* >>>>>>>> >>>>>>>> 14852 >>>>>>>> >>>>>>>> 0/6/8130 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 6.67 >>>>>>>> >>>>>>>> 4 >>>>>>>> >>>>>>>> 1482 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.01 >>>>>>>> >>>>>>>> 51.88 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *7-0* >>>>>>>> >>>>>>>> 14192 >>>>>>>> >>>>>>>> 11/57/8355 >>>>>>>> >>>>>>>> *K* >>>>>>>> >>>>>>>> 72.73 >>>>>>>> >>>>>>>> 0 >>>>>>>> >>>>>>>> 1363 >>>>>>>> >>>>>>>> 106.6 >>>>>>>> >>>>>>>> 0.44 >>>>>>>> >>>>>>>> 52.79 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> *8-0* >>>>>>>> >>>>>>>> 13067 >>>>>>>> >>>>>>>> 0/125/7795 >>>>>>>> >>>>>>>> _ >>>>>>>> >>>>>>>> 121.19 >>>>>>>> >>>>>>>> 13 >>>>>>>> >>>>>>>> 1759 >>>>>>>> >>>>>>>> 0.0 >>>>>>>> >>>>>>>> 0.65 >>>>>>>> >>>>>>>> 68.27 >>>>>>>> >>>>>>>> 176.***.10 >>>>>>>> >>>>>>>> http/1.1 >>>>>>>> >>>>>>>> www.***.com:8080 >>>>>>>> >>>>>>>> POST /wp-admin/admin-ajax.php HTTP/1.1 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Apache error logs don't show anything about CPU. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> 2016-07-28 19:31 GMT+03:00 Guillaume Quintard < >>>>>>>> guillaume at varnish-software.com>: >>>>>>>> >>>>>>>> You seem to have a good hit ratio, are you seeing anything on the >>>>>>>> apache logs that would explain the cpu usage? >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Guillaume Quintard >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> varnish-misc mailing list >>>>>>>> varnish-misc at varnish-cache.org >>>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> Stig Bakken >>>>>>>> CTO, Zedge.net - free your phone! >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> varnish-misc mailing list >>>>>>>> varnish-misc at varnish-cache.org >>>>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Wed Aug 3 20:34:40 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Wed, 3 Aug 2016 23:34:40 +0300 Subject: XenForo default.vcl settings Message-ID: Hi, Could you please share the appropriate Default.vcl settings for XenForo Forums? No one can register to the forum at the moment. My current Default.vcl settings are as follows. Forum address: domain.com/forum */* SET THE HOST AND PORT OF WORDPRESS* * * *********************************************************/* *vcl 4.0;* *import std;* *backend default {* * .host = "*******";* * .port = "8080";* * .connect_timeout = 600s;* * .first_byte_timeout = 600s;* * .between_bytes_timeout = 600s;* * .max_connections = 800;* *}* *# SET THE ALLOWED IP OF PURGE REQUESTS* *# ##########################################################* *acl purge {* * "localhost";* * "127.0.0.1";* *}* *#THE RECV FUNCTION* *# ##########################################################* *sub vcl_recv {* *# set realIP by trimming CloudFlare IP which will be used for various checks* *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); * * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* * # Purge request check sections for hash_always_miss, purge and ban* * # BLOCK IF NOT IP is not in purge acl* * # ##########################################################* * # Enable smart refreshing using hash_always_miss* *if (req.http.Cache-Control ~ "no-cache") {* * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * set req.hash_always_miss = true;* * }* *}* *if (req.method == "PURGE") {* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(405,"Not allowed."));* * }* * return (purge);* * }* *if (req.method == "BAN") {* * # Same ACL check as above:* * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) {* * return(synth(403, "Not allowed."));* * }* * ban("req.http.host == " + req.http.host +* * " && req.url == " + req.url);* * # Throw a synthetic page so the* * # request won't go to the backend.* * return(synth(200, "Ban added"));* *}* *# Unset cloudflare cookies* *# Remove has_js and CloudFlare/Google Analytics __* cookies.* * set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* * # Remove a ";" prefix, if present.* * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* * # For Testing: If you want to test with Varnish passing (not caching) uncomment* * # return( pass );* * # FORWARD THE IP OF THE REQUEST* * if (req.restarts == 0) {* * if (req.http.x-forwarded-for) {* * set req.http.X-Forwarded-For =* * req.http.X-Forwarded-For + ", " + client.ip;* * } else {* * set req.http.X-Forwarded-For = client.ip;* * }* * }* *# DO NOT CACHE RSS FEED* * if (req.url ~ "/feed(/)?") {* * return ( pass ); * *}* *## Do not cache search results, comment these 3 lines if you do want to cache them* *if (req.url ~ "/\?s\=") {* * return ( pass ); * *}* *# CLEAN UP THE ENCODING HEADER.* * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* * # ##########################################################* * if (req.http.Accept-Encoding) {* * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* * # No point in compressing these* * unset req.http.Accept-Encoding;* * } elsif (req.http.Accept-Encoding ~ "gzip") {* * set req.http.Accept-Encoding = "gzip";* * } elsif (req.http.Accept-Encoding ~ "deflate") {* * set req.http.Accept-Encoding = "deflate";* * } else {* * # unknown algorithm* * unset req.http.Accept-Encoding;* * }* * }* * # PIPE ALL NON-STANDARD REQUESTS* * # ##########################################################* * if (req.method != "GET" &&* * req.method != "HEAD" &&* * req.method != "PUT" && * * req.method != "POST" &&* * req.method != "TRACE" &&* * req.method != "OPTIONS" &&* * req.method != "DELETE") {* * return (pipe);* * }* * # ONLY CACHE GET AND HEAD REQUESTS* * # ##########################################################* * if (req.method != "GET" && req.method != "HEAD") {* * return (pass);* * }* * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER* * # COMMENT OR UNCOMMENT BOTH* * # ##########################################################* * if ( req.http.cookie ~ "wordpress_logged_in" ) {* * return( pass );* * }* * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* * # THEN UNSET THE COOKIES* * # ##########################################################* * if (!(req.url ~ "wp-(login|admin)") * * && !(req.url ~ "&preview=true" ) * * ){* * unset req.http.cookie;* * }* * # IF BASIC AUTH IS ON THEN DO NOT CACHE* * # ##########################################################* * if (req.http.Authorization || req.http.Cookie) {* * return (pass);* * }* * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* * # ##########################################################* * return (hash);* * # This is for phpmyadmin* *if (req.http.Host == "ki1.org ") {* *return (pass);* *}* *if (req.http.Host == "mysql.ki1.org ") {* *return (pass);* *}* *}* *# HIT FUNCTION* *# ##########################################################* *sub vcl_hit {* * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* * # ##########################################################* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (deliver);* *}* *# MISS FUNCTION* *# ##########################################################* *sub vcl_miss {* * if (req.method == "PURGE") {* * #* * # This is now handled in vcl_recv.* * #* * # purge;* * return (synth(200, "Purged."));* * }* * return (fetch);* *}* *# FETCH FUNCTION* *# ##########################################################* *sub vcl_backend_response {* * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* * # TO DO THIS* * # ##########################################################* * set beresp.http.Vary = "Accept-Encoding";* * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * * # TIME THIS PAGE WILL STAY CACHED (TTL)* * # ##########################################################* * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {* * unset beresp.http.set-cookie;* * set beresp.ttl = 52w;* *# set beresp.grace =1w;* * }* * if (beresp.ttl <= 0s ||* * beresp.http.Set-Cookie ||* * beresp.http.Vary == "*") {* * set beresp.ttl = 120 s;* * # set beresp.ttl = 120s;* * set beresp.uncacheable = true;* * return (deliver);* * }* * return (deliver);* *}* *# DELIVER FUNCTION* *# ##########################################################* *sub vcl_deliver {* * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * * # IN THE HEADER (GREAT FOR DEBUGGING)* * # ##########################################################* * if (obj.hits > 0) {* * set resp.http.X-Cache = "HIT";* * # IF THIS IS A MISS RETURN THAT IN THE HEADER* * # ##########################################################* * } else {* * set resp.http.X-Cache = "MISS";* * }* *}* Thanks, -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 09:14:36 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 12:14:36 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: I need to add the followings to default.vcl for Xenforo. However, solutions in the Xenforo forums for this didn't work. Can you please help? xf_session_admin xf_user xf_session Or how can i block Varnish in a way that it doesn't work in *domain.com/forum * 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : > Hi, > > Could you please share the appropriate Default.vcl settings for XenForo > Forums? No one can register to the forum at the moment. My current > Default.vcl settings are as follows. > > Forum address: domain.com/forum > > */* SET THE HOST AND PORT OF WORDPRESS* > * * *********************************************************/* > *vcl 4.0;* > *import std;* > > *backend default {* > * .host = "*******";* > * .port = "8080";* > * .connect_timeout = 600s;* > * .first_byte_timeout = 600s;* > * .between_bytes_timeout = 600s;* > * .max_connections = 800;* > *}* > > *# SET THE ALLOWED IP OF PURGE REQUESTS* > *# ##########################################################* > *acl purge {* > * "localhost";* > * "127.0.0.1";* > *}* > > *#THE RECV FUNCTION* > *# ##########################################################* > *sub vcl_recv {* > > *# set realIP by trimming CloudFlare IP which will be used for various > checks* > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); * > > * # FORWARD THE IP OF THE REQUEST* > * if (req.restarts == 0) {* > * if (req.http.x-forwarded-for) {* > * set req.http.X-Forwarded-For =* > * req.http.X-Forwarded-For + ", " + client.ip;* > * } else {* > * set req.http.X-Forwarded-For = client.ip;* > * }* > * }* > > * # Purge request check sections for hash_always_miss, purge and ban* > * # BLOCK IF NOT IP is not in purge acl* > * # ##########################################################* > > * # Enable smart refreshing using hash_always_miss* > *if (req.http.Cache-Control ~ "no-cache") {* > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > * set req.hash_always_miss = true;* > * }* > *}* > > *if (req.method == "PURGE") {* > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > * return(synth(405,"Not allowed."));* > * }* > * return (purge);* > > * }* > *if (req.method == "BAN") {* > * # Same ACL check as above:* > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ purge) {* > * return(synth(403, "Not allowed."));* > * }* > * ban("req.http.host == " + req.http.host +* > * " && req.url == " + req.url);* > > * # Throw a synthetic page so the* > * # request won't go to the backend.* > * return(synth(200, "Ban added"));* > *}* > > > *# Unset cloudflare cookies* > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > * set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > * # Remove a ";" prefix, if present.* > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > > * # For Testing: If you want to test with Varnish passing (not caching) > uncomment* > * # return( pass );* > > * # FORWARD THE IP OF THE REQUEST* > * if (req.restarts == 0) {* > * if (req.http.x-forwarded-for) {* > * set req.http.X-Forwarded-For =* > * req.http.X-Forwarded-For + ", " + client.ip;* > * } else {* > * set req.http.X-Forwarded-For = client.ip;* > * }* > * }* > > *# DO NOT CACHE RSS FEED* > * if (req.url ~ "/feed(/)?") {* > * return ( pass ); * > *}* > > *## Do not cache search results, comment these 3 lines if you do want to > cache them* > > *if (req.url ~ "/\?s\=") {* > * return ( pass ); * > *}* > > *# CLEAN UP THE ENCODING HEADER.* > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > * # ##########################################################* > * if (req.http.Accept-Encoding) {* > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > * # No point in compressing these* > * unset req.http.Accept-Encoding;* > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > * set req.http.Accept-Encoding = "gzip";* > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > * set req.http.Accept-Encoding = "deflate";* > * } else {* > * # unknown algorithm* > * unset req.http.Accept-Encoding;* > * }* > * }* > > * # PIPE ALL NON-STANDARD REQUESTS* > * # ##########################################################* > * if (req.method != "GET" &&* > * req.method != "HEAD" &&* > * req.method != "PUT" && * > * req.method != "POST" &&* > * req.method != "TRACE" &&* > * req.method != "OPTIONS" &&* > * req.method != "DELETE") {* > * return (pipe);* > * }* > > * # ONLY CACHE GET AND HEAD REQUESTS* > * # ##########################################################* > * if (req.method != "GET" && req.method != "HEAD") {* > * return (pass);* > * }* > > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER* > * # COMMENT OR UNCOMMENT BOTH* > * # ##########################################################* > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > * return( pass );* > * }* > > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > * # THEN UNSET THE COOKIES* > * # ##########################################################* > * if (!(req.url ~ "wp-(login|admin)") * > * && !(req.url ~ "&preview=true" ) * > * ){* > * unset req.http.cookie;* > * }* > > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > * # ##########################################################* > * if (req.http.Authorization || req.http.Cookie) {* > * return (pass);* > * }* > > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > * # ##########################################################* > * return (hash);* > * # This is for phpmyadmin* > *if (req.http.Host == "ki1.org ") {* > *return (pass);* > *}* > > *if (req.http.Host == "mysql.ki1.org ") {* > *return (pass);* > *}* > > *}* > > *# HIT FUNCTION* > *# ##########################################################* > *sub vcl_hit {* > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > * # ##########################################################* > * if (req.method == "PURGE") {* > * #* > * # This is now handled in vcl_recv.* > * #* > * # purge;* > * return (synth(200, "Purged."));* > * }* > * return (deliver);* > *}* > > *# MISS FUNCTION* > *# ##########################################################* > *sub vcl_miss {* > * if (req.method == "PURGE") {* > * #* > * # This is now handled in vcl_recv.* > * #* > * # purge;* > * return (synth(200, "Purged."));* > * }* > * return (fetch);* > *}* > > *# FETCH FUNCTION* > *# ##########################################################* > *sub vcl_backend_response {* > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > * # TO DO THIS* > * # ##########################################################* > * set beresp.http.Vary = "Accept-Encoding";* > > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > * # ##########################################################* > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) {* > * unset beresp.http.set-cookie;* > * set beresp.ttl = 52w;* > *# set beresp.grace =1w;* > * }* > > * if (beresp.ttl <= 0s ||* > * beresp.http.Set-Cookie ||* > * beresp.http.Vary == "*") {* > * set beresp.ttl = 120 s;* > * # set beresp.ttl = 120s;* > * set beresp.uncacheable = true;* > * return (deliver);* > * }* > > * return (deliver);* > *}* > > *# DELIVER FUNCTION* > *# ##########################################################* > *sub vcl_deliver {* > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > * # IN THE HEADER (GREAT FOR DEBUGGING)* > * # ##########################################################* > * if (obj.hits > 0) {* > * set resp.http.X-Cache = "HIT";* > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > * # ##########################################################* > * } else {* > * set resp.http.X-Cache = "MISS";* > * }* > *}* > > > Thanks, > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Thu Aug 4 12:26:49 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Thu, 4 Aug 2016 07:26:49 -0500 Subject: XenForo default.vcl settings Message-ID: If you want Varnish to ignore request for a path you need to tell it to pass. In your example you have a rule for the RSS feed. You can do the same for /forum/ in your vcl_recv block. *# DO NOT CACHE RSS FEED* * if (req.url ~ "/feed(/)?") {* * return ( pass ); * *}* *# DO NOT CACHE FORUM* if (req.url ~ "/forum(/)?") { return ( pass ); } Cheers, Richard > > Message: 1 > Date: Wed, 3 Aug 2016 23:34:40 +0300 > From: Ayberk Kimsesiz > To: varnish-misc > Subject: XenForo default.vcl settings > Message-ID: > Q at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > Hi, > > Could you please share the appropriate Default.vcl settings for XenForo > Forums? No one can register to the forum at the moment. My current > Default.vcl settings are as follows. > > Forum address: domain.com/forum > > */* SET THE HOST AND PORT OF WORDPRESS* > * * *********************************************************/* > *vcl 4.0;* > *import std;* > > *backend default {* > * .host = "*******";* > * .port = "8080";* > * .connect_timeout = 600s;* > * .first_byte_timeout = 600s;* > * .between_bytes_timeout = 600s;* > * .max_connections = 800;* > *}* > > *# SET THE ALLOWED IP OF PURGE REQUESTS* > *# ##########################################################* > *acl purge {* > * "localhost";* > * "127.0.0.1";* > *}* > > *#THE RECV FUNCTION* > *# ##########################################################* > *sub vcl_recv {* > > *# set realIP by trimming CloudFlare IP which will be used for various > checks* > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); * > > * # FORWARD THE IP OF THE REQUEST* > * if (req.restarts == 0) {* > * if (req.http.x-forwarded-for) {* > * set req.http.X-Forwarded-For =* > * req.http.X-Forwarded-For + ", " + client.ip;* > * } else {* > * set req.http.X-Forwarded-For = client.ip;* > * }* > * }* > > * # Purge request check sections for hash_always_miss, purge and ban* > * # BLOCK IF NOT IP is not in purge acl* > * # ##########################################################* > > * # Enable smart refreshing using hash_always_miss* > *if (req.http.Cache-Control ~ "no-cache") {* > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > * set req.hash_always_miss = true;* > * }* > *}* > > *if (req.method == "PURGE") {* > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) {* > * return(synth(405,"Not allowed."));* > * }* > * return (purge);* > > * }* > *if (req.method == "BAN") {* > * # Same ACL check as above:* > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ purge) {* > * return(synth(403, "Not allowed."));* > * }* > * ban("req.http.host == " + req.http.host +* > * " && req.url == " + req.url);* > > * # Throw a synthetic page so the* > * # request won't go to the backend.* > * return(synth(200, "Ban added"));* > *}* > > > *# Unset cloudflare cookies* > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > * set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > * # Remove a ";" prefix, if present.* > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > > * # For Testing: If you want to test with Varnish passing (not caching) > uncomment* > * # return( pass );* > > * # FORWARD THE IP OF THE REQUEST* > * if (req.restarts == 0) {* > * if (req.http.x-forwarded-for) {* > * set req.http.X-Forwarded-For =* > * req.http.X-Forwarded-For + ", " + client.ip;* > * } else {* > * set req.http.X-Forwarded-For = client.ip;* > * }* > * }* > > *# DO NOT CACHE RSS FEED* > * if (req.url ~ "/feed(/)?") {* > * return ( pass ); * > *}* > > *## Do not cache search results, comment these 3 lines if you do want to > cache them* > > *if (req.url ~ "/\?s\=") {* > * return ( pass ); * > *}* > > *# CLEAN UP THE ENCODING HEADER.* > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > * # ##########################################################* > * if (req.http.Accept-Encoding) {* > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > * # No point in compressing these* > * unset req.http.Accept-Encoding;* > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > * set req.http.Accept-Encoding = "gzip";* > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > * set req.http.Accept-Encoding = "deflate";* > * } else {* > * # unknown algorithm* > * unset req.http.Accept-Encoding;* > * }* > * }* > > * # PIPE ALL NON-STANDARD REQUESTS* > * # ##########################################################* > * if (req.method != "GET" &&* > * req.method != "HEAD" &&* > * req.method != "PUT" && * > * req.method != "POST" &&* > * req.method != "TRACE" &&* > * req.method != "OPTIONS" &&* > * req.method != "DELETE") {* > * return (pipe);* > * }* > > * # ONLY CACHE GET AND HEAD REQUESTS* > * # ##########################################################* > * if (req.method != "GET" && req.method != "HEAD") {* > * return (pass);* > * }* > > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER* > * # COMMENT OR UNCOMMENT BOTH* > * # ##########################################################* > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > * return( pass );* > * }* > > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > * # THEN UNSET THE COOKIES* > * # ##########################################################* > * if (!(req.url ~ "wp-(login|admin)") * > * && !(req.url ~ "&preview=true" ) * > * ){* > * unset req.http.cookie;* > * }* > > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > * # ##########################################################* > * if (req.http.Authorization || req.http.Cookie) {* > * return (pass);* > * }* > > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > * # ##########################################################* > * return (hash);* > * # This is for phpmyadmin* > *if (req.http.Host == "ki1.org ") {* > *return (pass);* > *}* > > *if (req.http.Host == "mysql.ki1.org ") {* > *return (pass);* > *}* > > *}* > > *# HIT FUNCTION* > *# ##########################################################* > *sub vcl_hit {* > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > * # ##########################################################* > * if (req.method == "PURGE") {* > * #* > * # This is now handled in vcl_recv.* > * #* > * # purge;* > * return (synth(200, "Purged."));* > * }* > * return (deliver);* > *}* > > *# MISS FUNCTION* > *# ##########################################################* > *sub vcl_miss {* > * if (req.method == "PURGE") {* > * #* > * # This is now handled in vcl_recv.* > * #* > * # purge;* > * return (synth(200, "Purged."));* > * }* > * return (fetch);* > *}* > > *# FETCH FUNCTION* > *# ##########################################################* > *sub vcl_backend_response {* > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > * # TO DO THIS* > * # ##########################################################* > * set beresp.http.Vary = "Accept-Encoding";* > > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > * # ##########################################################* > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) {* > * unset beresp.http.set-cookie;* > * set beresp.ttl = 52w;* > *# set beresp.grace =1w;* > * }* > > * if (beresp.ttl <= 0s ||* > * beresp.http.Set-Cookie ||* > * beresp.http.Vary == "*") {* > * set beresp.ttl = 120 s;* > * # set beresp.ttl = 120s;* > * set beresp.uncacheable = true;* > * return (deliver);* > * }* > > * return (deliver);* > *}* > > *# DELIVER FUNCTION* > *# ##########################################################* > *sub vcl_deliver {* > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > * # IN THE HEADER (GREAT FOR DEBUGGING)* > * # ##########################################################* > * if (obj.hits > 0) {* > * set resp.http.X-Cache = "HIT";* > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > * # ##########################################################* > * } else {* > * set resp.http.X-Cache = "MISS";* > * }* > *}* > > > Thanks, > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: misc/attachments/20160803/d572e4b2/attachment-0001.html> > > ------------------------------ > > Message: 2 > Date: Thu, 4 Aug 2016 12:14:36 +0300 > From: Ayberk Kimsesiz > To: varnish-misc > Subject: Re: XenForo default.vcl settings > Message-ID: > O3i1ofA at mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I need to add the followings to default.vcl for Xenforo. However, solutions > in the Xenforo forums for this didn't work. Can you please help? > > xf_session_admin > xf_user > xf_session > > Or how can i block Varnish in a way that it doesn't work in * > domain.com/forum > * > > > > 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : > > > Hi, > > > > Could you please share the appropriate Default.vcl settings for XenForo > > Forums? No one can register to the forum at the moment. My current > > Default.vcl settings are as follows. > > > > Forum address: domain.com/forum > > > > */* SET THE HOST AND PORT OF WORDPRESS* > > * * *********************************************************/* > > *vcl 4.0;* > > *import std;* > > > > *backend default {* > > * .host = "*******";* > > * .port = "8080";* > > * .connect_timeout = 600s;* > > * .first_byte_timeout = 600s;* > > * .between_bytes_timeout = 600s;* > > * .max_connections = 800;* > > *}* > > > > *# SET THE ALLOWED IP OF PURGE REQUESTS* > > *# ##########################################################* > > *acl purge {* > > * "localhost";* > > * "127.0.0.1";* > > *}* > > > > *#THE RECV FUNCTION* > > *# ##########################################################* > > *sub vcl_recv {* > > > > *# set realIP by trimming CloudFlare IP which will be used for various > > checks* > > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > > ""); * > > > > * # FORWARD THE IP OF THE REQUEST* > > * if (req.restarts == 0) {* > > * if (req.http.x-forwarded-for) {* > > * set req.http.X-Forwarded-For =* > > * req.http.X-Forwarded-For + ", " + client.ip;* > > * } else {* > > * set req.http.X-Forwarded-For = client.ip;* > > * }* > > * }* > > > > * # Purge request check sections for hash_always_miss, purge and ban* > > * # BLOCK IF NOT IP is not in purge acl* > > * # ##########################################################* > > > > * # Enable smart refreshing using hash_always_miss* > > *if (req.http.Cache-Control ~ "no-cache") {* > > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > > purge) {* > > * set req.hash_always_miss = true;* > > * }* > > *}* > > > > *if (req.method == "PURGE") {* > > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > > purge) {* > > * return(synth(405,"Not allowed."));* > > * }* > > * return (purge);* > > > > * }* > > *if (req.method == "BAN") {* > > * # Same ACL check as above:* > > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > > "1.2.3.4") ~ purge) {* > > * return(synth(403, "Not allowed."));* > > * }* > > * ban("req.http.host == " + req.http.host +* > > * " && req.url == " + req.url);* > > > > * # Throw a synthetic page so the* > > * # request won't go to the backend.* > > * return(synth(200, "Ban added"));* > > *}* > > > > > > *# Unset cloudflare cookies* > > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > > * set req.http.Cookie = regsuball(req.http.Cookie, > > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > > * # Remove a ";" prefix, if present.* > > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > > > > * # For Testing: If you want to test with Varnish passing (not caching) > > uncomment* > > * # return( pass );* > > > > * # FORWARD THE IP OF THE REQUEST* > > * if (req.restarts == 0) {* > > * if (req.http.x-forwarded-for) {* > > * set req.http.X-Forwarded-For =* > > * req.http.X-Forwarded-For + ", " + client.ip;* > > * } else {* > > * set req.http.X-Forwarded-For = client.ip;* > > * }* > > * }* > > > > *# DO NOT CACHE RSS FEED* > > * if (req.url ~ "/feed(/)?") {* > > * return ( pass ); * > > *}* > > > > *## Do not cache search results, comment these 3 lines if you do want to > > cache them* > > > > *if (req.url ~ "/\?s\=") {* > > * return ( pass ); * > > *}* > > > > *# CLEAN UP THE ENCODING HEADER.* > > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY > ACCEPT-ENCODING* > > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > > * # ##########################################################* > > * if (req.http.Accept-Encoding) {* > > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > > * # No point in compressing these* > > * unset req.http.Accept-Encoding;* > > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > > * set req.http.Accept-Encoding = "gzip";* > > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > > * set req.http.Accept-Encoding = "deflate";* > > * } else {* > > * # unknown algorithm* > > * unset req.http.Accept-Encoding;* > > * }* > > * }* > > > > * # PIPE ALL NON-STANDARD REQUESTS* > > * # ##########################################################* > > * if (req.method != "GET" &&* > > * req.method != "HEAD" &&* > > * req.method != "PUT" && * > > * req.method != "POST" &&* > > * req.method != "TRACE" &&* > > * req.method != "OPTIONS" &&* > > * req.method != "DELETE") {* > > * return (pipe);* > > * }* > > > > * # ONLY CACHE GET AND HEAD REQUESTS* > > * # ##########################################################* > > * if (req.method != "GET" && req.method != "HEAD") {* > > * return (pass);* > > * }* > > > > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > > EITHER* > > * # COMMENT OR UNCOMMENT BOTH* > > * # ##########################################################* > > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > > * return( pass );* > > * }* > > > > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > > * # THEN UNSET THE COOKIES* > > * # ##########################################################* > > * if (!(req.url ~ "wp-(login|admin)") * > > * && !(req.url ~ "&preview=true" ) * > > * ){* > > * unset req.http.cookie;* > > * }* > > > > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > > * # ##########################################################* > > * if (req.http.Authorization || req.http.Cookie) {* > > * return (pass);* > > * }* > > > > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > > * # ##########################################################* > > * return (hash);* > > * # This is for phpmyadmin* > > *if (req.http.Host == "ki1.org ") {* > > *return (pass);* > > *}* > > > > *if (req.http.Host == "mysql.ki1.org ") {* > > *return (pass);* > > *}* > > > > *}* > > > > *# HIT FUNCTION* > > *# ##########################################################* > > *sub vcl_hit {* > > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > > * # ##########################################################* > > * if (req.method == "PURGE") {* > > * #* > > * # This is now handled in vcl_recv.* > > * #* > > * # purge;* > > * return (synth(200, "Purged."));* > > * }* > > * return (deliver);* > > *}* > > > > *# MISS FUNCTION* > > *# ##########################################################* > > *sub vcl_miss {* > > * if (req.method == "PURGE") {* > > * #* > > * # This is now handled in vcl_recv.* > > * #* > > * # purge;* > > * return (synth(200, "Purged."));* > > * }* > > * return (fetch);* > > *}* > > > > *# FETCH FUNCTION* > > *# ##########################################################* > > *sub vcl_backend_response {* > > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > > * # TO DO THIS* > > * # ##########################################################* > > * set beresp.http.Vary = "Accept-Encoding";* > > > > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > > * # ##########################################################* > > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > > "wordpress_logged_in" ) {* > > * unset beresp.http.set-cookie;* > > * set beresp.ttl = 52w;* > > *# set beresp.grace =1w;* > > * }* > > > > * if (beresp.ttl <= 0s ||* > > * beresp.http.Set-Cookie ||* > > * beresp.http.Vary == "*") {* > > * set beresp.ttl = 120 s;* > > * # set beresp.ttl = 120s;* > > * set beresp.uncacheable = true;* > > * return (deliver);* > > * }* > > > > * return (deliver);* > > *}* > > > > *# DELIVER FUNCTION* > > *# ##########################################################* > > *sub vcl_deliver {* > > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > > * # IN THE HEADER (GREAT FOR DEBUGGING)* > > * # ##########################################################* > > * if (obj.hits > 0) {* > > * set resp.http.X-Cache = "HIT";* > > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > > * # ##########################################################* > > * } else {* > > * set resp.http.X-Cache = "MISS";* > > * }* > > *}* > > > > > > Thanks, > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: misc/attachments/20160804/4e3f064a/attachment.html> > > ------------------------------ > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > End of varnish-misc Digest, Vol 125, Issue 14 > ********************************************* > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 13:09:43 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 16:09:43 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Users can't login or register to domain.com/forum with the current settings. So we need to make a change related to *xf_user *and *xf_session* but how? 2016-08-04 15:26 GMT+03:00 Lane, Richard : > If you want Varnish to ignore request for a path you need to tell it to > pass. In your example you have a rule for the RSS feed. You can do the same > for /forum/ in your vcl_recv block. > > *# DO NOT CACHE RSS FEED* > * if (req.url ~ "/feed(/)?") {* > * return ( pass ); * > *}* > > *# DO NOT CACHE FORUM* > if (req.url ~ "/forum(/)?") { > return ( pass ); > } > > Cheers, > Richard > > >> >> Message: 1 >> Date: Wed, 3 Aug 2016 23:34:40 +0300 >> From: Ayberk Kimsesiz >> To: varnish-misc >> Subject: XenForo default.vcl settings >> Message-ID: >> > gmail.com> >> Content-Type: text/plain; charset="utf-8" >> >> Hi, >> >> Could you please share the appropriate Default.vcl settings for XenForo >> Forums? No one can register to the forum at the moment. My current >> Default.vcl settings are as follows. >> >> Forum address: domain.com/forum >> >> */* SET THE HOST AND PORT OF WORDPRESS* >> * * *********************************************************/* >> *vcl 4.0;* >> *import std;* >> >> *backend default {* >> * .host = "*******";* >> * .port = "8080";* >> * .connect_timeout = 600s;* >> * .first_byte_timeout = 600s;* >> * .between_bytes_timeout = 600s;* >> * .max_connections = 800;* >> *}* >> >> *# SET THE ALLOWED IP OF PURGE REQUESTS* >> *# ##########################################################* >> *acl purge {* >> * "localhost";* >> * "127.0.0.1";* >> *}* >> >> *#THE RECV FUNCTION* >> *# ##########################################################* >> *sub vcl_recv {* >> >> *# set realIP by trimming CloudFlare IP which will be used for various >> checks* >> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> ""); * >> >> * # FORWARD THE IP OF THE REQUEST* >> * if (req.restarts == 0) {* >> * if (req.http.x-forwarded-for) {* >> * set req.http.X-Forwarded-For =* >> * req.http.X-Forwarded-For + ", " + client.ip;* >> * } else {* >> * set req.http.X-Forwarded-For = client.ip;* >> * }* >> * }* >> >> * # Purge request check sections for hash_always_miss, purge and ban* >> * # BLOCK IF NOT IP is not in purge acl* >> * # ##########################################################* >> >> * # Enable smart refreshing using hash_always_miss* >> *if (req.http.Cache-Control ~ "no-cache") {* >> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> * set req.hash_always_miss = true;* >> * }* >> *}* >> >> *if (req.method == "PURGE") {* >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) {* >> * return(synth(405,"Not allowed."));* >> * }* >> * return (purge);* >> >> * }* >> *if (req.method == "BAN") {* >> * # Same ACL check as above:* >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") >> ~ purge) {* >> * return(synth(403, "Not allowed."));* >> * }* >> * ban("req.http.host == " + req.http.host +* >> * " && req.url == " + req.url);* >> >> * # Throw a synthetic page so the* >> * # request won't go to the backend.* >> * return(synth(200, "Ban added"));* >> *}* >> >> >> *# Unset cloudflare cookies* >> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> * set req.http.Cookie = regsuball(req.http.Cookie, >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> * # Remove a ";" prefix, if present.* >> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> >> * # For Testing: If you want to test with Varnish passing (not caching) >> uncomment* >> * # return( pass );* >> >> * # FORWARD THE IP OF THE REQUEST* >> * if (req.restarts == 0) {* >> * if (req.http.x-forwarded-for) {* >> * set req.http.X-Forwarded-For =* >> * req.http.X-Forwarded-For + ", " + client.ip;* >> * } else {* >> * set req.http.X-Forwarded-For = client.ip;* >> * }* >> * }* >> >> *# DO NOT CACHE RSS FEED* >> * if (req.url ~ "/feed(/)?") {* >> * return ( pass ); * >> *}* >> >> *## Do not cache search results, comment these 3 lines if you do want to >> cache them* >> >> *if (req.url ~ "/\?s\=") {* >> * return ( pass ); * >> *}* >> >> *# CLEAN UP THE ENCODING HEADER.* >> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* >> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> * # ##########################################################* >> * if (req.http.Accept-Encoding) {* >> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> * # No point in compressing these* >> * unset req.http.Accept-Encoding;* >> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> * set req.http.Accept-Encoding = "gzip";* >> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> * set req.http.Accept-Encoding = "deflate";* >> * } else {* >> * # unknown algorithm* >> * unset req.http.Accept-Encoding;* >> * }* >> * }* >> >> * # PIPE ALL NON-STANDARD REQUESTS* >> * # ##########################################################* >> * if (req.method != "GET" &&* >> * req.method != "HEAD" &&* >> * req.method != "PUT" && * >> * req.method != "POST" &&* >> * req.method != "TRACE" &&* >> * req.method != "OPTIONS" &&* >> * req.method != "DELETE") {* >> * return (pipe);* >> * }* >> >> * # ONLY CACHE GET AND HEAD REQUESTS* >> * # ##########################################################* >> * if (req.method != "GET" && req.method != "HEAD") {* >> * return (pass);* >> * }* >> >> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> EITHER* >> * # COMMENT OR UNCOMMENT BOTH* >> * # ##########################################################* >> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> * return( pass );* >> * }* >> >> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> * # THEN UNSET THE COOKIES* >> * # ##########################################################* >> * if (!(req.url ~ "wp-(login|admin)") * >> * && !(req.url ~ "&preview=true" ) * >> * ){* >> * unset req.http.cookie;* >> * }* >> >> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> * # ##########################################################* >> * if (req.http.Authorization || req.http.Cookie) {* >> * return (pass);* >> * }* >> >> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> * # ##########################################################* >> * return (hash);* >> * # This is for phpmyadmin* >> *if (req.http.Host == "ki1.org ") {* >> *return (pass);* >> *}* >> >> *if (req.http.Host == "mysql.ki1.org ") {* >> *return (pass);* >> *}* >> >> *}* >> >> *# HIT FUNCTION* >> *# ##########################################################* >> *sub vcl_hit {* >> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> * # ##########################################################* >> * if (req.method == "PURGE") {* >> * #* >> * # This is now handled in vcl_recv.* >> * #* >> * # purge;* >> * return (synth(200, "Purged."));* >> * }* >> * return (deliver);* >> *}* >> >> *# MISS FUNCTION* >> *# ##########################################################* >> *sub vcl_miss {* >> * if (req.method == "PURGE") {* >> * #* >> * # This is now handled in vcl_recv.* >> * #* >> * # purge;* >> * return (synth(200, "Purged."));* >> * }* >> * return (fetch);* >> *}* >> >> *# FETCH FUNCTION* >> *# ##########################################################* >> *sub vcl_backend_response {* >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> * # TO DO THIS* >> * # ##########################################################* >> * set beresp.http.Vary = "Accept-Encoding";* >> >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> * # ##########################################################* >> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> "wordpress_logged_in" ) {* >> * unset beresp.http.set-cookie;* >> * set beresp.ttl = 52w;* >> *# set beresp.grace =1w;* >> * }* >> >> * if (beresp.ttl <= 0s ||* >> * beresp.http.Set-Cookie ||* >> * beresp.http.Vary == "*") {* >> * set beresp.ttl = 120 s;* >> * # set beresp.ttl = 120s;* >> * set beresp.uncacheable = true;* >> * return (deliver);* >> * }* >> >> * return (deliver);* >> *}* >> >> *# DELIVER FUNCTION* >> *# ##########################################################* >> *sub vcl_deliver {* >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> * # ##########################################################* >> * if (obj.hits > 0) {* >> * set resp.http.X-Cache = "HIT";* >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> * # ##########################################################* >> * } else {* >> * set resp.http.X-Cache = "MISS";* >> * }* >> *}* >> >> >> Thanks, >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: > attachments/20160803/d572e4b2/attachment-0001.html> >> >> ------------------------------ >> >> Message: 2 >> Date: Thu, 4 Aug 2016 12:14:36 +0300 >> From: Ayberk Kimsesiz >> To: varnish-misc >> Subject: Re: XenForo default.vcl settings >> Message-ID: >> > gmail.com> >> Content-Type: text/plain; charset="utf-8" >> >> I need to add the followings to default.vcl for Xenforo. However, >> solutions >> in the Xenforo forums for this didn't work. Can you please help? >> >> xf_session_admin >> xf_user >> xf_session >> >> Or how can i block Varnish in a way that it doesn't work in * >> domain.com/forum >> * >> >> >> >> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : >> >> > Hi, >> > >> > Could you please share the appropriate Default.vcl settings for XenForo >> > Forums? No one can register to the forum at the moment. My current >> > Default.vcl settings are as follows. >> > >> > Forum address: domain.com/forum >> > >> > */* SET THE HOST AND PORT OF WORDPRESS* >> > * * *********************************************************/* >> > *vcl 4.0;* >> > *import std;* >> > >> > *backend default {* >> > * .host = "*******";* >> > * .port = "8080";* >> > * .connect_timeout = 600s;* >> > * .first_byte_timeout = 600s;* >> > * .between_bytes_timeout = 600s;* >> > * .max_connections = 800;* >> > *}* >> > >> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >> > *# ##########################################################* >> > *acl purge {* >> > * "localhost";* >> > * "127.0.0.1";* >> > *}* >> > >> > *#THE RECV FUNCTION* >> > *# ##########################################################* >> > *sub vcl_recv {* >> > >> > *# set realIP by trimming CloudFlare IP which will be used for various >> > checks* >> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> > ""); * >> > >> > * # FORWARD THE IP OF THE REQUEST* >> > * if (req.restarts == 0) {* >> > * if (req.http.x-forwarded-for) {* >> > * set req.http.X-Forwarded-For =* >> > * req.http.X-Forwarded-For + ", " + client.ip;* >> > * } else {* >> > * set req.http.X-Forwarded-For = client.ip;* >> > * }* >> > * }* >> > >> > * # Purge request check sections for hash_always_miss, purge and ban* >> > * # BLOCK IF NOT IP is not in purge acl* >> > * # ##########################################################* >> > >> > * # Enable smart refreshing using hash_always_miss* >> > *if (req.http.Cache-Control ~ "no-cache") {* >> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> > purge) {* >> > * set req.hash_always_miss = true;* >> > * }* >> > *}* >> > >> > *if (req.method == "PURGE") {* >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >> ~ >> > purge) {* >> > * return(synth(405,"Not allowed."));* >> > * }* >> > * return (purge);* >> > >> > * }* >> > *if (req.method == "BAN") {* >> > * # Same ACL check as above:* >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> > "1.2.3.4") ~ purge) {* >> > * return(synth(403, "Not allowed."));* >> > * }* >> > * ban("req.http.host == " + req.http.host +* >> > * " && req.url == " + req.url);* >> > >> > * # Throw a synthetic page so the* >> > * # request won't go to the backend.* >> > * return(synth(200, "Ban added"));* >> > *}* >> > >> > >> > *# Unset cloudflare cookies* >> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> > * set req.http.Cookie = regsuball(req.http.Cookie, >> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> > * # Remove a ";" prefix, if present.* >> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> > >> > * # For Testing: If you want to test with Varnish passing (not caching) >> > uncomment* >> > * # return( pass );* >> > >> > * # FORWARD THE IP OF THE REQUEST* >> > * if (req.restarts == 0) {* >> > * if (req.http.x-forwarded-for) {* >> > * set req.http.X-Forwarded-For =* >> > * req.http.X-Forwarded-For + ", " + client.ip;* >> > * } else {* >> > * set req.http.X-Forwarded-For = client.ip;* >> > * }* >> > * }* >> > >> > *# DO NOT CACHE RSS FEED* >> > * if (req.url ~ "/feed(/)?") {* >> > * return ( pass ); * >> > *}* >> > >> > *## Do not cache search results, comment these 3 lines if you do want to >> > cache them* >> > >> > *if (req.url ~ "/\?s\=") {* >> > * return ( pass ); * >> > *}* >> > >> > *# CLEAN UP THE ENCODING HEADER.* >> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >> ACCEPT-ENCODING* >> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> > * # ##########################################################* >> > * if (req.http.Accept-Encoding) {* >> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> > * # No point in compressing these* >> > * unset req.http.Accept-Encoding;* >> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> > * set req.http.Accept-Encoding = "gzip";* >> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> > * set req.http.Accept-Encoding = "deflate";* >> > * } else {* >> > * # unknown algorithm* >> > * unset req.http.Accept-Encoding;* >> > * }* >> > * }* >> > >> > * # PIPE ALL NON-STANDARD REQUESTS* >> > * # ##########################################################* >> > * if (req.method != "GET" &&* >> > * req.method != "HEAD" &&* >> > * req.method != "PUT" && * >> > * req.method != "POST" &&* >> > * req.method != "TRACE" &&* >> > * req.method != "OPTIONS" &&* >> > * req.method != "DELETE") {* >> > * return (pipe);* >> > * }* >> > >> > * # ONLY CACHE GET AND HEAD REQUESTS* >> > * # ##########################################################* >> > * if (req.method != "GET" && req.method != "HEAD") {* >> > * return (pass);* >> > * }* >> > >> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> > EITHER* >> > * # COMMENT OR UNCOMMENT BOTH* >> > * # ##########################################################* >> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> > * return( pass );* >> > * }* >> > >> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> > * # THEN UNSET THE COOKIES* >> > * # ##########################################################* >> > * if (!(req.url ~ "wp-(login|admin)") * >> > * && !(req.url ~ "&preview=true" ) * >> > * ){* >> > * unset req.http.cookie;* >> > * }* >> > >> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> > * # ##########################################################* >> > * if (req.http.Authorization || req.http.Cookie) {* >> > * return (pass);* >> > * }* >> > >> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> > * # ##########################################################* >> > * return (hash);* >> > * # This is for phpmyadmin* >> > *if (req.http.Host == "ki1.org ") {* >> > *return (pass);* >> > *}* >> > >> > *if (req.http.Host == "mysql.ki1.org ") {* >> > *return (pass);* >> > *}* >> > >> > *}* >> > >> > *# HIT FUNCTION* >> > *# ##########################################################* >> > *sub vcl_hit {* >> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> > * # ##########################################################* >> > * if (req.method == "PURGE") {* >> > * #* >> > * # This is now handled in vcl_recv.* >> > * #* >> > * # purge;* >> > * return (synth(200, "Purged."));* >> > * }* >> > * return (deliver);* >> > *}* >> > >> > *# MISS FUNCTION* >> > *# ##########################################################* >> > *sub vcl_miss {* >> > * if (req.method == "PURGE") {* >> > * #* >> > * # This is now handled in vcl_recv.* >> > * #* >> > * # purge;* >> > * return (synth(200, "Purged."));* >> > * }* >> > * return (fetch);* >> > *}* >> > >> > *# FETCH FUNCTION* >> > *# ##########################################################* >> > *sub vcl_backend_response {* >> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> > * # TO DO THIS* >> > * # ##########################################################* >> > * set beresp.http.Vary = "Accept-Encoding";* >> > >> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> > * # ##########################################################* >> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> > "wordpress_logged_in" ) {* >> > * unset beresp.http.set-cookie;* >> > * set beresp.ttl = 52w;* >> > *# set beresp.grace =1w;* >> > * }* >> > >> > * if (beresp.ttl <= 0s ||* >> > * beresp.http.Set-Cookie ||* >> > * beresp.http.Vary == "*") {* >> > * set beresp.ttl = 120 s;* >> > * # set beresp.ttl = 120s;* >> > * set beresp.uncacheable = true;* >> > * return (deliver);* >> > * }* >> > >> > * return (deliver);* >> > *}* >> > >> > *# DELIVER FUNCTION* >> > *# ##########################################################* >> > *sub vcl_deliver {* >> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >> > * # ##########################################################* >> > * if (obj.hits > 0) {* >> > * set resp.http.X-Cache = "HIT";* >> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> > * # ##########################################################* >> > * } else {* >> > * set resp.http.X-Cache = "MISS";* >> > * }* >> > *}* >> > >> > >> > Thanks, >> > >> -------------- next part -------------- >> An HTML attachment was scrubbed... >> URL: > attachments/20160804/4e3f064a/attachment.html> >> >> ------------------------------ >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >> End of varnish-misc Digest, Vol 125, Issue 14 >> ********************************************* >> > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Thu Aug 4 13:34:35 2016 From: lagged at gmail.com (Andrei) Date: Thu, 4 Aug 2016 08:34:35 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Hello, Aside from the provided VCL being for WordPress, while you're running XenForo, the xf_ cookies are being dropped by your config. A quick fix is: sub vcl_recv { if( req.http.Cookie ~ "xf_(session|user)") { return (pass); } } sub vcl_backend_response { if (req.http.Cookie ~ "xf_(session|user)") { set beresp.uncacheable = true; set beresp.ttl = 1w; return (deliver); } } However, I suggest auditing your VCL, and only including rules specific to the application(s) which you are running. On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz wrote: > Users can't login or register to domain.com/forum with the current > settings. So we need to make a change related to *xf_user *and > *xf_session* but how? > > > > 2016-08-04 15:26 GMT+03:00 Lane, Richard : > >> If you want Varnish to ignore request for a path you need to tell it to >> pass. In your example you have a rule for the RSS feed. You can do the same >> for /forum/ in your vcl_recv block. >> >> *# DO NOT CACHE RSS FEED* >> * if (req.url ~ "/feed(/)?") {* >> * return ( pass ); * >> *}* >> >> *# DO NOT CACHE FORUM* >> if (req.url ~ "/forum(/)?") { >> return ( pass ); >> } >> >> Cheers, >> Richard >> >> >>> >>> Message: 1 >>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>> From: Ayberk Kimsesiz >>> To: varnish-misc >>> Subject: XenForo default.vcl settings >>> Message-ID: >>> >> ail.com> >>> Content-Type: text/plain; charset="utf-8" >>> >>> Hi, >>> >>> Could you please share the appropriate Default.vcl settings for XenForo >>> Forums? No one can register to the forum at the moment. My current >>> Default.vcl settings are as follows. >>> >>> Forum address: domain.com/forum >>> >>> */* SET THE HOST AND PORT OF WORDPRESS* >>> * * *********************************************************/* >>> *vcl 4.0;* >>> *import std;* >>> >>> *backend default {* >>> * .host = "*******";* >>> * .port = "8080";* >>> * .connect_timeout = 600s;* >>> * .first_byte_timeout = 600s;* >>> * .between_bytes_timeout = 600s;* >>> * .max_connections = 800;* >>> *}* >>> >>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>> *# ##########################################################* >>> *acl purge {* >>> * "localhost";* >>> * "127.0.0.1";* >>> *}* >>> >>> *#THE RECV FUNCTION* >>> *# ##########################################################* >>> *sub vcl_recv {* >>> >>> *# set realIP by trimming CloudFlare IP which will be used for various >>> checks* >>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>> ""); * >>> >>> * # FORWARD THE IP OF THE REQUEST* >>> * if (req.restarts == 0) {* >>> * if (req.http.x-forwarded-for) {* >>> * set req.http.X-Forwarded-For =* >>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> * } else {* >>> * set req.http.X-Forwarded-For = client.ip;* >>> * }* >>> * }* >>> >>> * # Purge request check sections for hash_always_miss, purge and ban* >>> * # BLOCK IF NOT IP is not in purge acl* >>> * # ##########################################################* >>> >>> * # Enable smart refreshing using hash_always_miss* >>> *if (req.http.Cache-Control ~ "no-cache") {* >>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>> purge) {* >>> * set req.hash_always_miss = true;* >>> * }* >>> *}* >>> >>> *if (req.method == "PURGE") {* >>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>> purge) {* >>> * return(synth(405,"Not allowed."));* >>> * }* >>> * return (purge);* >>> >>> * }* >>> *if (req.method == "BAN") {* >>> * # Same ACL check as above:* >>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") >>> ~ purge) {* >>> * return(synth(403, "Not allowed."));* >>> * }* >>> * ban("req.http.host == " + req.http.host +* >>> * " && req.url == " + req.url);* >>> >>> * # Throw a synthetic page so the* >>> * # request won't go to the backend.* >>> * return(synth(200, "Ban added"));* >>> *}* >>> >>> >>> *# Unset cloudflare cookies* >>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>> * set req.http.Cookie = regsuball(req.http.Cookie, >>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>> * # Remove a ";" prefix, if present.* >>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>> >>> * # For Testing: If you want to test with Varnish passing (not caching) >>> uncomment* >>> * # return( pass );* >>> >>> * # FORWARD THE IP OF THE REQUEST* >>> * if (req.restarts == 0) {* >>> * if (req.http.x-forwarded-for) {* >>> * set req.http.X-Forwarded-For =* >>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> * } else {* >>> * set req.http.X-Forwarded-For = client.ip;* >>> * }* >>> * }* >>> >>> *# DO NOT CACHE RSS FEED* >>> * if (req.url ~ "/feed(/)?") {* >>> * return ( pass ); * >>> *}* >>> >>> *## Do not cache search results, comment these 3 lines if you do want to >>> cache them* >>> >>> *if (req.url ~ "/\?s\=") {* >>> * return ( pass ); * >>> *}* >>> >>> *# CLEAN UP THE ENCODING HEADER.* >>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING* >>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>> * # ##########################################################* >>> * if (req.http.Accept-Encoding) {* >>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>> * # No point in compressing these* >>> * unset req.http.Accept-Encoding;* >>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>> * set req.http.Accept-Encoding = "gzip";* >>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>> * set req.http.Accept-Encoding = "deflate";* >>> * } else {* >>> * # unknown algorithm* >>> * unset req.http.Accept-Encoding;* >>> * }* >>> * }* >>> >>> * # PIPE ALL NON-STANDARD REQUESTS* >>> * # ##########################################################* >>> * if (req.method != "GET" &&* >>> * req.method != "HEAD" &&* >>> * req.method != "PUT" && * >>> * req.method != "POST" &&* >>> * req.method != "TRACE" &&* >>> * req.method != "OPTIONS" &&* >>> * req.method != "DELETE") {* >>> * return (pipe);* >>> * }* >>> >>> * # ONLY CACHE GET AND HEAD REQUESTS* >>> * # ##########################################################* >>> * if (req.method != "GET" && req.method != "HEAD") {* >>> * return (pass);* >>> * }* >>> >>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>> EITHER* >>> * # COMMENT OR UNCOMMENT BOTH* >>> * # ##########################################################* >>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>> * return( pass );* >>> * }* >>> >>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>> * # THEN UNSET THE COOKIES* >>> * # ##########################################################* >>> * if (!(req.url ~ "wp-(login|admin)") * >>> * && !(req.url ~ "&preview=true" ) * >>> * ){* >>> * unset req.http.cookie;* >>> * }* >>> >>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>> * # ##########################################################* >>> * if (req.http.Authorization || req.http.Cookie) {* >>> * return (pass);* >>> * }* >>> >>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>> * # ##########################################################* >>> * return (hash);* >>> * # This is for phpmyadmin* >>> *if (req.http.Host == "ki1.org ") {* >>> *return (pass);* >>> *}* >>> >>> *if (req.http.Host == "mysql.ki1.org ") {* >>> *return (pass);* >>> *}* >>> >>> *}* >>> >>> *# HIT FUNCTION* >>> *# ##########################################################* >>> *sub vcl_hit {* >>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>> * # ##########################################################* >>> * if (req.method == "PURGE") {* >>> * #* >>> * # This is now handled in vcl_recv.* >>> * #* >>> * # purge;* >>> * return (synth(200, "Purged."));* >>> * }* >>> * return (deliver);* >>> *}* >>> >>> *# MISS FUNCTION* >>> *# ##########################################################* >>> *sub vcl_miss {* >>> * if (req.method == "PURGE") {* >>> * #* >>> * # This is now handled in vcl_recv.* >>> * #* >>> * # purge;* >>> * return (synth(200, "Purged."));* >>> * }* >>> * return (fetch);* >>> *}* >>> >>> *# FETCH FUNCTION* >>> *# ##########################################################* >>> *sub vcl_backend_response {* >>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> * # TO DO THIS* >>> * # ##########################################################* >>> * set beresp.http.Vary = "Accept-Encoding";* >>> >>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> * # ##########################################################* >>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> "wordpress_logged_in" ) {* >>> * unset beresp.http.set-cookie;* >>> * set beresp.ttl = 52w;* >>> *# set beresp.grace =1w;* >>> * }* >>> >>> * if (beresp.ttl <= 0s ||* >>> * beresp.http.Set-Cookie ||* >>> * beresp.http.Vary == "*") {* >>> * set beresp.ttl = 120 s;* >>> * # set beresp.ttl = 120s;* >>> * set beresp.uncacheable = true;* >>> * return (deliver);* >>> * }* >>> >>> * return (deliver);* >>> *}* >>> >>> *# DELIVER FUNCTION* >>> *# ##########################################################* >>> *sub vcl_deliver {* >>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> * # ##########################################################* >>> * if (obj.hits > 0) {* >>> * set resp.http.X-Cache = "HIT";* >>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> * # ##########################################################* >>> * } else {* >>> * set resp.http.X-Cache = "MISS";* >>> * }* >>> *}* >>> >>> >>> Thanks, >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >> attachments/20160803/d572e4b2/attachment-0001.html> >>> >>> ------------------------------ >>> >>> Message: 2 >>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>> From: Ayberk Kimsesiz >>> To: varnish-misc >>> Subject: Re: XenForo default.vcl settings >>> Message-ID: >>> >> ail.com> >>> Content-Type: text/plain; charset="utf-8" >>> >>> I need to add the followings to default.vcl for Xenforo. However, >>> solutions >>> in the Xenforo forums for this didn't work. Can you please help? >>> >>> xf_session_admin >>> xf_user >>> xf_session >>> >>> Or how can i block Varnish in a way that it doesn't work in * >>> domain.com/forum >>> * >>> >>> >>> >>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : >>> >>> > Hi, >>> > >>> > Could you please share the appropriate Default.vcl settings for XenForo >>> > Forums? No one can register to the forum at the moment. My current >>> > Default.vcl settings are as follows. >>> > >>> > Forum address: domain.com/forum >>> > >>> > */* SET THE HOST AND PORT OF WORDPRESS* >>> > * * *********************************************************/* >>> > *vcl 4.0;* >>> > *import std;* >>> > >>> > *backend default {* >>> > * .host = "*******";* >>> > * .port = "8080";* >>> > * .connect_timeout = 600s;* >>> > * .first_byte_timeout = 600s;* >>> > * .between_bytes_timeout = 600s;* >>> > * .max_connections = 800;* >>> > *}* >>> > >>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>> > *# ##########################################################* >>> > *acl purge {* >>> > * "localhost";* >>> > * "127.0.0.1";* >>> > *}* >>> > >>> > *#THE RECV FUNCTION* >>> > *# ##########################################################* >>> > *sub vcl_recv {* >>> > >>> > *# set realIP by trimming CloudFlare IP which will be used for various >>> > checks* >>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>> ].*$", >>> > ""); * >>> > >>> > * # FORWARD THE IP OF THE REQUEST* >>> > * if (req.restarts == 0) {* >>> > * if (req.http.x-forwarded-for) {* >>> > * set req.http.X-Forwarded-For =* >>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>> > * } else {* >>> > * set req.http.X-Forwarded-For = client.ip;* >>> > * }* >>> > * }* >>> > >>> > * # Purge request check sections for hash_always_miss, purge and ban* >>> > * # BLOCK IF NOT IP is not in purge acl* >>> > * # ##########################################################* >>> > >>> > * # Enable smart refreshing using hash_always_miss* >>> > *if (req.http.Cache-Control ~ "no-cache") {* >>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>> ~ >>> > purge) {* >>> > * set req.hash_always_miss = true;* >>> > * }* >>> > *}* >>> > >>> > *if (req.method == "PURGE") {* >>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ >>> > purge) {* >>> > * return(synth(405,"Not allowed."));* >>> > * }* >>> > * return (purge);* >>> > >>> > * }* >>> > *if (req.method == "BAN") {* >>> > * # Same ACL check as above:* >>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> > "1.2.3.4") ~ purge) {* >>> > * return(synth(403, "Not allowed."));* >>> > * }* >>> > * ban("req.http.host == " + req.http.host +* >>> > * " && req.url == " + req.url);* >>> > >>> > * # Throw a synthetic page so the* >>> > * # request won't go to the backend.* >>> > * return(synth(200, "Ban added"));* >>> > *}* >>> > >>> > >>> > *# Unset cloudflare cookies* >>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>> > * # Remove a ";" prefix, if present.* >>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>> > >>> > * # For Testing: If you want to test with Varnish passing (not >>> caching) >>> > uncomment* >>> > * # return( pass );* >>> > >>> > * # FORWARD THE IP OF THE REQUEST* >>> > * if (req.restarts == 0) {* >>> > * if (req.http.x-forwarded-for) {* >>> > * set req.http.X-Forwarded-For =* >>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>> > * } else {* >>> > * set req.http.X-Forwarded-For = client.ip;* >>> > * }* >>> > * }* >>> > >>> > *# DO NOT CACHE RSS FEED* >>> > * if (req.url ~ "/feed(/)?") {* >>> > * return ( pass ); * >>> > *}* >>> > >>> > *## Do not cache search results, comment these 3 lines if you do want >>> to >>> > cache them* >>> > >>> > *if (req.url ~ "/\?s\=") {* >>> > * return ( pass ); * >>> > *}* >>> > >>> > *# CLEAN UP THE ENCODING HEADER.* >>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING* >>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>> > * # ##########################################################* >>> > * if (req.http.Accept-Encoding) {* >>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>> > * # No point in compressing these* >>> > * unset req.http.Accept-Encoding;* >>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>> > * set req.http.Accept-Encoding = "gzip";* >>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>> > * set req.http.Accept-Encoding = "deflate";* >>> > * } else {* >>> > * # unknown algorithm* >>> > * unset req.http.Accept-Encoding;* >>> > * }* >>> > * }* >>> > >>> > * # PIPE ALL NON-STANDARD REQUESTS* >>> > * # ##########################################################* >>> > * if (req.method != "GET" &&* >>> > * req.method != "HEAD" &&* >>> > * req.method != "PUT" && * >>> > * req.method != "POST" &&* >>> > * req.method != "TRACE" &&* >>> > * req.method != "OPTIONS" &&* >>> > * req.method != "DELETE") {* >>> > * return (pipe);* >>> > * }* >>> > >>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>> > * # ##########################################################* >>> > * if (req.method != "GET" && req.method != "HEAD") {* >>> > * return (pass);* >>> > * }* >>> > >>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>> > EITHER* >>> > * # COMMENT OR UNCOMMENT BOTH* >>> > * # ##########################################################* >>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>> > * return( pass );* >>> > * }* >>> > >>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>> > * # THEN UNSET THE COOKIES* >>> > * # ##########################################################* >>> > * if (!(req.url ~ "wp-(login|admin)") * >>> > * && !(req.url ~ "&preview=true" ) * >>> > * ){* >>> > * unset req.http.cookie;* >>> > * }* >>> > >>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>> > * # ##########################################################* >>> > * if (req.http.Authorization || req.http.Cookie) {* >>> > * return (pass);* >>> > * }* >>> > >>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>> > * # ##########################################################* >>> > * return (hash);* >>> > * # This is for phpmyadmin* >>> > *if (req.http.Host == "ki1.org ") {* >>> > *return (pass);* >>> > *}* >>> > >>> > *if (req.http.Host == "mysql.ki1.org ") {* >>> > *return (pass);* >>> > *}* >>> > >>> > *}* >>> > >>> > *# HIT FUNCTION* >>> > *# ##########################################################* >>> > *sub vcl_hit {* >>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>> > * # ##########################################################* >>> > * if (req.method == "PURGE") {* >>> > * #* >>> > * # This is now handled in vcl_recv.* >>> > * #* >>> > * # purge;* >>> > * return (synth(200, "Purged."));* >>> > * }* >>> > * return (deliver);* >>> > *}* >>> > >>> > *# MISS FUNCTION* >>> > *# ##########################################################* >>> > *sub vcl_miss {* >>> > * if (req.method == "PURGE") {* >>> > * #* >>> > * # This is now handled in vcl_recv.* >>> > * #* >>> > * # purge;* >>> > * return (synth(200, "Purged."));* >>> > * }* >>> > * return (fetch);* >>> > *}* >>> > >>> > *# FETCH FUNCTION* >>> > *# ##########################################################* >>> > *sub vcl_backend_response {* >>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> > * # TO DO THIS* >>> > * # ##########################################################* >>> > * set beresp.http.Vary = "Accept-Encoding";* >>> > >>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> > * # ##########################################################* >>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> > "wordpress_logged_in" ) {* >>> > * unset beresp.http.set-cookie;* >>> > * set beresp.ttl = 52w;* >>> > *# set beresp.grace =1w;* >>> > * }* >>> > >>> > * if (beresp.ttl <= 0s ||* >>> > * beresp.http.Set-Cookie ||* >>> > * beresp.http.Vary == "*") {* >>> > * set beresp.ttl = 120 s;* >>> > * # set beresp.ttl = 120s;* >>> > * set beresp.uncacheable = true;* >>> > * return (deliver);* >>> > * }* >>> > >>> > * return (deliver);* >>> > *}* >>> > >>> > *# DELIVER FUNCTION* >>> > *# ##########################################################* >>> > *sub vcl_deliver {* >>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> > * # ##########################################################* >>> > * if (obj.hits > 0) {* >>> > * set resp.http.X-Cache = "HIT";* >>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> > * # ##########################################################* >>> > * } else {* >>> > * set resp.http.X-Cache = "MISS";* >>> > * }* >>> > *}* >>> > >>> > >>> > Thanks, >>> > >>> -------------- next part -------------- >>> An HTML attachment was scrubbed... >>> URL: >> attachments/20160804/4e3f064a/attachment.html> >>> >>> ------------------------------ >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>> End of varnish-misc Digest, Vol 125, Issue 14 >>> ********************************************* >>> >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Thu Aug 4 13:36:35 2016 From: lagged at gmail.com (Andrei) Date: Thu, 4 Aug 2016 08:36:35 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: correction: sub vcl_recv { if(req.http.Cookie ~ "xf_(session|user)") { return (pass); } } sub vcl_backend_response { if (beresp.http.Set-Cookie ~ "xf_(session|user)") { set beresp.uncacheable = true; set beresp.ttl = 1w; return (deliver); } } On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: > Hello, > > Aside from the provided VCL being for WordPress, while you're running > XenForo, the xf_ cookies are being dropped by your config. A quick fix is: > > sub vcl_recv { > if( req.http.Cookie ~ "xf_(session|user)") { > return (pass); > } > } > > sub vcl_backend_response { > if (req.http.Cookie ~ "xf_(session|user)") { > set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > } > > However, I suggest auditing your VCL, and only including rules specific to > the application(s) which you are running. > > > On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz > wrote: > >> Users can't login or register to domain.com/forum with the current >> settings. So we need to make a change related to *xf_user *and >> *xf_session* but how? >> >> >> >> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >> >>> If you want Varnish to ignore request for a path you need to tell it to >>> pass. In your example you have a rule for the RSS feed. You can do the same >>> for /forum/ in your vcl_recv block. >>> >>> *# DO NOT CACHE RSS FEED* >>> * if (req.url ~ "/feed(/)?") {* >>> * return ( pass ); * >>> *}* >>> >>> *# DO NOT CACHE FORUM* >>> if (req.url ~ "/forum(/)?") { >>> return ( pass ); >>> } >>> >>> Cheers, >>> Richard >>> >>> >>>> >>>> Message: 1 >>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>> From: Ayberk Kimsesiz >>>> To: varnish-misc >>>> Subject: XenForo default.vcl settings >>>> Message-ID: >>>> >>> ail.com> >>>> Content-Type: text/plain; charset="utf-8" >>>> >>>> Hi, >>>> >>>> Could you please share the appropriate Default.vcl settings for XenForo >>>> Forums? No one can register to the forum at the moment. My current >>>> Default.vcl settings are as follows. >>>> >>>> Forum address: domain.com/forum >>>> >>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>> * * *********************************************************/* >>>> *vcl 4.0;* >>>> *import std;* >>>> >>>> *backend default {* >>>> * .host = "*******";* >>>> * .port = "8080";* >>>> * .connect_timeout = 600s;* >>>> * .first_byte_timeout = 600s;* >>>> * .between_bytes_timeout = 600s;* >>>> * .max_connections = 800;* >>>> *}* >>>> >>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>> *# ##########################################################* >>>> *acl purge {* >>>> * "localhost";* >>>> * "127.0.0.1";* >>>> *}* >>>> >>>> *#THE RECV FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_recv {* >>>> >>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>> checks* >>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>>> ""); * >>>> >>>> * # FORWARD THE IP OF THE REQUEST* >>>> * if (req.restarts == 0) {* >>>> * if (req.http.x-forwarded-for) {* >>>> * set req.http.X-Forwarded-For =* >>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> * } else {* >>>> * set req.http.X-Forwarded-For = client.ip;* >>>> * }* >>>> * }* >>>> >>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>> * # BLOCK IF NOT IP is not in purge acl* >>>> * # ##########################################################* >>>> >>>> * # Enable smart refreshing using hash_always_miss* >>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>> purge) {* >>>> * set req.hash_always_miss = true;* >>>> * }* >>>> *}* >>>> >>>> *if (req.method == "PURGE") {* >>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>> ~ >>>> purge) {* >>>> * return(synth(405,"Not allowed."));* >>>> * }* >>>> * return (purge);* >>>> >>>> * }* >>>> *if (req.method == "BAN") {* >>>> * # Same ACL check as above:* >>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") >>>> ~ purge) {* >>>> * return(synth(403, "Not allowed."));* >>>> * }* >>>> * ban("req.http.host == " + req.http.host +* >>>> * " && req.url == " + req.url);* >>>> >>>> * # Throw a synthetic page so the* >>>> * # request won't go to the backend.* >>>> * return(synth(200, "Ban added"));* >>>> *}* >>>> >>>> >>>> *# Unset cloudflare cookies* >>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>> * # Remove a ";" prefix, if present.* >>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>> >>>> * # For Testing: If you want to test with Varnish passing (not caching) >>>> uncomment* >>>> * # return( pass );* >>>> >>>> * # FORWARD THE IP OF THE REQUEST* >>>> * if (req.restarts == 0) {* >>>> * if (req.http.x-forwarded-for) {* >>>> * set req.http.X-Forwarded-For =* >>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> * } else {* >>>> * set req.http.X-Forwarded-For = client.ip;* >>>> * }* >>>> * }* >>>> >>>> *# DO NOT CACHE RSS FEED* >>>> * if (req.url ~ "/feed(/)?") {* >>>> * return ( pass ); * >>>> *}* >>>> >>>> *## Do not cache search results, comment these 3 lines if you do want to >>>> cache them* >>>> >>>> *if (req.url ~ "/\?s\=") {* >>>> * return ( pass ); * >>>> *}* >>>> >>>> *# CLEAN UP THE ENCODING HEADER.* >>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING* >>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>> * # ##########################################################* >>>> * if (req.http.Accept-Encoding) {* >>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>> * # No point in compressing these* >>>> * unset req.http.Accept-Encoding;* >>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>> * set req.http.Accept-Encoding = "gzip";* >>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>> * set req.http.Accept-Encoding = "deflate";* >>>> * } else {* >>>> * # unknown algorithm* >>>> * unset req.http.Accept-Encoding;* >>>> * }* >>>> * }* >>>> >>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>> * # ##########################################################* >>>> * if (req.method != "GET" &&* >>>> * req.method != "HEAD" &&* >>>> * req.method != "PUT" && * >>>> * req.method != "POST" &&* >>>> * req.method != "TRACE" &&* >>>> * req.method != "OPTIONS" &&* >>>> * req.method != "DELETE") {* >>>> * return (pipe);* >>>> * }* >>>> >>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>> * # ##########################################################* >>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>> * return (pass);* >>>> * }* >>>> >>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>> EITHER* >>>> * # COMMENT OR UNCOMMENT BOTH* >>>> * # ##########################################################* >>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>> * return( pass );* >>>> * }* >>>> >>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>> * # THEN UNSET THE COOKIES* >>>> * # ##########################################################* >>>> * if (!(req.url ~ "wp-(login|admin)") * >>>> * && !(req.url ~ "&preview=true" ) * >>>> * ){* >>>> * unset req.http.cookie;* >>>> * }* >>>> >>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>> * # ##########################################################* >>>> * if (req.http.Authorization || req.http.Cookie) {* >>>> * return (pass);* >>>> * }* >>>> >>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>> * # ##########################################################* >>>> * return (hash);* >>>> * # This is for phpmyadmin* >>>> *if (req.http.Host == "ki1.org ") {* >>>> *return (pass);* >>>> *}* >>>> >>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>> *return (pass);* >>>> *}* >>>> >>>> *}* >>>> >>>> *# HIT FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_hit {* >>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>> * # ##########################################################* >>>> * if (req.method == "PURGE") {* >>>> * #* >>>> * # This is now handled in vcl_recv.* >>>> * #* >>>> * # purge;* >>>> * return (synth(200, "Purged."));* >>>> * }* >>>> * return (deliver);* >>>> *}* >>>> >>>> *# MISS FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_miss {* >>>> * if (req.method == "PURGE") {* >>>> * #* >>>> * # This is now handled in vcl_recv.* >>>> * #* >>>> * # purge;* >>>> * return (synth(200, "Purged."));* >>>> * }* >>>> * return (fetch);* >>>> *}* >>>> >>>> *# FETCH FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_backend_response {* >>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> * # TO DO THIS* >>>> * # ##########################################################* >>>> * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> * # ##########################################################* >>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> "wordpress_logged_in" ) {* >>>> * unset beresp.http.set-cookie;* >>>> * set beresp.ttl = 52w;* >>>> *# set beresp.grace =1w;* >>>> * }* >>>> >>>> * if (beresp.ttl <= 0s ||* >>>> * beresp.http.Set-Cookie ||* >>>> * beresp.http.Vary == "*") {* >>>> * set beresp.ttl = 120 s;* >>>> * # set beresp.ttl = 120s;* >>>> * set beresp.uncacheable = true;* >>>> * return (deliver);* >>>> * }* >>>> >>>> * return (deliver);* >>>> *}* >>>> >>>> *# DELIVER FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_deliver {* >>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> * # ##########################################################* >>>> * if (obj.hits > 0) {* >>>> * set resp.http.X-Cache = "HIT";* >>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> * # ##########################################################* >>>> * } else {* >>>> * set resp.http.X-Cache = "MISS";* >>>> * }* >>>> *}* >>>> >>>> >>>> Thanks, >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: >>> attachments/20160803/d572e4b2/attachment-0001.html> >>>> >>>> ------------------------------ >>>> >>>> Message: 2 >>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>> From: Ayberk Kimsesiz >>>> To: varnish-misc >>>> Subject: Re: XenForo default.vcl settings >>>> Message-ID: >>>> >>> ail.com> >>>> Content-Type: text/plain; charset="utf-8" >>>> >>>> I need to add the followings to default.vcl for Xenforo. However, >>>> solutions >>>> in the Xenforo forums for this didn't work. Can you please help? >>>> >>>> xf_session_admin >>>> xf_user >>>> xf_session >>>> >>>> Or how can i block Varnish in a way that it doesn't work in * >>>> domain.com/forum >>>> * >>>> >>>> >>>> >>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : >>>> >>>> > Hi, >>>> > >>>> > Could you please share the appropriate Default.vcl settings for >>>> XenForo >>>> > Forums? No one can register to the forum at the moment. My current >>>> > Default.vcl settings are as follows. >>>> > >>>> > Forum address: domain.com/forum >>>> > >>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>> > * * *********************************************************/* >>>> > *vcl 4.0;* >>>> > *import std;* >>>> > >>>> > *backend default {* >>>> > * .host = "*******";* >>>> > * .port = "8080";* >>>> > * .connect_timeout = 600s;* >>>> > * .first_byte_timeout = 600s;* >>>> > * .between_bytes_timeout = 600s;* >>>> > * .max_connections = 800;* >>>> > *}* >>>> > >>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>> > *# ##########################################################* >>>> > *acl purge {* >>>> > * "localhost";* >>>> > * "127.0.0.1";* >>>> > *}* >>>> > >>>> > *#THE RECV FUNCTION* >>>> > *# ##########################################################* >>>> > *sub vcl_recv {* >>>> > >>>> > *# set realIP by trimming CloudFlare IP which will be used for various >>>> > checks* >>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>> ].*$", >>>> > ""); * >>>> > >>>> > * # FORWARD THE IP OF THE REQUEST* >>>> > * if (req.restarts == 0) {* >>>> > * if (req.http.x-forwarded-for) {* >>>> > * set req.http.X-Forwarded-For =* >>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>> > * } else {* >>>> > * set req.http.X-Forwarded-For = client.ip;* >>>> > * }* >>>> > * }* >>>> > >>>> > * # Purge request check sections for hash_always_miss, purge and ban* >>>> > * # BLOCK IF NOT IP is not in purge acl* >>>> > * # ##########################################################* >>>> > >>>> > * # Enable smart refreshing using hash_always_miss* >>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> > purge) {* >>>> > * set req.hash_always_miss = true;* >>>> > * }* >>>> > *}* >>>> > >>>> > *if (req.method == "PURGE") {* >>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> > purge) {* >>>> > * return(synth(405,"Not allowed."));* >>>> > * }* >>>> > * return (purge);* >>>> > >>>> > * }* >>>> > *if (req.method == "BAN") {* >>>> > * # Same ACL check as above:* >>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> > "1.2.3.4") ~ purge) {* >>>> > * return(synth(403, "Not allowed."));* >>>> > * }* >>>> > * ban("req.http.host == " + req.http.host +* >>>> > * " && req.url == " + req.url);* >>>> > >>>> > * # Throw a synthetic page so the* >>>> > * # request won't go to the backend.* >>>> > * return(synth(200, "Ban added"));* >>>> > *}* >>>> > >>>> > >>>> > *# Unset cloudflare cookies* >>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>> > * # Remove a ";" prefix, if present.* >>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>> > >>>> > * # For Testing: If you want to test with Varnish passing (not >>>> caching) >>>> > uncomment* >>>> > * # return( pass );* >>>> > >>>> > * # FORWARD THE IP OF THE REQUEST* >>>> > * if (req.restarts == 0) {* >>>> > * if (req.http.x-forwarded-for) {* >>>> > * set req.http.X-Forwarded-For =* >>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>> > * } else {* >>>> > * set req.http.X-Forwarded-For = client.ip;* >>>> > * }* >>>> > * }* >>>> > >>>> > *# DO NOT CACHE RSS FEED* >>>> > * if (req.url ~ "/feed(/)?") {* >>>> > * return ( pass ); * >>>> > *}* >>>> > >>>> > *## Do not cache search results, comment these 3 lines if you do want >>>> to >>>> > cache them* >>>> > >>>> > *if (req.url ~ "/\?s\=") {* >>>> > * return ( pass ); * >>>> > *}* >>>> > >>>> > *# CLEAN UP THE ENCODING HEADER.* >>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING* >>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>> > * # ##########################################################* >>>> > * if (req.http.Accept-Encoding) {* >>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>> > * # No point in compressing these* >>>> > * unset req.http.Accept-Encoding;* >>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>> > * set req.http.Accept-Encoding = "gzip";* >>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>> > * set req.http.Accept-Encoding = "deflate";* >>>> > * } else {* >>>> > * # unknown algorithm* >>>> > * unset req.http.Accept-Encoding;* >>>> > * }* >>>> > * }* >>>> > >>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>> > * # ##########################################################* >>>> > * if (req.method != "GET" &&* >>>> > * req.method != "HEAD" &&* >>>> > * req.method != "PUT" && * >>>> > * req.method != "POST" &&* >>>> > * req.method != "TRACE" &&* >>>> > * req.method != "OPTIONS" &&* >>>> > * req.method != "DELETE") {* >>>> > * return (pipe);* >>>> > * }* >>>> > >>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>> > * # ##########################################################* >>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>> > * return (pass);* >>>> > * }* >>>> > >>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>> > EITHER* >>>> > * # COMMENT OR UNCOMMENT BOTH* >>>> > * # ##########################################################* >>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>> > * return( pass );* >>>> > * }* >>>> > >>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>> > * # THEN UNSET THE COOKIES* >>>> > * # ##########################################################* >>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>> > * && !(req.url ~ "&preview=true" ) * >>>> > * ){* >>>> > * unset req.http.cookie;* >>>> > * }* >>>> > >>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>> > * # ##########################################################* >>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>> > * return (pass);* >>>> > * }* >>>> > >>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>> > * # ##########################################################* >>>> > * return (hash);* >>>> > * # This is for phpmyadmin* >>>> > *if (req.http.Host == "ki1.org ") {* >>>> > *return (pass);* >>>> > *}* >>>> > >>>> > *if (req.http.Host == "mysql.ki1.org ") {* >>>> > *return (pass);* >>>> > *}* >>>> > >>>> > *}* >>>> > >>>> > *# HIT FUNCTION* >>>> > *# ##########################################################* >>>> > *sub vcl_hit {* >>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>> > * # ##########################################################* >>>> > * if (req.method == "PURGE") {* >>>> > * #* >>>> > * # This is now handled in vcl_recv.* >>>> > * #* >>>> > * # purge;* >>>> > * return (synth(200, "Purged."));* >>>> > * }* >>>> > * return (deliver);* >>>> > *}* >>>> > >>>> > *# MISS FUNCTION* >>>> > *# ##########################################################* >>>> > *sub vcl_miss {* >>>> > * if (req.method == "PURGE") {* >>>> > * #* >>>> > * # This is now handled in vcl_recv.* >>>> > * #* >>>> > * # purge;* >>>> > * return (synth(200, "Purged."));* >>>> > * }* >>>> > * return (fetch);* >>>> > *}* >>>> > >>>> > *# FETCH FUNCTION* >>>> > *# ##########################################################* >>>> > *sub vcl_backend_response {* >>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> > * # TO DO THIS* >>>> > * # ##########################################################* >>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>> > >>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> > * # ##########################################################* >>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> > "wordpress_logged_in" ) {* >>>> > * unset beresp.http.set-cookie;* >>>> > * set beresp.ttl = 52w;* >>>> > *# set beresp.grace =1w;* >>>> > * }* >>>> > >>>> > * if (beresp.ttl <= 0s ||* >>>> > * beresp.http.Set-Cookie ||* >>>> > * beresp.http.Vary == "*") {* >>>> > * set beresp.ttl = 120 s;* >>>> > * # set beresp.ttl = 120s;* >>>> > * set beresp.uncacheable = true;* >>>> > * return (deliver);* >>>> > * }* >>>> > >>>> > * return (deliver);* >>>> > *}* >>>> > >>>> > *# DELIVER FUNCTION* >>>> > *# ##########################################################* >>>> > *sub vcl_deliver {* >>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> > * # ##########################################################* >>>> > * if (obj.hits > 0) {* >>>> > * set resp.http.X-Cache = "HIT";* >>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> > * # ##########################################################* >>>> > * } else {* >>>> > * set resp.http.X-Cache = "MISS";* >>>> > * }* >>>> > *}* >>>> > >>>> > >>>> > Thanks, >>>> > >>>> -------------- next part -------------- >>>> An HTML attachment was scrubbed... >>>> URL: >>> attachments/20160804/4e3f064a/attachment.html> >>>> >>>> ------------------------------ >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>> ********************************************* >>>> >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> >> >> _______________________________________________ >> varnish-misc mailing list >> varnish-misc at varnish-cache.org >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From irtimood at gmail.com Thu Aug 4 13:52:57 2016 From: irtimood at gmail.com (Dimitri Stagnitto) Date: Thu, 4 Aug 2016 15:52:57 +0200 Subject: varnish-misc Digest, Vol 125, Issue 16 In-Reply-To: References: Message-ID: please unsubscribe, thank you 2016-08-04 15:10 GMT+02:00 : > Send varnish-misc mailing list submissions to > varnish-misc at varnish-cache.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > or, via email, send a message with subject or body 'help' to > varnish-misc-request at varnish-cache.org > > You can reach the person managing the list at > varnish-misc-owner at varnish-cache.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of varnish-misc digest..." > > > Today's Topics: > > 1. Re: XenForo default.vcl settings (Ayberk Kimsesiz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 4 Aug 2016 16:09:43 +0300 > From: Ayberk Kimsesiz > To: "Lane, Richard" > Cc: varnish-misc > Subject: Re: XenForo default.vcl settings > Message-ID: > gmail.com> > Content-Type: text/plain; charset="utf-8" > > Users can't login or register to domain.com/forum with the current > settings. So we need to make a change related to *xf_user *and *xf_session* > but how? > > > > 2016-08-04 15:26 GMT+03:00 Lane, Richard : > > > If you want Varnish to ignore request for a path you need to tell it to > > pass. In your example you have a rule for the RSS feed. You can do the > same > > for /forum/ in your vcl_recv block. > > > > *# DO NOT CACHE RSS FEED* > > * if (req.url ~ "/feed(/)?") {* > > * return ( pass ); * > > *}* > > > > *# DO NOT CACHE FORUM* > > if (req.url ~ "/forum(/)?") { > > return ( pass ); > > } > > > > Cheers, > > Richard > > > > > >> > >> Message: 1 > >> Date: Wed, 3 Aug 2016 23:34:40 +0300 > >> From: Ayberk Kimsesiz > >> To: varnish-misc > >> Subject: XenForo default.vcl settings > >> Message-ID: > >> >> gmail.com> > >> Content-Type: text/plain; charset="utf-8" > >> > >> Hi, > >> > >> Could you please share the appropriate Default.vcl settings for XenForo > >> Forums? No one can register to the forum at the moment. My current > >> Default.vcl settings are as follows. > >> > >> Forum address: domain.com/forum > >> > >> */* SET THE HOST AND PORT OF WORDPRESS* > >> * * *********************************************************/* > >> *vcl 4.0;* > >> *import std;* > >> > >> *backend default {* > >> * .host = "*******";* > >> * .port = "8080";* > >> * .connect_timeout = 600s;* > >> * .first_byte_timeout = 600s;* > >> * .between_bytes_timeout = 600s;* > >> * .max_connections = 800;* > >> *}* > >> > >> *# SET THE ALLOWED IP OF PURGE REQUESTS* > >> *# ##########################################################* > >> *acl purge {* > >> * "localhost";* > >> * "127.0.0.1";* > >> *}* > >> > >> *#THE RECV FUNCTION* > >> *# ##########################################################* > >> *sub vcl_recv {* > >> > >> *# set realIP by trimming CloudFlare IP which will be used for various > >> checks* > >> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > >> ""); * > >> > >> * # FORWARD THE IP OF THE REQUEST* > >> * if (req.restarts == 0) {* > >> * if (req.http.x-forwarded-for) {* > >> * set req.http.X-Forwarded-For =* > >> * req.http.X-Forwarded-For + ", " + client.ip;* > >> * } else {* > >> * set req.http.X-Forwarded-For = client.ip;* > >> * }* > >> * }* > >> > >> * # Purge request check sections for hash_always_miss, purge and ban* > >> * # BLOCK IF NOT IP is not in purge acl* > >> * # ##########################################################* > >> > >> * # Enable smart refreshing using hash_always_miss* > >> *if (req.http.Cache-Control ~ "no-cache") {* > >> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > >> purge) {* > >> * set req.hash_always_miss = true;* > >> * }* > >> *}* > >> > >> *if (req.method == "PURGE") {* > >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ > >> purge) {* > >> * return(synth(405,"Not allowed."));* > >> * }* > >> * return (purge);* > >> > >> * }* > >> *if (req.method == "BAN") {* > >> * # Same ACL check as above:* > >> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > >> "1.2.3.4") > >> ~ purge) {* > >> * return(synth(403, "Not allowed."));* > >> * }* > >> * ban("req.http.host == " + req.http.host +* > >> * " && req.url == " + req.url);* > >> > >> * # Throw a synthetic page so the* > >> * # request won't go to the backend.* > >> * return(synth(200, "Ban added"));* > >> *}* > >> > >> > >> *# Unset cloudflare cookies* > >> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > >> * set req.http.Cookie = regsuball(req.http.Cookie, > >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > >> * # Remove a ";" prefix, if present.* > >> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > >> > >> * # For Testing: If you want to test with Varnish passing (not caching) > >> uncomment* > >> * # return( pass );* > >> > >> * # FORWARD THE IP OF THE REQUEST* > >> * if (req.restarts == 0) {* > >> * if (req.http.x-forwarded-for) {* > >> * set req.http.X-Forwarded-For =* > >> * req.http.X-Forwarded-For + ", " + client.ip;* > >> * } else {* > >> * set req.http.X-Forwarded-For = client.ip;* > >> * }* > >> * }* > >> > >> *# DO NOT CACHE RSS FEED* > >> * if (req.url ~ "/feed(/)?") {* > >> * return ( pass ); * > >> *}* > >> > >> *## Do not cache search results, comment these 3 lines if you do want to > >> cache them* > >> > >> *if (req.url ~ "/\?s\=") {* > >> * return ( pass ); * > >> *}* > >> > >> *# CLEAN UP THE ENCODING HEADER.* > >> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY > ACCEPT-ENCODING* > >> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > >> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > >> * # ##########################################################* > >> * if (req.http.Accept-Encoding) {* > >> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > >> * # No point in compressing these* > >> * unset req.http.Accept-Encoding;* > >> * } elsif (req.http.Accept-Encoding ~ "gzip") {* > >> * set req.http.Accept-Encoding = "gzip";* > >> * } elsif (req.http.Accept-Encoding ~ "deflate") {* > >> * set req.http.Accept-Encoding = "deflate";* > >> * } else {* > >> * # unknown algorithm* > >> * unset req.http.Accept-Encoding;* > >> * }* > >> * }* > >> > >> * # PIPE ALL NON-STANDARD REQUESTS* > >> * # ##########################################################* > >> * if (req.method != "GET" &&* > >> * req.method != "HEAD" &&* > >> * req.method != "PUT" && * > >> * req.method != "POST" &&* > >> * req.method != "TRACE" &&* > >> * req.method != "OPTIONS" &&* > >> * req.method != "DELETE") {* > >> * return (pipe);* > >> * }* > >> > >> * # ONLY CACHE GET AND HEAD REQUESTS* > >> * # ##########################################################* > >> * if (req.method != "GET" && req.method != "HEAD") {* > >> * return (pass);* > >> * }* > >> > >> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > >> EITHER* > >> * # COMMENT OR UNCOMMENT BOTH* > >> * # ##########################################################* > >> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > >> * return( pass );* > >> * }* > >> > >> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > >> * # THEN UNSET THE COOKIES* > >> * # ##########################################################* > >> * if (!(req.url ~ "wp-(login|admin)") * > >> * && !(req.url ~ "&preview=true" ) * > >> * ){* > >> * unset req.http.cookie;* > >> * }* > >> > >> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > >> * # ##########################################################* > >> * if (req.http.Authorization || req.http.Cookie) {* > >> * return (pass);* > >> * }* > >> > >> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > >> * # ##########################################################* > >> * return (hash);* > >> * # This is for phpmyadmin* > >> *if (req.http.Host == "ki1.org ") {* > >> *return (pass);* > >> *}* > >> > >> *if (req.http.Host == "mysql.ki1.org ") {* > >> *return (pass);* > >> *}* > >> > >> *}* > >> > >> *# HIT FUNCTION* > >> *# ##########################################################* > >> *sub vcl_hit {* > >> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > >> * # ##########################################################* > >> * if (req.method == "PURGE") {* > >> * #* > >> * # This is now handled in vcl_recv.* > >> * #* > >> * # purge;* > >> * return (synth(200, "Purged."));* > >> * }* > >> * return (deliver);* > >> *}* > >> > >> *# MISS FUNCTION* > >> *# ##########################################################* > >> *sub vcl_miss {* > >> * if (req.method == "PURGE") {* > >> * #* > >> * # This is now handled in vcl_recv.* > >> * #* > >> * # purge;* > >> * return (synth(200, "Purged."));* > >> * }* > >> * return (fetch);* > >> *}* > >> > >> *# FETCH FUNCTION* > >> *# ##########################################################* > >> *sub vcl_backend_response {* > >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > >> * # TO DO THIS* > >> * # ##########################################################* > >> * set beresp.http.Vary = "Accept-Encoding";* > >> > >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* > >> * # ##########################################################* > >> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > >> "wordpress_logged_in" ) {* > >> * unset beresp.http.set-cookie;* > >> * set beresp.ttl = 52w;* > >> *# set beresp.grace =1w;* > >> * }* > >> > >> * if (beresp.ttl <= 0s ||* > >> * beresp.http.Set-Cookie ||* > >> * beresp.http.Vary == "*") {* > >> * set beresp.ttl = 120 s;* > >> * # set beresp.ttl = 120s;* > >> * set beresp.uncacheable = true;* > >> * return (deliver);* > >> * }* > >> > >> * return (deliver);* > >> *}* > >> > >> *# DELIVER FUNCTION* > >> *# ##########################################################* > >> *sub vcl_deliver {* > >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > >> * # IN THE HEADER (GREAT FOR DEBUGGING)* > >> * # ##########################################################* > >> * if (obj.hits > 0) {* > >> * set resp.http.X-Cache = "HIT";* > >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > >> * # ##########################################################* > >> * } else {* > >> * set resp.http.X-Cache = "MISS";* > >> * }* > >> *}* > >> > >> > >> Thanks, > >> -------------- next part -------------- > >> An HTML attachment was scrubbed... > >> URL: >> attachments/20160803/d572e4b2/attachment-0001.html> > >> > >> ------------------------------ > >> > >> Message: 2 > >> Date: Thu, 4 Aug 2016 12:14:36 +0300 > >> From: Ayberk Kimsesiz > >> To: varnish-misc > >> Subject: Re: XenForo default.vcl settings > >> Message-ID: > >> >> gmail.com> > >> Content-Type: text/plain; charset="utf-8" > >> > >> I need to add the followings to default.vcl for Xenforo. However, > >> solutions > >> in the Xenforo forums for this didn't work. Can you please help? > >> > >> xf_session_admin > >> xf_user > >> xf_session > >> > >> Or how can i block Varnish in a way that it doesn't work in * > >> domain.com/forum > >> * > >> > >> > >> > >> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : > >> > >> > Hi, > >> > > >> > Could you please share the appropriate Default.vcl settings for > XenForo > >> > Forums? No one can register to the forum at the moment. My current > >> > Default.vcl settings are as follows. > >> > > >> > Forum address: domain.com/forum > >> > > >> > */* SET THE HOST AND PORT OF WORDPRESS* > >> > * * *********************************************************/* > >> > *vcl 4.0;* > >> > *import std;* > >> > > >> > *backend default {* > >> > * .host = "*******";* > >> > * .port = "8080";* > >> > * .connect_timeout = 600s;* > >> > * .first_byte_timeout = 600s;* > >> > * .between_bytes_timeout = 600s;* > >> > * .max_connections = 800;* > >> > *}* > >> > > >> > *# SET THE ALLOWED IP OF PURGE REQUESTS* > >> > *# ##########################################################* > >> > *acl purge {* > >> > * "localhost";* > >> > * "127.0.0.1";* > >> > *}* > >> > > >> > *#THE RECV FUNCTION* > >> > *# ##########################################################* > >> > *sub vcl_recv {* > >> > > >> > *# set realIP by trimming CloudFlare IP which will be used for various > >> > checks* > >> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, > ].*$", > >> > ""); * > >> > > >> > * # FORWARD THE IP OF THE REQUEST* > >> > * if (req.restarts == 0) {* > >> > * if (req.http.x-forwarded-for) {* > >> > * set req.http.X-Forwarded-For =* > >> > * req.http.X-Forwarded-For + ", " + client.ip;* > >> > * } else {* > >> > * set req.http.X-Forwarded-For = client.ip;* > >> > * }* > >> > * }* > >> > > >> > * # Purge request check sections for hash_always_miss, purge and ban* > >> > * # BLOCK IF NOT IP is not in purge acl* > >> > * # ##########################################################* > >> > > >> > * # Enable smart refreshing using hash_always_miss* > >> > *if (req.http.Cache-Control ~ "no-cache") {* > >> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ > >> > purge) {* > >> > * set req.hash_always_miss = true;* > >> > * }* > >> > *}* > >> > > >> > *if (req.method == "PURGE") {* > >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") > >> ~ > >> > purge) {* > >> > * return(synth(405,"Not allowed."));* > >> > * }* > >> > * return (purge);* > >> > > >> > * }* > >> > *if (req.method == "BAN") {* > >> > * # Same ACL check as above:* > >> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > >> > "1.2.3.4") ~ purge) {* > >> > * return(synth(403, "Not allowed."));* > >> > * }* > >> > * ban("req.http.host == " + req.http.host +* > >> > * " && req.url == " + req.url);* > >> > > >> > * # Throw a synthetic page so the* > >> > * # request won't go to the backend.* > >> > * return(synth(200, "Ban added"));* > >> > *}* > >> > > >> > > >> > *# Unset cloudflare cookies* > >> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > >> > * set req.http.Cookie = regsuball(req.http.Cookie, > >> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > >> > * # Remove a ";" prefix, if present.* > >> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > >> > > >> > * # For Testing: If you want to test with Varnish passing (not > caching) > >> > uncomment* > >> > * # return( pass );* > >> > > >> > * # FORWARD THE IP OF THE REQUEST* > >> > * if (req.restarts == 0) {* > >> > * if (req.http.x-forwarded-for) {* > >> > * set req.http.X-Forwarded-For =* > >> > * req.http.X-Forwarded-For + ", " + client.ip;* > >> > * } else {* > >> > * set req.http.X-Forwarded-For = client.ip;* > >> > * }* > >> > * }* > >> > > >> > *# DO NOT CACHE RSS FEED* > >> > * if (req.url ~ "/feed(/)?") {* > >> > * return ( pass ); * > >> > *}* > >> > > >> > *## Do not cache search results, comment these 3 lines if you do want > to > >> > cache them* > >> > > >> > *if (req.url ~ "/\?s\=") {* > >> > * return ( pass ); * > >> > *}* > >> > > >> > *# CLEAN UP THE ENCODING HEADER.* > >> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY > >> ACCEPT-ENCODING* > >> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > >> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > >> > * # ##########################################################* > >> > * if (req.http.Accept-Encoding) {* > >> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > >> > * # No point in compressing these* > >> > * unset req.http.Accept-Encoding;* > >> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > >> > * set req.http.Accept-Encoding = "gzip";* > >> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > >> > * set req.http.Accept-Encoding = "deflate";* > >> > * } else {* > >> > * # unknown algorithm* > >> > * unset req.http.Accept-Encoding;* > >> > * }* > >> > * }* > >> > > >> > * # PIPE ALL NON-STANDARD REQUESTS* > >> > * # ##########################################################* > >> > * if (req.method != "GET" &&* > >> > * req.method != "HEAD" &&* > >> > * req.method != "PUT" && * > >> > * req.method != "POST" &&* > >> > * req.method != "TRACE" &&* > >> > * req.method != "OPTIONS" &&* > >> > * req.method != "DELETE") {* > >> > * return (pipe);* > >> > * }* > >> > > >> > * # ONLY CACHE GET AND HEAD REQUESTS* > >> > * # ##########################################################* > >> > * if (req.method != "GET" && req.method != "HEAD") {* > >> > * return (pass);* > >> > * }* > >> > > >> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > >> > EITHER* > >> > * # COMMENT OR UNCOMMENT BOTH* > >> > * # ##########################################################* > >> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > >> > * return( pass );* > >> > * }* > >> > > >> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > >> > * # THEN UNSET THE COOKIES* > >> > * # ##########################################################* > >> > * if (!(req.url ~ "wp-(login|admin)") * > >> > * && !(req.url ~ "&preview=true" ) * > >> > * ){* > >> > * unset req.http.cookie;* > >> > * }* > >> > > >> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > >> > * # ##########################################################* > >> > * if (req.http.Authorization || req.http.Cookie) {* > >> > * return (pass);* > >> > * }* > >> > > >> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > >> > * # ##########################################################* > >> > * return (hash);* > >> > * # This is for phpmyadmin* > >> > *if (req.http.Host == "ki1.org ") {* > >> > *return (pass);* > >> > *}* > >> > > >> > *if (req.http.Host == "mysql.ki1.org ") {* > >> > *return (pass);* > >> > *}* > >> > > >> > *}* > >> > > >> > *# HIT FUNCTION* > >> > *# ##########################################################* > >> > *sub vcl_hit {* > >> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > >> > * # ##########################################################* > >> > * if (req.method == "PURGE") {* > >> > * #* > >> > * # This is now handled in vcl_recv.* > >> > * #* > >> > * # purge;* > >> > * return (synth(200, "Purged."));* > >> > * }* > >> > * return (deliver);* > >> > *}* > >> > > >> > *# MISS FUNCTION* > >> > *# ##########################################################* > >> > *sub vcl_miss {* > >> > * if (req.method == "PURGE") {* > >> > * #* > >> > * # This is now handled in vcl_recv.* > >> > * #* > >> > * # purge;* > >> > * return (synth(200, "Purged."));* > >> > * }* > >> > * return (fetch);* > >> > *}* > >> > > >> > *# FETCH FUNCTION* > >> > *# ##########################################################* > >> > *sub vcl_backend_response {* > >> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > >> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > >> > * # TO DO THIS* > >> > * # ##########################################################* > >> > * set beresp.http.Vary = "Accept-Encoding";* > >> > > >> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > >> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > >> > * # ##########################################################* > >> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > >> > "wordpress_logged_in" ) {* > >> > * unset beresp.http.set-cookie;* > >> > * set beresp.ttl = 52w;* > >> > *# set beresp.grace =1w;* > >> > * }* > >> > > >> > * if (beresp.ttl <= 0s ||* > >> > * beresp.http.Set-Cookie ||* > >> > * beresp.http.Vary == "*") {* > >> > * set beresp.ttl = 120 s;* > >> > * # set beresp.ttl = 120s;* > >> > * set beresp.uncacheable = true;* > >> > * return (deliver);* > >> > * }* > >> > > >> > * return (deliver);* > >> > *}* > >> > > >> > *# DELIVER FUNCTION* > >> > *# ##########################################################* > >> > *sub vcl_deliver {* > >> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > >> > * # IN THE HEADER (GREAT FOR DEBUGGING)* > >> > * # ##########################################################* > >> > * if (obj.hits > 0) {* > >> > * set resp.http.X-Cache = "HIT";* > >> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > >> > * # ##########################################################* > >> > * } else {* > >> > * set resp.http.X-Cache = "MISS";* > >> > * }* > >> > *}* > >> > > >> > > >> > Thanks, > >> > > >> -------------- next part -------------- > >> An HTML attachment was scrubbed... > >> URL: >> attachments/20160804/4e3f064a/attachment.html> > >> > >> ------------------------------ > >> > >> _______________________________________________ > >> varnish-misc mailing list > >> varnish-misc at varnish-cache.org > >> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > >> > >> End of varnish-misc Digest, Vol 125, Issue 14 > >> ********************************************* > >> > > > > > > _______________________________________________ > > varnish-misc mailing list > > varnish-misc at varnish-cache.org > > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: misc/attachments/20160804/e791cc0e/attachment.html> > > ------------------------------ > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > End of varnish-misc Digest, Vol 125, Issue 16 > ********************************************* > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 14:06:56 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 17:06:56 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: First of all, thank you. However the problem continues. Can you examine the codes? /* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "*******"; .port = "8080"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 800; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { *if(req.http.Cookie ~ "xf_(session|user)") {* * return (pass);* * }* # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # Unset cloudflare cookies # Remove has_js and CloudFlare/Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## if ( req.http.cookie ~ "wordpress_logged_in" ) { return( pass ); } # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## if (!(req.url ~ "wp-(login|admin)") && !(req.url ~ "&preview=true" ) ){ unset req.http.cookie; } # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "ki1.org") { return (pass); } if (req.http.Host == "mysql.ki1.org") { return (pass); } } # HIT FUNCTION # ########################################################## sub vcl_hit { # IF THIS IS A PURGE REQUEST THEN DO THE PURGE # ########################################################## if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) { unset beresp.http.set-cookie; set beresp.ttl = 52w; # set beresp.grace =1w; } * if (beresp.http.Set-Cookie ~ "xf_(session|user)") {* * set beresp.uncacheable = true;* * set beresp.ttl = 1w;* * return (deliver);* * }* if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } 2016-08-04 16:36 GMT+03:00 Andrei : > correction: > > sub vcl_recv { > if(req.http.Cookie ~ "xf_(session|user)") { > return (pass); > } > } > > sub vcl_backend_response { > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > } > > On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: > >> Hello, >> >> Aside from the provided VCL being for WordPress, while you're running >> XenForo, the xf_ cookies are being dropped by your config. A quick fix is: >> >> sub vcl_recv { >> if( req.http.Cookie ~ "xf_(session|user)") { >> return (pass); >> } >> } >> >> sub vcl_backend_response { >> if (req.http.Cookie ~ "xf_(session|user)") { >> set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> } >> >> However, I suggest auditing your VCL, and only including rules specific >> to the application(s) which you are running. >> >> >> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> Users can't login or register to domain.com/forum with the current >>> settings. So we need to make a change related to *xf_user *and >>> *xf_session* but how? >>> >>> >>> >>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>> >>>> If you want Varnish to ignore request for a path you need to tell it to >>>> pass. In your example you have a rule for the RSS feed. You can do the same >>>> for /forum/ in your vcl_recv block. >>>> >>>> *# DO NOT CACHE RSS FEED* >>>> * if (req.url ~ "/feed(/)?") {* >>>> * return ( pass ); * >>>> *}* >>>> >>>> *# DO NOT CACHE FORUM* >>>> if (req.url ~ "/forum(/)?") { >>>> return ( pass ); >>>> } >>>> >>>> Cheers, >>>> Richard >>>> >>>> >>>>> >>>>> Message: 1 >>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>> From: Ayberk Kimsesiz >>>>> To: varnish-misc >>>>> Subject: XenForo default.vcl settings >>>>> Message-ID: >>>>> >>>> ail.com> >>>>> Content-Type: text/plain; charset="utf-8" >>>>> >>>>> Hi, >>>>> >>>>> Could you please share the appropriate Default.vcl settings for XenForo >>>>> Forums? No one can register to the forum at the moment. My current >>>>> Default.vcl settings are as follows. >>>>> >>>>> Forum address: domain.com/forum >>>>> >>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>> * * *********************************************************/* >>>>> *vcl 4.0;* >>>>> *import std;* >>>>> >>>>> *backend default {* >>>>> * .host = "*******";* >>>>> * .port = "8080";* >>>>> * .connect_timeout = 600s;* >>>>> * .first_byte_timeout = 600s;* >>>>> * .between_bytes_timeout = 600s;* >>>>> * .max_connections = 800;* >>>>> *}* >>>>> >>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>> *# ##########################################################* >>>>> *acl purge {* >>>>> * "localhost";* >>>>> * "127.0.0.1";* >>>>> *}* >>>>> >>>>> *#THE RECV FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_recv {* >>>>> >>>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>>> checks* >>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>> ].*$", >>>>> ""); * >>>>> >>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> * if (req.restarts == 0) {* >>>>> * if (req.http.x-forwarded-for) {* >>>>> * set req.http.X-Forwarded-For =* >>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> * } else {* >>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> * }* >>>>> * }* >>>>> >>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>> * # ##########################################################* >>>>> >>>>> * # Enable smart refreshing using hash_always_miss* >>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>> ~ >>>>> purge) {* >>>>> * set req.hash_always_miss = true;* >>>>> * }* >>>>> *}* >>>>> >>>>> *if (req.method == "PURGE") {* >>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> purge) {* >>>>> * return(synth(405,"Not allowed."));* >>>>> * }* >>>>> * return (purge);* >>>>> >>>>> * }* >>>>> *if (req.method == "BAN") {* >>>>> * # Same ACL check as above:* >>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") >>>>> ~ purge) {* >>>>> * return(synth(403, "Not allowed."));* >>>>> * }* >>>>> * ban("req.http.host == " + req.http.host +* >>>>> * " && req.url == " + req.url);* >>>>> >>>>> * # Throw a synthetic page so the* >>>>> * # request won't go to the backend.* >>>>> * return(synth(200, "Ban added"));* >>>>> *}* >>>>> >>>>> >>>>> *# Unset cloudflare cookies* >>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>> * # Remove a ";" prefix, if present.* >>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>> >>>>> * # For Testing: If you want to test with Varnish passing (not >>>>> caching) >>>>> uncomment* >>>>> * # return( pass );* >>>>> >>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> * if (req.restarts == 0) {* >>>>> * if (req.http.x-forwarded-for) {* >>>>> * set req.http.X-Forwarded-For =* >>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> * } else {* >>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> * }* >>>>> * }* >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> * return ( pass ); * >>>>> *}* >>>>> >>>>> *## Do not cache search results, comment these 3 lines if you do want >>>>> to >>>>> cache them* >>>>> >>>>> *if (req.url ~ "/\?s\=") {* >>>>> * return ( pass ); * >>>>> *}* >>>>> >>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING* >>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>> * # ##########################################################* >>>>> * if (req.http.Accept-Encoding) {* >>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>> * # No point in compressing these* >>>>> * unset req.http.Accept-Encoding;* >>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>> * set req.http.Accept-Encoding = "gzip";* >>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>> * set req.http.Accept-Encoding = "deflate";* >>>>> * } else {* >>>>> * # unknown algorithm* >>>>> * unset req.http.Accept-Encoding;* >>>>> * }* >>>>> * }* >>>>> >>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>> * # ##########################################################* >>>>> * if (req.method != "GET" &&* >>>>> * req.method != "HEAD" &&* >>>>> * req.method != "PUT" && * >>>>> * req.method != "POST" &&* >>>>> * req.method != "TRACE" &&* >>>>> * req.method != "OPTIONS" &&* >>>>> * req.method != "DELETE") {* >>>>> * return (pipe);* >>>>> * }* >>>>> >>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>> * # ##########################################################* >>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>> * return (pass);* >>>>> * }* >>>>> >>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>> EITHER* >>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>> * # ##########################################################* >>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>> * return( pass );* >>>>> * }* >>>>> >>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>> * # THEN UNSET THE COOKIES* >>>>> * # ##########################################################* >>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>> * && !(req.url ~ "&preview=true" ) * >>>>> * ){* >>>>> * unset req.http.cookie;* >>>>> * }* >>>>> >>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>> * # ##########################################################* >>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>> * return (pass);* >>>>> * }* >>>>> >>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>> * # ##########################################################* >>>>> * return (hash);* >>>>> * # This is for phpmyadmin* >>>>> *if (req.http.Host == "ki1.org ") {* >>>>> *return (pass);* >>>>> *}* >>>>> >>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>> *return (pass);* >>>>> *}* >>>>> >>>>> *}* >>>>> >>>>> *# HIT FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_hit {* >>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>> * # ##########################################################* >>>>> * if (req.method == "PURGE") {* >>>>> * #* >>>>> * # This is now handled in vcl_recv.* >>>>> * #* >>>>> * # purge;* >>>>> * return (synth(200, "Purged."));* >>>>> * }* >>>>> * return (deliver);* >>>>> *}* >>>>> >>>>> *# MISS FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_miss {* >>>>> * if (req.method == "PURGE") {* >>>>> * #* >>>>> * # This is now handled in vcl_recv.* >>>>> * #* >>>>> * # purge;* >>>>> * return (synth(200, "Purged."));* >>>>> * }* >>>>> * return (fetch);* >>>>> *}* >>>>> >>>>> *# FETCH FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_backend_response {* >>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>> * # TO DO THIS* >>>>> * # ##########################################################* >>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>> >>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> * # ##########################################################* >>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> "wordpress_logged_in" ) {* >>>>> * unset beresp.http.set-cookie;* >>>>> * set beresp.ttl = 52w;* >>>>> *# set beresp.grace =1w;* >>>>> * }* >>>>> >>>>> * if (beresp.ttl <= 0s ||* >>>>> * beresp.http.Set-Cookie ||* >>>>> * beresp.http.Vary == "*") {* >>>>> * set beresp.ttl = 120 s;* >>>>> * # set beresp.ttl = 120s;* >>>>> * set beresp.uncacheable = true;* >>>>> * return (deliver);* >>>>> * }* >>>>> >>>>> * return (deliver);* >>>>> *}* >>>>> >>>>> *# DELIVER FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_deliver {* >>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> * # ##########################################################* >>>>> * if (obj.hits > 0) {* >>>>> * set resp.http.X-Cache = "HIT";* >>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> * # ##########################################################* >>>>> * } else {* >>>>> * set resp.http.X-Cache = "MISS";* >>>>> * }* >>>>> *}* >>>>> >>>>> >>>>> Thanks, >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: >>>> attachments/20160803/d572e4b2/attachment-0001.html> >>>>> >>>>> ------------------------------ >>>>> >>>>> Message: 2 >>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>> From: Ayberk Kimsesiz >>>>> To: varnish-misc >>>>> Subject: Re: XenForo default.vcl settings >>>>> Message-ID: >>>>> >>>> ail.com> >>>>> Content-Type: text/plain; charset="utf-8" >>>>> >>>>> I need to add the followings to default.vcl for Xenforo. However, >>>>> solutions >>>>> in the Xenforo forums for this didn't work. Can you please help? >>>>> >>>>> xf_session_admin >>>>> xf_user >>>>> xf_session >>>>> >>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>> domain.com/forum >>>>> * >>>>> >>>>> >>>>> >>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz >>>> >: >>>>> >>>>> > Hi, >>>>> > >>>>> > Could you please share the appropriate Default.vcl settings for >>>>> XenForo >>>>> > Forums? No one can register to the forum at the moment. My current >>>>> > Default.vcl settings are as follows. >>>>> > >>>>> > Forum address: domain.com/forum >>>>> > >>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>> > * * *********************************************************/* >>>>> > *vcl 4.0;* >>>>> > *import std;* >>>>> > >>>>> > *backend default {* >>>>> > * .host = "*******";* >>>>> > * .port = "8080";* >>>>> > * .connect_timeout = 600s;* >>>>> > * .first_byte_timeout = 600s;* >>>>> > * .between_bytes_timeout = 600s;* >>>>> > * .max_connections = 800;* >>>>> > *}* >>>>> > >>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>> > *# ##########################################################* >>>>> > *acl purge {* >>>>> > * "localhost";* >>>>> > * "127.0.0.1";* >>>>> > *}* >>>>> > >>>>> > *#THE RECV FUNCTION* >>>>> > *# ##########################################################* >>>>> > *sub vcl_recv {* >>>>> > >>>>> > *# set realIP by trimming CloudFlare IP which will be used for >>>>> various >>>>> > checks* >>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>> ].*$", >>>>> > ""); * >>>>> > >>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>> > * if (req.restarts == 0) {* >>>>> > * if (req.http.x-forwarded-for) {* >>>>> > * set req.http.X-Forwarded-For =* >>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> > * } else {* >>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>> > * }* >>>>> > * }* >>>>> > >>>>> > * # Purge request check sections for hash_always_miss, purge and ban* >>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>> > * # ##########################################################* >>>>> > >>>>> > * # Enable smart refreshing using hash_always_miss* >>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> > purge) {* >>>>> > * set req.hash_always_miss = true;* >>>>> > * }* >>>>> > *}* >>>>> > >>>>> > *if (req.method == "PURGE") {* >>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> > purge) {* >>>>> > * return(synth(405,"Not allowed."));* >>>>> > * }* >>>>> > * return (purge);* >>>>> > >>>>> > * }* >>>>> > *if (req.method == "BAN") {* >>>>> > * # Same ACL check as above:* >>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> > "1.2.3.4") ~ purge) {* >>>>> > * return(synth(403, "Not allowed."));* >>>>> > * }* >>>>> > * ban("req.http.host == " + req.http.host +* >>>>> > * " && req.url == " + req.url);* >>>>> > >>>>> > * # Throw a synthetic page so the* >>>>> > * # request won't go to the backend.* >>>>> > * return(synth(200, "Ban added"));* >>>>> > *}* >>>>> > >>>>> > >>>>> > *# Unset cloudflare cookies* >>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>> > * # Remove a ";" prefix, if present.* >>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>> > >>>>> > * # For Testing: If you want to test with Varnish passing (not >>>>> caching) >>>>> > uncomment* >>>>> > * # return( pass );* >>>>> > >>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>> > * if (req.restarts == 0) {* >>>>> > * if (req.http.x-forwarded-for) {* >>>>> > * set req.http.X-Forwarded-For =* >>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> > * } else {* >>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>> > * }* >>>>> > * }* >>>>> > >>>>> > *# DO NOT CACHE RSS FEED* >>>>> > * if (req.url ~ "/feed(/)?") {* >>>>> > * return ( pass ); * >>>>> > *}* >>>>> > >>>>> > *## Do not cache search results, comment these 3 lines if you do >>>>> want to >>>>> > cache them* >>>>> > >>>>> > *if (req.url ~ "/\?s\=") {* >>>>> > * return ( pass ); * >>>>> > *}* >>>>> > >>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING* >>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>> > * # ##########################################################* >>>>> > * if (req.http.Accept-Encoding) {* >>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>> > * # No point in compressing these* >>>>> > * unset req.http.Accept-Encoding;* >>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>> > * } else {* >>>>> > * # unknown algorithm* >>>>> > * unset req.http.Accept-Encoding;* >>>>> > * }* >>>>> > * }* >>>>> > >>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>> > * # ##########################################################* >>>>> > * if (req.method != "GET" &&* >>>>> > * req.method != "HEAD" &&* >>>>> > * req.method != "PUT" && * >>>>> > * req.method != "POST" &&* >>>>> > * req.method != "TRACE" &&* >>>>> > * req.method != "OPTIONS" &&* >>>>> > * req.method != "DELETE") {* >>>>> > * return (pipe);* >>>>> > * }* >>>>> > >>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>> > * # ##########################################################* >>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>> > * return (pass);* >>>>> > * }* >>>>> > >>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>> TOO, >>>>> > EITHER* >>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>> > * # ##########################################################* >>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>> > * return( pass );* >>>>> > * }* >>>>> > >>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>> > * # THEN UNSET THE COOKIES* >>>>> > * # ##########################################################* >>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>> > * && !(req.url ~ "&preview=true" ) * >>>>> > * ){* >>>>> > * unset req.http.cookie;* >>>>> > * }* >>>>> > >>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>> > * # ##########################################################* >>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>> > * return (pass);* >>>>> > * }* >>>>> > >>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>> > * # ##########################################################* >>>>> > * return (hash);* >>>>> > * # This is for phpmyadmin* >>>>> > *if (req.http.Host == "ki1.org ") {* >>>>> > *return (pass);* >>>>> > *}* >>>>> > >>>>> > *if (req.http.Host == "mysql.ki1.org ") {* >>>>> > *return (pass);* >>>>> > *}* >>>>> > >>>>> > *}* >>>>> > >>>>> > *# HIT FUNCTION* >>>>> > *# ##########################################################* >>>>> > *sub vcl_hit {* >>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>> > * # ##########################################################* >>>>> > * if (req.method == "PURGE") {* >>>>> > * #* >>>>> > * # This is now handled in vcl_recv.* >>>>> > * #* >>>>> > * # purge;* >>>>> > * return (synth(200, "Purged."));* >>>>> > * }* >>>>> > * return (deliver);* >>>>> > *}* >>>>> > >>>>> > *# MISS FUNCTION* >>>>> > *# ##########################################################* >>>>> > *sub vcl_miss {* >>>>> > * if (req.method == "PURGE") {* >>>>> > * #* >>>>> > * # This is now handled in vcl_recv.* >>>>> > * #* >>>>> > * # purge;* >>>>> > * return (synth(200, "Purged."));* >>>>> > * }* >>>>> > * return (fetch);* >>>>> > *}* >>>>> > >>>>> > *# FETCH FUNCTION* >>>>> > *# ##########################################################* >>>>> > *sub vcl_backend_response {* >>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>> > * # TO DO THIS* >>>>> > * # ##########################################################* >>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>> > >>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> > * # ##########################################################* >>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> > "wordpress_logged_in" ) {* >>>>> > * unset beresp.http.set-cookie;* >>>>> > * set beresp.ttl = 52w;* >>>>> > *# set beresp.grace =1w;* >>>>> > * }* >>>>> > >>>>> > * if (beresp.ttl <= 0s ||* >>>>> > * beresp.http.Set-Cookie ||* >>>>> > * beresp.http.Vary == "*") {* >>>>> > * set beresp.ttl = 120 s;* >>>>> > * # set beresp.ttl = 120s;* >>>>> > * set beresp.uncacheable = true;* >>>>> > * return (deliver);* >>>>> > * }* >>>>> > >>>>> > * return (deliver);* >>>>> > *}* >>>>> > >>>>> > *# DELIVER FUNCTION* >>>>> > *# ##########################################################* >>>>> > *sub vcl_deliver {* >>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> > * # ##########################################################* >>>>> > * if (obj.hits > 0) {* >>>>> > * set resp.http.X-Cache = "HIT";* >>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> > * # ##########################################################* >>>>> > * } else {* >>>>> > * set resp.http.X-Cache = "MISS";* >>>>> > * }* >>>>> > *}* >>>>> > >>>>> > >>>>> > Thanks, >>>>> > >>>>> -------------- next part -------------- >>>>> An HTML attachment was scrubbed... >>>>> URL: >>>> attachments/20160804/4e3f064a/attachment.html> >>>>> >>>>> ------------------------------ >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> varnish-misc at varnish-cache.org >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>> ********************************************* >>>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> >>> >>> _______________________________________________ >>> varnish-misc mailing list >>> varnish-misc at varnish-cache.org >>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Thu Aug 4 14:24:19 2016 From: lagged at gmail.com (Andrei) Date: Thu, 4 Aug 2016 09:24:19 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Please provide us a copy of the varnishlog output during a login attempt for review On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz wrote: > First of all, thank you. However the problem continues. Can you examine > the codes? > > > /* SET THE HOST AND PORT OF WORDPRESS > * *********************************************************/ > vcl 4.0; > import std; > > backend default { > .host = "*******"; > .port = "8080"; > .connect_timeout = 600s; > .first_byte_timeout = 600s; > .between_bytes_timeout = 600s; > .max_connections = 800; > } > > # SET THE ALLOWED IP OF PURGE REQUESTS > # ########################################################## > acl purge { > "localhost"; > "127.0.0.1"; > } > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > > *if(req.http.Cookie ~ "xf_(session|user)") {* > * return (pass);* > * }* > > # set realIP by trimming CloudFlare IP which will be used for various > checks > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # Purge request check sections for hash_always_miss, purge and ban > # BLOCK IF NOT IP is not in purge acl > # ########################################################## > > # Enable smart refreshing using hash_always_miss > if (req.http.Cache-Control ~ "no-cache") { > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > set req.hash_always_miss = true; > } > } > > if (req.method == "PURGE") { > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > return(synth(405,"Not allowed.")); > } > return (purge); > > } > if (req.method == "BAN") { > # Same ACL check as above: > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ purge) { > return(synth(403, "Not allowed.")); > } > ban("req.http.host == " + req.http.host + > " && req.url == " + req.url); > > # Throw a synthetic page so the > # request won't go to the backend. > return(synth(200, "Ban added")); > } > > > # Unset cloudflare cookies > # Remove has_js and CloudFlare/Google Analytics __* cookies. > set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > # Remove a ";" prefix, if present. > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > # For Testing: If you want to test with Varnish passing (not caching) > uncomment > # return( pass ); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # DO NOT CACHE RSS FEED > if (req.url ~ "/feed(/)?") { > return ( pass ); > } > > ## Do not cache search results, comment these 3 lines if you do want to > cache them > > if (req.url ~ "/\?s\=") { > return ( pass ); > } > > # CLEAN UP THE ENCODING HEADER. > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > # ########################################################## > if (req.http.Accept-Encoding) { > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > # No point in compressing these > unset req.http.Accept-Encoding; > } elsif (req.http.Accept-Encoding ~ "gzip") { > set req.http.Accept-Encoding = "gzip"; > } elsif (req.http.Accept-Encoding ~ "deflate") { > set req.http.Accept-Encoding = "deflate"; > } else { > # unknown algorithm > unset req.http.Accept-Encoding; > } > } > > # PIPE ALL NON-STANDARD REQUESTS > # ########################################################## > if (req.method != "GET" && > req.method != "HEAD" && > req.method != "PUT" && > req.method != "POST" && > req.method != "TRACE" && > req.method != "OPTIONS" && > req.method != "DELETE") { > return (pipe); > } > > # ONLY CACHE GET AND HEAD REQUESTS > # ########################################################## > if (req.method != "GET" && req.method != "HEAD") { > return (pass); > } > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER > # COMMENT OR UNCOMMENT BOTH > # ########################################################## > if ( req.http.cookie ~ "wordpress_logged_in" ) { > return( pass ); > } > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > # THEN UNSET THE COOKIES > # ########################################################## > if (!(req.url ~ "wp-(login|admin)") > && !(req.url ~ "&preview=true" ) > ){ > unset req.http.cookie; > } > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > # ########################################################## > return (hash); > # This is for phpmyadmin > if (req.http.Host == "ki1.org") { > return (pass); > } > > if (req.http.Host == "mysql.ki1.org") { > return (pass); > } > > } > > # HIT FUNCTION > # ########################################################## > sub vcl_hit { > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > # ########################################################## > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (deliver); > } > > # MISS FUNCTION > # ########################################################## > sub vcl_miss { > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (fetch); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) { > unset beresp.http.set-cookie; > set beresp.ttl = 52w; > # set beresp.grace =1w; > } > > * if (beresp.http.Set-Cookie ~ "xf_(session|user)") {* > * set beresp.uncacheable = true;* > * set beresp.ttl = 1w;* > * return (deliver);* > * }* > > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > > > 2016-08-04 16:36 GMT+03:00 Andrei : > >> correction: >> >> sub vcl_recv { >> if(req.http.Cookie ~ "xf_(session|user)") { >> return (pass); >> } >> } >> >> sub vcl_backend_response { >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> } >> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >> >>> Hello, >>> >>> Aside from the provided VCL being for WordPress, while you're running >>> XenForo, the xf_ cookies are being dropped by your config. A quick fix is: >>> >>> sub vcl_recv { >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> return (pass); >>> } >>> } >>> >>> sub vcl_backend_response { >>> if (req.http.Cookie ~ "xf_(session|user)") { >>> set beresp.uncacheable = true; >>> set beresp.ttl = 1w; >>> return (deliver); >>> } >>> } >>> >>> However, I suggest auditing your VCL, and only including rules specific >>> to the application(s) which you are running. >>> >>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> Users can't login or register to domain.com/forum with the current >>>> settings. So we need to make a change related to *xf_user *and >>>> *xf_session* but how? >>>> >>>> >>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>> >>>>> If you want Varnish to ignore request for a path you need to tell it >>>>> to pass. In your example you have a rule for the RSS feed. You can do the >>>>> same for /forum/ in your vcl_recv block. >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> * return ( pass ); * >>>>> *}* >>>>> >>>>> *# DO NOT CACHE FORUM* >>>>> if (req.url ~ "/forum(/)?") { >>>>> return ( pass ); >>>>> } >>>>> >>>>> Cheers, >>>>> Richard >>>>> >>>>> >>>>>> >>>>>> Message: 1 >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>> From: Ayberk Kimsesiz >>>>>> To: varnish-misc >>>>>> Subject: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> >>>>> ail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> Hi, >>>>>> >>>>>> Could you please share the appropriate Default.vcl settings for >>>>>> XenForo >>>>>> Forums? No one can register to the forum at the moment. My current >>>>>> Default.vcl settings are as follows. >>>>>> >>>>>> Forum address: domain.com/forum >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> * * *********************************************************/* >>>>>> *vcl 4.0;* >>>>>> *import std;* >>>>>> >>>>>> *backend default {* >>>>>> * .host = "*******";* >>>>>> * .port = "8080";* >>>>>> * .connect_timeout = 600s;* >>>>>> * .first_byte_timeout = 600s;* >>>>>> * .between_bytes_timeout = 600s;* >>>>>> * .max_connections = 800;* >>>>>> *}* >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> *# ##########################################################* >>>>>> *acl purge {* >>>>>> * "localhost";* >>>>>> * "127.0.0.1";* >>>>>> *}* >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_recv {* >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>>>> checks* >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", >>>>>> ""); * >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> * # ##########################################################* >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * set req.hash_always_miss = true;* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * return(synth(405,"Not allowed."));* >>>>>> * }* >>>>>> * return (purge);* >>>>>> >>>>>> * }* >>>>>> *if (req.method == "BAN") {* >>>>>> * # Same ACL check as above:* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") >>>>>> ~ purge) {* >>>>>> * return(synth(403, "Not allowed."));* >>>>>> * }* >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> * # request won't go to the backend.* >>>>>> * return(synth(200, "Ban added"));* >>>>>> *}* >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> * # Remove a ";" prefix, if present.* >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>>> caching) >>>>>> uncomment* >>>>>> * # return( pass );* >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do want >>>>>> to >>>>>> cache them* >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> * # No point in compressing these* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> * } else {* >>>>>> * # unknown algorithm* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" &&* >>>>>> * req.method != "HEAD" &&* >>>>>> * req.method != "PUT" && * >>>>>> * req.method != "POST" &&* >>>>>> * req.method != "TRACE" &&* >>>>>> * req.method != "OPTIONS" &&* >>>>>> * req.method != "DELETE") {* >>>>>> * return (pipe);* >>>>>> * }* >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>>> EITHER* >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> * # ##########################################################* >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> * return( pass );* >>>>>> * }* >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> * # THEN UNSET THE COOKIES* >>>>>> * # ##########################################################* >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> * ){* >>>>>> * unset req.http.cookie;* >>>>>> * }* >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> * # ##########################################################* >>>>>> * return (hash);* >>>>>> * # This is for phpmyadmin* >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *}* >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_hit {* >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> * # ##########################################################* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_miss {* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (fetch);* >>>>>> *}* >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_backend_response {* >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> * # TO DO THIS* >>>>>> * # ##########################################################* >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> * # ##########################################################* >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) {* >>>>>> * unset beresp.http.set-cookie;* >>>>>> * set beresp.ttl = 52w;* >>>>>> *# set beresp.grace =1w;* >>>>>> * }* >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> * beresp.http.Set-Cookie ||* >>>>>> * beresp.http.Vary == "*") {* >>>>>> * set beresp.ttl = 120 s;* >>>>>> * # set beresp.ttl = 120s;* >>>>>> * set beresp.uncacheable = true;* >>>>>> * return (deliver);* >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_deliver {* >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> * # ##########################################################* >>>>>> * if (obj.hits > 0) {* >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> * # ##########################################################* >>>>>> * } else {* >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> >>>>>> Thanks, >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: >>>>> attachments/20160803/d572e4b2/attachment-0001.html> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> Message: 2 >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>> From: Ayberk Kimsesiz >>>>>> To: varnish-misc >>>>>> Subject: Re: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> >>>>> ail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. However, >>>>>> solutions >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>>>>> >>>>>> xf_session_admin >>>>>> xf_user >>>>>> xf_session >>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>> domain.com/forum >>>>>> * >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz >>>>> >: >>>>>> >>>>>> > Hi, >>>>>> > >>>>>> > Could you please share the appropriate Default.vcl settings for >>>>>> XenForo >>>>>> > Forums? No one can register to the forum at the moment. My current >>>>>> > Default.vcl settings are as follows. >>>>>> > >>>>>> > Forum address: domain.com/forum >>>>>> > >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> > * * *********************************************************/* >>>>>> > *vcl 4.0;* >>>>>> > *import std;* >>>>>> > >>>>>> > *backend default {* >>>>>> > * .host = "*******";* >>>>>> > * .port = "8080";* >>>>>> > * .connect_timeout = 600s;* >>>>>> > * .first_byte_timeout = 600s;* >>>>>> > * .between_bytes_timeout = 600s;* >>>>>> > * .max_connections = 800;* >>>>>> > *}* >>>>>> > >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> > *# ##########################################################* >>>>>> > *acl purge {* >>>>>> > * "localhost";* >>>>>> > * "127.0.0.1";* >>>>>> > *}* >>>>>> > >>>>>> > *#THE RECV FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_recv {* >>>>>> > >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for >>>>>> various >>>>>> > checks* >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", >>>>>> > ""); * >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # Purge request check sections for hash_always_miss, purge and >>>>>> ban* >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>> > * # ##########################################################* >>>>>> > >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * set req.hash_always_miss = true;* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.method == "PURGE") {* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * return(synth(405,"Not allowed."));* >>>>>> > * }* >>>>>> > * return (purge);* >>>>>> > >>>>>> > * }* >>>>>> > *if (req.method == "BAN") {* >>>>>> > * # Same ACL check as above:* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> > "1.2.3.4") ~ purge) {* >>>>>> > * return(synth(403, "Not allowed."));* >>>>>> > * }* >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>> > * " && req.url == " + req.url);* >>>>>> > >>>>>> > * # Throw a synthetic page so the* >>>>>> > * # request won't go to the backend.* >>>>>> > * return(synth(200, "Ban added"));* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > *# Unset cloudflare cookies* >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> > * # Remove a ";" prefix, if present.* >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> > >>>>>> > * # For Testing: If you want to test with Varnish passing (not >>>>>> caching) >>>>>> > uncomment* >>>>>> > * # return( pass );* >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *## Do not cache search results, comment these 3 lines if you do >>>>>> want to >>>>>> > cache them* >>>>>> > >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> > * # No point in compressing these* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>> > * } else {* >>>>>> > * # unknown algorithm* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" &&* >>>>>> > * req.method != "HEAD" &&* >>>>>> > * req.method != "PUT" && * >>>>>> > * req.method != "POST" &&* >>>>>> > * req.method != "TRACE" &&* >>>>>> > * req.method != "OPTIONS" &&* >>>>>> > * req.method != "DELETE") {* >>>>>> > * return (pipe);* >>>>>> > * }* >>>>>> > >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>> TOO, >>>>>> > EITHER* >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>> > * # ##########################################################* >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> > * return( pass );* >>>>>> > * }* >>>>>> > >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> > * # THEN UNSET THE COOKIES* >>>>>> > * # ##########################################################* >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>> > * ){* >>>>>> > * unset req.http.cookie;* >>>>>> > * }* >>>>>> > >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> > * # ##########################################################* >>>>>> > * return (hash);* >>>>>> > * # This is for phpmyadmin* >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.http.Host == "mysql.ki1.org ") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *}* >>>>>> > >>>>>> > *# HIT FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_hit {* >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# MISS FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_miss {* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (fetch);* >>>>>> > *}* >>>>>> > >>>>>> > *# FETCH FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_backend_response {* >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> > * # TO DO THIS* >>>>>> > * # ##########################################################* >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>> > >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> > * # ##########################################################* >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> > "wordpress_logged_in" ) {* >>>>>> > * unset beresp.http.set-cookie;* >>>>>> > * set beresp.ttl = 52w;* >>>>>> > *# set beresp.grace =1w;* >>>>>> > * }* >>>>>> > >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>> > * beresp.http.Set-Cookie ||* >>>>>> > * beresp.http.Vary == "*") {* >>>>>> > * set beresp.ttl = 120 s;* >>>>>> > * # set beresp.ttl = 120s;* >>>>>> > * set beresp.uncacheable = true;* >>>>>> > * return (deliver);* >>>>>> > * }* >>>>>> > >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# DELIVER FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_deliver {* >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> > * # ##########################################################* >>>>>> > * if (obj.hits > 0) {* >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> > * # ##########################################################* >>>>>> > * } else {* >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > Thanks, >>>>>> > >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: >>>>> attachments/20160804/4e3f064a/attachment.html> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> varnish-misc mailing list >>>>>> varnish-misc at varnish-cache.org >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>> ********************************************* >>>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> varnish-misc at varnish-cache.org >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Thu Aug 4 14:24:50 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Thu, 4 Aug 2016 09:24:50 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: I assume you reloaded/restarted Varnish after these changes were made. If so, can you verify that you do have the cookies set on the request? maybe add this log message right before returning if(req.http.Cookie ~ "xf_(session|user)") { std.log( "PPPAASS Cookie set for forum"); return (pass); } Then you can use varnishlog command (below) to verify cookie is found varnishlog | grep -A15 -B15 "PPPAASS" Cheers, Richard On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz wrote: > > First of all, thank you. However the problem continues. Can you examine the codes? > > > /* SET THE HOST AND PORT OF WORDPRESS > * *********************************************************/ > vcl 4.0; > import std; > > backend default { > .host = "*******"; > .port = "8080"; > .connect_timeout = 600s; > .first_byte_timeout = 600s; > .between_bytes_timeout = 600s; > .max_connections = 800; > } > > # SET THE ALLOWED IP OF PURGE REQUESTS > # ########################################################## > acl purge { > "localhost"; > "127.0.0.1"; > } > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > > if(req.http.Cookie ~ "xf_(session|user)") { > return (pass); > } > > # set realIP by trimming CloudFlare IP which will be used for various checks > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # Purge request check sections for hash_always_miss, purge and ban > # BLOCK IF NOT IP is not in purge acl > # ########################################################## > > # Enable smart refreshing using hash_always_miss > if (req.http.Cache-Control ~ "no-cache") { > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { > set req.hash_always_miss = true; > } > } > > if (req.method == "PURGE") { > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { > return(synth(405,"Not allowed.")); > } > return (purge); > > } > if (req.method == "BAN") { > # Same ACL check as above: > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { > return(synth(403, "Not allowed.")); > } > ban("req.http.host == " + req.http.host + > " && req.url == " + req.url); > > # Throw a synthetic page so the > # request won't go to the backend. > return(synth(200, "Ban added")); > } > > > # Unset cloudflare cookies > # Remove has_js and CloudFlare/Google Analytics __* cookies. > set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > # Remove a ";" prefix, if present. > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > # For Testing: If you want to test with Varnish passing (not caching) uncomment > # return( pass ); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # DO NOT CACHE RSS FEED > if (req.url ~ "/feed(/)?") { > return ( pass ); > } > > ## Do not cache search results, comment these 3 lines if you do want to cache them > > if (req.url ~ "/\?s\=") { > return ( pass ); > } > > # CLEAN UP THE ENCODING HEADER. > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > # ########################################################## > if (req.http.Accept-Encoding) { > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > # No point in compressing these > unset req.http.Accept-Encoding; > } elsif (req.http.Accept-Encoding ~ "gzip") { > set req.http.Accept-Encoding = "gzip"; > } elsif (req.http.Accept-Encoding ~ "deflate") { > set req.http.Accept-Encoding = "deflate"; > } else { > # unknown algorithm > unset req.http.Accept-Encoding; > } > } > > # PIPE ALL NON-STANDARD REQUESTS > # ########################################################## > if (req.method != "GET" && > req.method != "HEAD" && > req.method != "PUT" && > req.method != "POST" && > req.method != "TRACE" && > req.method != "OPTIONS" && > req.method != "DELETE") { > return (pipe); > } > > # ONLY CACHE GET AND HEAD REQUESTS > # ########################################################## > if (req.method != "GET" && req.method != "HEAD") { > return (pass); > } > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER > # COMMENT OR UNCOMMENT BOTH > # ########################################################## > if ( req.http.cookie ~ "wordpress_logged_in" ) { > return( pass ); > } > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > # THEN UNSET THE COOKIES > # ########################################################## > if (!(req.url ~ "wp-(login|admin)") > && !(req.url ~ "&preview=true" ) > ){ > unset req.http.cookie; > } > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > # ########################################################## > return (hash); > # This is for phpmyadmin > if (req.http.Host == "ki1.org") { > return (pass); > } > > if (req.http.Host == "mysql.ki1.org") { > return (pass); > } > > } > > # HIT FUNCTION > # ########################################################## > sub vcl_hit { > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > # ########################################################## > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (deliver); > } > > # MISS FUNCTION > # ########################################################## > sub vcl_miss { > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (fetch); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) { > unset beresp.http.set-cookie; > set beresp.ttl = 52w; > # set beresp.grace =1w; > } > > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > > > 2016-08-04 16:36 GMT+03:00 Andrei : >> >> correction: >> >> sub vcl_recv { >> if(req.http.Cookie ~ "xf_(session|user)") { >> return (pass); >> } >> } >> >> sub vcl_backend_response { >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> } >> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>> >>> Hello, >>> >>> Aside from the provided VCL being for WordPress, while you're running XenForo, the xf_ cookies are being dropped by your config. A quick fix is: >>> >>> sub vcl_recv { >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> return (pass); >>> } >>> } >>> >>> sub vcl_backend_response { >>> if (req.http.Cookie ~ "xf_(session|user)") { >>> set beresp.uncacheable = true; >>> set beresp.ttl = 1w; >>> return (deliver); >>> } >>> } >>> >>> However, I suggest auditing your VCL, and only including rules specific to the application(s) which you are running. >>> >>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < ayberk.kimsesiz at gmail.com> wrote: >>>> >>>> Users can't login or register to domain.com/forum with the current settings. So we need to make a change related to xf_user and xf_session but how? >>>> >>>> >>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>> >>>>> If you want Varnish to ignore request for a path you need to tell it to pass. In your example you have a rule for the RSS feed. You can do the same for /forum/ in your vcl_recv block. >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> * return ( pass ); * >>>>> *}* >>>>> >>>>> *# DO NOT CACHE FORUM* >>>>> if (req.url ~ "/forum(/)?") { >>>>> return ( pass ); >>>>> } >>>>> >>>>> Cheers, >>>>> Richard >>>>> >>>>>> >>>>>> >>>>>> Message: 1 >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>> From: Ayberk Kimsesiz >>>>>> To: varnish-misc >>>>>> Subject: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> < CAPQGzE29n1QOmHarn9L-9ztquGfeu-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> Hi, >>>>>> >>>>>> Could you please share the appropriate Default.vcl settings for XenForo >>>>>> Forums? No one can register to the forum at the moment. My current >>>>>> Default.vcl settings are as follows. >>>>>> >>>>>> Forum address: domain.com/forum >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> * * *********************************************************/* >>>>>> *vcl 4.0;* >>>>>> *import std;* >>>>>> >>>>>> *backend default {* >>>>>> * .host = "*******";* >>>>>> * .port = "8080";* >>>>>> * .connect_timeout = 600s;* >>>>>> * .first_byte_timeout = 600s;* >>>>>> * .between_bytes_timeout = 600s;* >>>>>> * .max_connections = 800;* >>>>>> *}* >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> *# ##########################################################* >>>>>> *acl purge {* >>>>>> * "localhost";* >>>>>> * "127.0.0.1";* >>>>>> *}* >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_recv {* >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for various >>>>>> checks* >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>> ""); * >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and ban* >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> * # ##########################################################* >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * set req.hash_always_miss = true;* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>> purge) {* >>>>>> * return(synth(405,"Not allowed."));* >>>>>> * }* >>>>>> * return (purge);* >>>>>> >>>>>> * }* >>>>>> *if (req.method == "BAN") {* >>>>>> * # Same ACL check as above:* >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>> ~ purge) {* >>>>>> * return(synth(403, "Not allowed."));* >>>>>> * }* >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> * # request won't go to the backend.* >>>>>> * return(synth(200, "Ban added"));* >>>>>> *}* >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> * # Remove a ";" prefix, if present.* >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not caching) >>>>>> uncomment* >>>>>> * # return( pass );* >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> * if (req.restarts == 0) {* >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> * set req.http.X-Forwarded-For =* >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> * } else {* >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do want to >>>>>> cache them* >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> * return ( pass ); * >>>>>> *}* >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> * # No point in compressing these* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> * } else {* >>>>>> * # unknown algorithm* >>>>>> * unset req.http.Accept-Encoding;* >>>>>> * }* >>>>>> * }* >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" &&* >>>>>> * req.method != "HEAD" &&* >>>>>> * req.method != "PUT" && * >>>>>> * req.method != "POST" &&* >>>>>> * req.method != "TRACE" &&* >>>>>> * req.method != "OPTIONS" &&* >>>>>> * req.method != "DELETE") {* >>>>>> * return (pipe);* >>>>>> * }* >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> * # ##########################################################* >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>>> EITHER* >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> * # ##########################################################* >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> * return( pass );* >>>>>> * }* >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> * # THEN UNSET THE COOKIES* >>>>>> * # ##########################################################* >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> * ){* >>>>>> * unset req.http.cookie;* >>>>>> * }* >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> * # ##########################################################* >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> * # ##########################################################* >>>>>> * return (hash);* >>>>>> * # This is for phpmyadmin* >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>>>> *return (pass);* >>>>>> *}* >>>>>> >>>>>> *}* >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_hit {* >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> * # ##########################################################* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_miss {* >>>>>> * if (req.method == "PURGE") {* >>>>>> * #* >>>>>> * # This is now handled in vcl_recv.* >>>>>> * #* >>>>>> * # purge;* >>>>>> * return (synth(200, "Purged."));* >>>>>> * }* >>>>>> * return (fetch);* >>>>>> *}* >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_backend_response {* >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> * # TO DO THIS* >>>>>> * # ##########################################################* >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> * # ##########################################################* >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) {* >>>>>> * unset beresp.http.set-cookie;* >>>>>> * set beresp.ttl = 52w;* >>>>>> *# set beresp.grace =1w;* >>>>>> * }* >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> * beresp.http.Set-Cookie ||* >>>>>> * beresp.http.Vary == "*") {* >>>>>> * set beresp.ttl = 120 s;* >>>>>> * # set beresp.ttl = 120s;* >>>>>> * set beresp.uncacheable = true;* >>>>>> * return (deliver);* >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_deliver {* >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> * # ##########################################################* >>>>>> * if (obj.hits > 0) {* >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> * # ##########################################################* >>>>>> * } else {* >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> >>>>>> Thanks, >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: < https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/attachment-0001.html > >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> Message: 2 >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>> From: Ayberk Kimsesiz >>>>>> To: varnish-misc >>>>>> Subject: Re: XenForo default.vcl settings >>>>>> Message-ID: >>>>>> < CAPQGzE39XkXy_44z5oUXBO5q5sF5CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. However, solutions >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>>>>> >>>>>> xf_session_admin >>>>>> xf_user >>>>>> xf_session >>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * domain.com/forum >>>>>> * >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz : >>>>>> >>>>>> > Hi, >>>>>> > >>>>>> > Could you please share the appropriate Default.vcl settings for XenForo >>>>>> > Forums? No one can register to the forum at the moment. My current >>>>>> > Default.vcl settings are as follows. >>>>>> > >>>>>> > Forum address: domain.com/forum >>>>>> > >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> > * * *********************************************************/* >>>>>> > *vcl 4.0;* >>>>>> > *import std;* >>>>>> > >>>>>> > *backend default {* >>>>>> > * .host = "*******";* >>>>>> > * .port = "8080";* >>>>>> > * .connect_timeout = 600s;* >>>>>> > * .first_byte_timeout = 600s;* >>>>>> > * .between_bytes_timeout = 600s;* >>>>>> > * .max_connections = 800;* >>>>>> > *}* >>>>>> > >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> > *# ##########################################################* >>>>>> > *acl purge {* >>>>>> > * "localhost";* >>>>>> > * "127.0.0.1";* >>>>>> > *}* >>>>>> > >>>>>> > *#THE RECV FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_recv {* >>>>>> > >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for various >>>>>> > checks* >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>> > ""); * >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # Purge request check sections for hash_always_miss, purge and ban* >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>> > * # ##########################################################* >>>>>> > >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * set req.hash_always_miss = true;* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.method == "PURGE") {* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>> > purge) {* >>>>>> > * return(synth(405,"Not allowed."));* >>>>>> > * }* >>>>>> > * return (purge);* >>>>>> > >>>>>> > * }* >>>>>> > *if (req.method == "BAN") {* >>>>>> > * # Same ACL check as above:* >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> > "1.2.3.4") ~ purge) {* >>>>>> > * return(synth(403, "Not allowed."));* >>>>>> > * }* >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>> > * " && req.url == " + req.url);* >>>>>> > >>>>>> > * # Throw a synthetic page so the* >>>>>> > * # request won't go to the backend.* >>>>>> > * return(synth(200, "Ban added"));* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > *# Unset cloudflare cookies* >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> > * # Remove a ";" prefix, if present.* >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>>>>> > >>>>>> > * # For Testing: If you want to test with Varnish passing (not caching) >>>>>> > uncomment* >>>>>> > * # return( pass );* >>>>>> > >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> > * if (req.restarts == 0) {* >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> > * } else {* >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *## Do not cache search results, comment these 3 lines if you do want to >>>>>> > cache them* >>>>>> > >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>> > * return ( pass ); * >>>>>> > *}* >>>>>> > >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING* >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>>>> > * # No point in compressing these* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>> > * } else {* >>>>>> > * # unknown algorithm* >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> > * }* >>>>>> > * }* >>>>>> > >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" &&* >>>>>> > * req.method != "HEAD" &&* >>>>>> > * req.method != "PUT" && * >>>>>> > * req.method != "POST" &&* >>>>>> > * req.method != "TRACE" &&* >>>>>> > * req.method != "OPTIONS" &&* >>>>>> > * req.method != "DELETE") {* >>>>>> > * return (pipe);* >>>>>> > * }* >>>>>> > >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>>>> > EITHER* >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>> > * # ##########################################################* >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> > * return( pass );* >>>>>> > * }* >>>>>> > >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> > * # THEN UNSET THE COOKIES* >>>>>> > * # ##########################################################* >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>> > * ){* >>>>>> > * unset req.http.cookie;* >>>>>> > * }* >>>>>> > >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>> > * return (pass);* >>>>>> > * }* >>>>>> > >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> > * # ##########################################################* >>>>>> > * return (hash);* >>>>>> > * # This is for phpmyadmin* >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *if (req.http.Host == "mysql.ki1.org ") {* >>>>>> > *return (pass);* >>>>>> > *}* >>>>>> > >>>>>> > *}* >>>>>> > >>>>>> > *# HIT FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_hit {* >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> > * # ##########################################################* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# MISS FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_miss {* >>>>>> > * if (req.method == "PURGE") {* >>>>>> > * #* >>>>>> > * # This is now handled in vcl_recv.* >>>>>> > * #* >>>>>> > * # purge;* >>>>>> > * return (synth(200, "Purged."));* >>>>>> > * }* >>>>>> > * return (fetch);* >>>>>> > *}* >>>>>> > >>>>>> > *# FETCH FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_backend_response {* >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> > * # TO DO THIS* >>>>>> > * # ##########################################################* >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>> > >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> > * # ##########################################################* >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> > "wordpress_logged_in" ) {* >>>>>> > * unset beresp.http.set-cookie;* >>>>>> > * set beresp.ttl = 52w;* >>>>>> > *# set beresp.grace =1w;* >>>>>> > * }* >>>>>> > >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>> > * beresp.http.Set-Cookie ||* >>>>>> > * beresp.http.Vary == "*") {* >>>>>> > * set beresp.ttl = 120 s;* >>>>>> > * # set beresp.ttl = 120s;* >>>>>> > * set beresp.uncacheable = true;* >>>>>> > * return (deliver);* >>>>>> > * }* >>>>>> > >>>>>> > * return (deliver);* >>>>>> > *}* >>>>>> > >>>>>> > *# DELIVER FUNCTION* >>>>>> > *# ##########################################################* >>>>>> > *sub vcl_deliver {* >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> > * # ##########################################################* >>>>>> > * if (obj.hits > 0) {* >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> > * # ##########################################################* >>>>>> > * } else {* >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>> > * }* >>>>>> > *}* >>>>>> > >>>>>> > >>>>>> > Thanks, >>>>>> > >>>>>> -------------- next part -------------- >>>>>> An HTML attachment was scrubbed... >>>>>> URL: < https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/attachment.html > >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> _______________________________________________ >>>>>> varnish-misc mailing list >>>>>> varnish-misc at varnish-cache.org >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>> ********************************************* >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> varnish-misc mailing list >>>>> varnish-misc at varnish-cache.org >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>>> >>>> >>>> _______________________________________________ >>>> varnish-misc mailing list >>>> varnish-misc at varnish-cache.org >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 14:43:22 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 17:43:22 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Log message: [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT - ReqHeader X-Forwarded-For: 95.5.187.232 - VCL_call RECV - ReqHeader X-Actual-IP: 95.5.187.232 - ReqUnset X-Forwarded-For: 95.5.187.232 - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla wFoW2XT0IpqCIsH5v7bQ; xf_session= - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, 95.5.187.232 - ReqUnset Accept-Encoding: gzip, deflate, sdch - ReqHeader Accept-Encoding: gzip - VCL_Log PPPAASS - VCL_return pass - VCL_call HASH - VCL_return lookup - VCL_call PASS - VCL_return fetch - Link bereq 524435 pass - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 - RespProtocol HTTP/1.1 - RespStatus 200 - RespReason OK - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT - RespHeader Server: Apache/2 - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" - RespHeader Accept-Ranges: bytes -- - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT - ReqHeader X-Forwarded-For: 95.5.187.232 - VCL_call RECV - ReqHeader X-Actual-IP: 95.5.187.232 - ReqUnset X-Forwarded-For: 95.5.187.232 - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla wFoW2XT0IpqCIsH5v7bQ; xf_session= - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; pps_times_showed_100=1; xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t est_cookie=WP+Cookie+check - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; pps_show_100=Th 2016-08-04 17:24 GMT+03:00 Lane, Richard : > I assume you reloaded/restarted Varnish after these changes were made. If > so, can you verify that you do have the cookies set on the request? > > maybe add this log message right before returning > > if(req.http.Cookie ~ "xf_(session|user)") { > std.log( "PPPAASS Cookie set for forum"); > return (pass); > > } > > Then you can use varnishlog command (below) to verify cookie is found > > varnishlog | grep -A15 -B15 "PPPAASS" > > > Cheers, > Richard > > > On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz > wrote: > > > > First of all, thank you. However the problem continues. Can you examine > the codes? > > > > > > /* SET THE HOST AND PORT OF WORDPRESS > > * *********************************************************/ > > vcl 4.0; > > import std; > > > > backend default { > > .host = "*******"; > > .port = "8080"; > > .connect_timeout = 600s; > > .first_byte_timeout = 600s; > > .between_bytes_timeout = 600s; > > .max_connections = 800; > > } > > > > # SET THE ALLOWED IP OF PURGE REQUESTS > > # ########################################################## > > acl purge { > > "localhost"; > > "127.0.0.1"; > > } > > > > #THE RECV FUNCTION > > # ########################################################## > > sub vcl_recv { > > > > if(req.http.Cookie ~ "xf_(session|user)") { > > return (pass); > > } > > > > # set realIP by trimming CloudFlare IP which will be used for various > checks > > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); > > > > # FORWARD THE IP OF THE REQUEST > > if (req.restarts == 0) { > > if (req.http.x-forwarded-for) { > > set req.http.X-Forwarded-For = > > req.http.X-Forwarded-For + ", " + client.ip; > > } else { > > set req.http.X-Forwarded-For = client.ip; > > } > > } > > > > # Purge request check sections for hash_always_miss, purge and ban > > # BLOCK IF NOT IP is not in purge acl > > # ########################################################## > > > > # Enable smart refreshing using hash_always_miss > > if (req.http.Cache-Control ~ "no-cache") { > > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > > set req.hash_always_miss = true; > > } > > } > > > > if (req.method == "PURGE") { > > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > > return(synth(405,"Not allowed.")); > > } > > return (purge); > > > > } > > if (req.method == "BAN") { > > # Same ACL check as above: > > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ purge) { > > return(synth(403, "Not allowed.")); > > } > > ban("req.http.host == " + req.http.host + > > " && req.url == " + req.url); > > > > # Throw a synthetic page so the > > # request won't go to the backend. > > return(synth(200, "Ban added")); > > } > > > > > > # Unset cloudflare cookies > > # Remove has_js and CloudFlare/Google Analytics __* cookies. > > set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > > # Remove a ";" prefix, if present. > > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > > > # For Testing: If you want to test with Varnish passing (not caching) > uncomment > > # return( pass ); > > > > # FORWARD THE IP OF THE REQUEST > > if (req.restarts == 0) { > > if (req.http.x-forwarded-for) { > > set req.http.X-Forwarded-For = > > req.http.X-Forwarded-For + ", " + client.ip; > > } else { > > set req.http.X-Forwarded-For = client.ip; > > } > > } > > > > # DO NOT CACHE RSS FEED > > if (req.url ~ "/feed(/)?") { > > return ( pass ); > > } > > > > ## Do not cache search results, comment these 3 lines if you do want to > cache them > > > > if (req.url ~ "/\?s\=") { > > return ( pass ); > > } > > > > # CLEAN UP THE ENCODING HEADER. > > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > > # ########################################################## > > if (req.http.Accept-Encoding) { > > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > > # No point in compressing these > > unset req.http.Accept-Encoding; > > } elsif (req.http.Accept-Encoding ~ "gzip") { > > set req.http.Accept-Encoding = "gzip"; > > } elsif (req.http.Accept-Encoding ~ "deflate") { > > set req.http.Accept-Encoding = "deflate"; > > } else { > > # unknown algorithm > > unset req.http.Accept-Encoding; > > } > > } > > > > # PIPE ALL NON-STANDARD REQUESTS > > # ########################################################## > > if (req.method != "GET" && > > req.method != "HEAD" && > > req.method != "PUT" && > > req.method != "POST" && > > req.method != "TRACE" && > > req.method != "OPTIONS" && > > req.method != "DELETE") { > > return (pipe); > > } > > > > # ONLY CACHE GET AND HEAD REQUESTS > > # ########################################################## > > if (req.method != "GET" && req.method != "HEAD") { > > return (pass); > > } > > > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER > > # COMMENT OR UNCOMMENT BOTH > > # ########################################################## > > if ( req.http.cookie ~ "wordpress_logged_in" ) { > > return( pass ); > > } > > > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > > # THEN UNSET THE COOKIES > > # ########################################################## > > if (!(req.url ~ "wp-(login|admin)") > > && !(req.url ~ "&preview=true" ) > > ){ > > unset req.http.cookie; > > } > > > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > > # ########################################################## > > if (req.http.Authorization || req.http.Cookie) { > > return (pass); > > } > > > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > > # ########################################################## > > return (hash); > > # This is for phpmyadmin > > if (req.http.Host == "ki1.org") { > > return (pass); > > } > > > > if (req.http.Host == "mysql.ki1.org") { > > return (pass); > > } > > > > } > > > > # HIT FUNCTION > > # ########################################################## > > sub vcl_hit { > > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > > # ########################################################## > > if (req.method == "PURGE") { > > # > > # This is now handled in vcl_recv. > > # > > # purge; > > return (synth(200, "Purged.")); > > } > > return (deliver); > > } > > > > # MISS FUNCTION > > # ########################################################## > > sub vcl_miss { > > if (req.method == "PURGE") { > > # > > # This is now handled in vcl_recv. > > # > > # purge; > > return (synth(200, "Purged.")); > > } > > return (fetch); > > } > > > > # FETCH FUNCTION > > # ########################################################## > > sub vcl_backend_response { > > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > > # TO DO THIS > > # ########################################################## > > set beresp.http.Vary = "Accept-Encoding"; > > > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > > # TIME THIS PAGE WILL STAY CACHED (TTL) > > # ########################################################## > > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) { > > unset beresp.http.set-cookie; > > set beresp.ttl = 52w; > > # set beresp.grace =1w; > > } > > > > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > > set beresp.uncacheable = true; > > set beresp.ttl = 1w; > > return (deliver); > > } > > > > > > if (beresp.ttl <= 0s || > > beresp.http.Set-Cookie || > > beresp.http.Vary == "*") { > > set beresp.ttl = 120 s; > > # set beresp.ttl = 120s; > > set beresp.uncacheable = true; > > return (deliver); > > } > > > > return (deliver); > > } > > > > # DELIVER FUNCTION > > # ########################################################## > > sub vcl_deliver { > > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > > # IN THE HEADER (GREAT FOR DEBUGGING) > > # ########################################################## > > if (obj.hits > 0) { > > set resp.http.X-Cache = "HIT"; > > # IF THIS IS A MISS RETURN THAT IN THE HEADER > > # ########################################################## > > } else { > > set resp.http.X-Cache = "MISS"; > > } > > } > > > > > > > > 2016-08-04 16:36 GMT+03:00 Andrei : > >> > >> correction: > >> > >> sub vcl_recv { > >> if(req.http.Cookie ~ "xf_(session|user)") { > >> return (pass); > >> } > >> } > >> > >> sub vcl_backend_response { > >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > >> set beresp.uncacheable = true; > >> set beresp.ttl = 1w; > >> return (deliver); > >> } > >> } > >> > >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: > >>> > >>> Hello, > >>> > >>> Aside from the provided VCL being for WordPress, while you're running > XenForo, the xf_ cookies are being dropped by your config. A quick fix is: > >>> > >>> sub vcl_recv { > >>> if( req.http.Cookie ~ "xf_(session|user)") { > >>> return (pass); > >>> } > >>> } > >>> > >>> sub vcl_backend_response { > >>> if (req.http.Cookie ~ "xf_(session|user)") { > >>> set beresp.uncacheable = true; > >>> set beresp.ttl = 1w; > >>> return (deliver); > >>> } > >>> } > >>> > >>> However, I suggest auditing your VCL, and only including rules > specific to the application(s) which you are running. > >>> > >>> > >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com> wrote: > >>>> > >>>> Users can't login or register to domain.com/forum with the current > settings. So we need to make a change related to xf_user and xf_session but > how? > >>>> > >>>> > >>>> > >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : > >>>>> > >>>>> If you want Varnish to ignore request for a path you need to tell it > to pass. In your example you have a rule for the RSS feed. You can do the > same for /forum/ in your vcl_recv block. > >>>>> > >>>>> *# DO NOT CACHE RSS FEED* > >>>>> * if (req.url ~ "/feed(/)?") {* > >>>>> * return ( pass ); * > >>>>> *}* > >>>>> > >>>>> *# DO NOT CACHE FORUM* > >>>>> if (req.url ~ "/forum(/)?") { > >>>>> return ( pass ); > >>>>> } > >>>>> > >>>>> Cheers, > >>>>> Richard > >>>>> > >>>>>> > >>>>>> > >>>>>> Message: 1 > >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 > >>>>>> From: Ayberk Kimsesiz > >>>>>> To: varnish-misc > >>>>>> Subject: XenForo default.vcl settings > >>>>>> Message-ID: > >>>>>> Q at mail.gmail.com> > >>>>>> Content-Type: text/plain; charset="utf-8" > >>>>>> > >>>>>> Hi, > >>>>>> > >>>>>> Could you please share the appropriate Default.vcl settings for > XenForo > >>>>>> Forums? No one can register to the forum at the moment. My current > >>>>>> Default.vcl settings are as follows. > >>>>>> > >>>>>> Forum address: domain.com/forum > >>>>>> > >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* > >>>>>> * * *********************************************************/* > >>>>>> *vcl 4.0;* > >>>>>> *import std;* > >>>>>> > >>>>>> *backend default {* > >>>>>> * .host = "*******";* > >>>>>> * .port = "8080";* > >>>>>> * .connect_timeout = 600s;* > >>>>>> * .first_byte_timeout = 600s;* > >>>>>> * .between_bytes_timeout = 600s;* > >>>>>> * .max_connections = 800;* > >>>>>> *}* > >>>>>> > >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* > >>>>>> *# ##########################################################* > >>>>>> *acl purge {* > >>>>>> * "localhost";* > >>>>>> * "127.0.0.1";* > >>>>>> *}* > >>>>>> > >>>>>> *#THE RECV FUNCTION* > >>>>>> *# ##########################################################* > >>>>>> *sub vcl_recv {* > >>>>>> > >>>>>> *# set realIP by trimming CloudFlare IP which will be used for > various > >>>>>> checks* > >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, > ].*$", > >>>>>> ""); * > >>>>>> > >>>>>> * # FORWARD THE IP OF THE REQUEST* > >>>>>> * if (req.restarts == 0) {* > >>>>>> * if (req.http.x-forwarded-for) {* > >>>>>> * set req.http.X-Forwarded-For =* > >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* > >>>>>> * } else {* > >>>>>> * set req.http.X-Forwarded-For = client.ip;* > >>>>>> * }* > >>>>>> * }* > >>>>>> > >>>>>> * # Purge request check sections for hash_always_miss, purge and > ban* > >>>>>> * # BLOCK IF NOT IP is not in purge acl* > >>>>>> * # ##########################################################* > >>>>>> > >>>>>> * # Enable smart refreshing using hash_always_miss* > >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* > >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ > >>>>>> purge) {* > >>>>>> * set req.hash_always_miss = true;* > >>>>>> * }* > >>>>>> *}* > >>>>>> > >>>>>> *if (req.method == "PURGE") {* > >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ > >>>>>> purge) {* > >>>>>> * return(synth(405,"Not allowed."));* > >>>>>> * }* > >>>>>> * return (purge);* > >>>>>> > >>>>>> * }* > >>>>>> *if (req.method == "BAN") {* > >>>>>> * # Same ACL check as above:* > >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") > >>>>>> ~ purge) {* > >>>>>> * return(synth(403, "Not allowed."));* > >>>>>> * }* > >>>>>> * ban("req.http.host == " + req.http.host +* > >>>>>> * " && req.url == " + req.url);* > >>>>>> > >>>>>> * # Throw a synthetic page so the* > >>>>>> * # request won't go to the backend.* > >>>>>> * return(synth(200, "Ban added"));* > >>>>>> *}* > >>>>>> > >>>>>> > >>>>>> *# Unset cloudflare cookies* > >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, > >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > >>>>>> * # Remove a ";" prefix, if present.* > >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > >>>>>> > >>>>>> * # For Testing: If you want to test with Varnish passing (not > caching) > >>>>>> uncomment* > >>>>>> * # return( pass );* > >>>>>> > >>>>>> * # FORWARD THE IP OF THE REQUEST* > >>>>>> * if (req.restarts == 0) {* > >>>>>> * if (req.http.x-forwarded-for) {* > >>>>>> * set req.http.X-Forwarded-For =* > >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* > >>>>>> * } else {* > >>>>>> * set req.http.X-Forwarded-For = client.ip;* > >>>>>> * }* > >>>>>> * }* > >>>>>> > >>>>>> *# DO NOT CACHE RSS FEED* > >>>>>> * if (req.url ~ "/feed(/)?") {* > >>>>>> * return ( pass ); * > >>>>>> *}* > >>>>>> > >>>>>> *## Do not cache search results, comment these 3 lines if you do > want to > >>>>>> cache them* > >>>>>> > >>>>>> *if (req.url ~ "/\?s\=") {* > >>>>>> * return ( pass ); * > >>>>>> *}* > >>>>>> > >>>>>> *# CLEAN UP THE ENCODING HEADER.* > >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY > ACCEPT-ENCODING* > >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > >>>>>> * # ##########################################################* > >>>>>> * if (req.http.Accept-Encoding) {* > >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > >>>>>> * # No point in compressing these* > >>>>>> * unset req.http.Accept-Encoding;* > >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* > >>>>>> * set req.http.Accept-Encoding = "gzip";* > >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* > >>>>>> * set req.http.Accept-Encoding = "deflate";* > >>>>>> * } else {* > >>>>>> * # unknown algorithm* > >>>>>> * unset req.http.Accept-Encoding;* > >>>>>> * }* > >>>>>> * }* > >>>>>> > >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* > >>>>>> * # ##########################################################* > >>>>>> * if (req.method != "GET" &&* > >>>>>> * req.method != "HEAD" &&* > >>>>>> * req.method != "PUT" && * > >>>>>> * req.method != "POST" &&* > >>>>>> * req.method != "TRACE" &&* > >>>>>> * req.method != "OPTIONS" &&* > >>>>>> * req.method != "DELETE") {* > >>>>>> * return (pipe);* > >>>>>> * }* > >>>>>> > >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* > >>>>>> * # ##########################################################* > >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* > >>>>>> * return (pass);* > >>>>>> * }* > >>>>>> > >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH > TOO, > >>>>>> EITHER* > >>>>>> * # COMMENT OR UNCOMMENT BOTH* > >>>>>> * # ##########################################################* > >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > >>>>>> * return( pass );* > >>>>>> * }* > >>>>>> > >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > >>>>>> * # THEN UNSET THE COOKIES* > >>>>>> * # ##########################################################* > >>>>>> * if (!(req.url ~ "wp-(login|admin)") * > >>>>>> * && !(req.url ~ "&preview=true" ) * > >>>>>> * ){* > >>>>>> * unset req.http.cookie;* > >>>>>> * }* > >>>>>> > >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > >>>>>> * # ##########################################################* > >>>>>> * if (req.http.Authorization || req.http.Cookie) {* > >>>>>> * return (pass);* > >>>>>> * }* > >>>>>> > >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > >>>>>> * # ##########################################################* > >>>>>> * return (hash);* > >>>>>> * # This is for phpmyadmin* > >>>>>> *if (req.http.Host == "ki1.org ") {* > >>>>>> *return (pass);* > >>>>>> *}* > >>>>>> > >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* > >>>>>> *return (pass);* > >>>>>> *}* > >>>>>> > >>>>>> *}* > >>>>>> > >>>>>> *# HIT FUNCTION* > >>>>>> *# ##########################################################* > >>>>>> *sub vcl_hit {* > >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > >>>>>> * # ##########################################################* > >>>>>> * if (req.method == "PURGE") {* > >>>>>> * #* > >>>>>> * # This is now handled in vcl_recv.* > >>>>>> * #* > >>>>>> * # purge;* > >>>>>> * return (synth(200, "Purged."));* > >>>>>> * }* > >>>>>> * return (deliver);* > >>>>>> *}* > >>>>>> > >>>>>> *# MISS FUNCTION* > >>>>>> *# ##########################################################* > >>>>>> *sub vcl_miss {* > >>>>>> * if (req.method == "PURGE") {* > >>>>>> * #* > >>>>>> * # This is now handled in vcl_recv.* > >>>>>> * #* > >>>>>> * # purge;* > >>>>>> * return (synth(200, "Purged."));* > >>>>>> * }* > >>>>>> * return (fetch);* > >>>>>> *}* > >>>>>> > >>>>>> *# FETCH FUNCTION* > >>>>>> *# ##########################################################* > >>>>>> *sub vcl_backend_response {* > >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > >>>>>> * # TO DO THIS* > >>>>>> * # ##########################################################* > >>>>>> * set beresp.http.Vary = "Accept-Encoding";* > >>>>>> > >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* > >>>>>> * # ##########################################################* > >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > >>>>>> "wordpress_logged_in" ) {* > >>>>>> * unset beresp.http.set-cookie;* > >>>>>> * set beresp.ttl = 52w;* > >>>>>> *# set beresp.grace =1w;* > >>>>>> * }* > >>>>>> > >>>>>> * if (beresp.ttl <= 0s ||* > >>>>>> * beresp.http.Set-Cookie ||* > >>>>>> * beresp.http.Vary == "*") {* > >>>>>> * set beresp.ttl = 120 s;* > >>>>>> * # set beresp.ttl = 120s;* > >>>>>> * set beresp.uncacheable = true;* > >>>>>> * return (deliver);* > >>>>>> * }* > >>>>>> > >>>>>> * return (deliver);* > >>>>>> *}* > >>>>>> > >>>>>> *# DELIVER FUNCTION* > >>>>>> *# ##########################################################* > >>>>>> *sub vcl_deliver {* > >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* > >>>>>> * # ##########################################################* > >>>>>> * if (obj.hits > 0) {* > >>>>>> * set resp.http.X-Cache = "HIT";* > >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > >>>>>> * # ##########################################################* > >>>>>> * } else {* > >>>>>> * set resp.http.X-Cache = "MISS";* > >>>>>> * }* > >>>>>> *}* > >>>>>> > >>>>>> > >>>>>> Thanks, > >>>>>> -------------- next part -------------- > >>>>>> An HTML attachment was scrubbed... > >>>>>> URL: misc/attachments/20160803/d572e4b2/attachment-0001.html> > >>>>>> > >>>>>> ------------------------------ > >>>>>> > >>>>>> Message: 2 > >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 > >>>>>> From: Ayberk Kimsesiz > >>>>>> To: varnish-misc > >>>>>> Subject: Re: XenForo default.vcl settings > >>>>>> Message-ID: > >>>>>> O3i1ofA at mail.gmail.com> > >>>>>> Content-Type: text/plain; charset="utf-8" > >>>>>> > >>>>>> I need to add the followings to default.vcl for Xenforo. However, > solutions > >>>>>> in the Xenforo forums for this didn't work. Can you please help? > >>>>>> > >>>>>> xf_session_admin > >>>>>> xf_user > >>>>>> xf_session > >>>>>> > >>>>>> Or how can i block Varnish in a way that it doesn't work in * > domain.com/forum > >>>>>> * > >>>>>> > >>>>>> > >>>>>> > >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < > ayberk.kimsesiz at gmail.com>: > >>>>>> > >>>>>> > Hi, > >>>>>> > > >>>>>> > Could you please share the appropriate Default.vcl settings for > XenForo > >>>>>> > Forums? No one can register to the forum at the moment. My current > >>>>>> > Default.vcl settings are as follows. > >>>>>> > > >>>>>> > Forum address: domain.com/forum > >>>>>> > > >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* > >>>>>> > * * *********************************************************/* > >>>>>> > *vcl 4.0;* > >>>>>> > *import std;* > >>>>>> > > >>>>>> > *backend default {* > >>>>>> > * .host = "*******";* > >>>>>> > * .port = "8080";* > >>>>>> > * .connect_timeout = 600s;* > >>>>>> > * .first_byte_timeout = 600s;* > >>>>>> > * .between_bytes_timeout = 600s;* > >>>>>> > * .max_connections = 800;* > >>>>>> > *}* > >>>>>> > > >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* > >>>>>> > *# ##########################################################* > >>>>>> > *acl purge {* > >>>>>> > * "localhost";* > >>>>>> > * "127.0.0.1";* > >>>>>> > *}* > >>>>>> > > >>>>>> > *#THE RECV FUNCTION* > >>>>>> > *# ##########################################################* > >>>>>> > *sub vcl_recv {* > >>>>>> > > >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for > various > >>>>>> > checks* > >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, > ].*$", > >>>>>> > ""); * > >>>>>> > > >>>>>> > * # FORWARD THE IP OF THE REQUEST* > >>>>>> > * if (req.restarts == 0) {* > >>>>>> > * if (req.http.x-forwarded-for) {* > >>>>>> > * set req.http.X-Forwarded-For =* > >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* > >>>>>> > * } else {* > >>>>>> > * set req.http.X-Forwarded-For = client.ip;* > >>>>>> > * }* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # Purge request check sections for hash_always_miss, purge and > ban* > >>>>>> > * # BLOCK IF NOT IP is not in purge acl* > >>>>>> > * # ##########################################################* > >>>>>> > > >>>>>> > * # Enable smart refreshing using hash_always_miss* > >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* > >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ > >>>>>> > purge) {* > >>>>>> > * set req.hash_always_miss = true;* > >>>>>> > * }* > >>>>>> > *}* > >>>>>> > > >>>>>> > *if (req.method == "PURGE") {* > >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > "1.2.3.4") ~ > >>>>>> > purge) {* > >>>>>> > * return(synth(405,"Not allowed."));* > >>>>>> > * }* > >>>>>> > * return (purge);* > >>>>>> > > >>>>>> > * }* > >>>>>> > *if (req.method == "BAN") {* > >>>>>> > * # Same ACL check as above:* > >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, > >>>>>> > "1.2.3.4") ~ purge) {* > >>>>>> > * return(synth(403, "Not allowed."));* > >>>>>> > * }* > >>>>>> > * ban("req.http.host == " + req.http.host +* > >>>>>> > * " && req.url == " + req.url);* > >>>>>> > > >>>>>> > * # Throw a synthetic page so the* > >>>>>> > * # request won't go to the backend.* > >>>>>> > * return(synth(200, "Ban added"));* > >>>>>> > *}* > >>>>>> > > >>>>>> > > >>>>>> > *# Unset cloudflare cookies* > >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* > >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, > >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* > >>>>>> > * # Remove a ";" prefix, if present.* > >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* > >>>>>> > > >>>>>> > * # For Testing: If you want to test with Varnish passing (not > caching) > >>>>>> > uncomment* > >>>>>> > * # return( pass );* > >>>>>> > > >>>>>> > * # FORWARD THE IP OF THE REQUEST* > >>>>>> > * if (req.restarts == 0) {* > >>>>>> > * if (req.http.x-forwarded-for) {* > >>>>>> > * set req.http.X-Forwarded-For =* > >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* > >>>>>> > * } else {* > >>>>>> > * set req.http.X-Forwarded-For = client.ip;* > >>>>>> > * }* > >>>>>> > * }* > >>>>>> > > >>>>>> > *# DO NOT CACHE RSS FEED* > >>>>>> > * if (req.url ~ "/feed(/)?") {* > >>>>>> > * return ( pass ); * > >>>>>> > *}* > >>>>>> > > >>>>>> > *## Do not cache search results, comment these 3 lines if you do > want to > >>>>>> > cache them* > >>>>>> > > >>>>>> > *if (req.url ~ "/\?s\=") {* > >>>>>> > * return ( pass ); * > >>>>>> > *}* > >>>>>> > > >>>>>> > *# CLEAN UP THE ENCODING HEADER.* > >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY > ACCEPT-ENCODING* > >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* > >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* > >>>>>> > * # ##########################################################* > >>>>>> > * if (req.http.Accept-Encoding) {* > >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* > >>>>>> > * # No point in compressing these* > >>>>>> > * unset req.http.Accept-Encoding;* > >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* > >>>>>> > * set req.http.Accept-Encoding = "gzip";* > >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* > >>>>>> > * set req.http.Accept-Encoding = "deflate";* > >>>>>> > * } else {* > >>>>>> > * # unknown algorithm* > >>>>>> > * unset req.http.Accept-Encoding;* > >>>>>> > * }* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* > >>>>>> > * # ##########################################################* > >>>>>> > * if (req.method != "GET" &&* > >>>>>> > * req.method != "HEAD" &&* > >>>>>> > * req.method != "PUT" && * > >>>>>> > * req.method != "POST" &&* > >>>>>> > * req.method != "TRACE" &&* > >>>>>> > * req.method != "OPTIONS" &&* > >>>>>> > * req.method != "DELETE") {* > >>>>>> > * return (pipe);* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* > >>>>>> > * # ##########################################################* > >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* > >>>>>> > * return (pass);* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH > TOO, > >>>>>> > EITHER* > >>>>>> > * # COMMENT OR UNCOMMENT BOTH* > >>>>>> > * # ##########################################################* > >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* > >>>>>> > * return( pass );* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* > >>>>>> > * # THEN UNSET THE COOKIES* > >>>>>> > * # ##########################################################* > >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * > >>>>>> > * && !(req.url ~ "&preview=true" ) * > >>>>>> > * ){* > >>>>>> > * unset req.http.cookie;* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* > >>>>>> > * # ##########################################################* > >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* > >>>>>> > * return (pass);* > >>>>>> > * }* > >>>>>> > > >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* > >>>>>> > * # ##########################################################* > >>>>>> > * return (hash);* > >>>>>> > * # This is for phpmyadmin* > >>>>>> > *if (req.http.Host == "ki1.org ") {* > >>>>>> > *return (pass);* > >>>>>> > *}* > >>>>>> > > >>>>>> > *if (req.http.Host == "mysql.ki1.org ") {* > >>>>>> > *return (pass);* > >>>>>> > *}* > >>>>>> > > >>>>>> > *}* > >>>>>> > > >>>>>> > *# HIT FUNCTION* > >>>>>> > *# ##########################################################* > >>>>>> > *sub vcl_hit {* > >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* > >>>>>> > * # ##########################################################* > >>>>>> > * if (req.method == "PURGE") {* > >>>>>> > * #* > >>>>>> > * # This is now handled in vcl_recv.* > >>>>>> > * #* > >>>>>> > * # purge;* > >>>>>> > * return (synth(200, "Purged."));* > >>>>>> > * }* > >>>>>> > * return (deliver);* > >>>>>> > *}* > >>>>>> > > >>>>>> > *# MISS FUNCTION* > >>>>>> > *# ##########################################################* > >>>>>> > *sub vcl_miss {* > >>>>>> > * if (req.method == "PURGE") {* > >>>>>> > * #* > >>>>>> > * # This is now handled in vcl_recv.* > >>>>>> > * #* > >>>>>> > * # purge;* > >>>>>> > * return (synth(200, "Purged."));* > >>>>>> > * }* > >>>>>> > * return (fetch);* > >>>>>> > *}* > >>>>>> > > >>>>>> > *# FETCH FUNCTION* > >>>>>> > *# ##########################################################* > >>>>>> > *sub vcl_backend_response {* > >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > >>>>>> > * # TO DO THIS* > >>>>>> > * # ##########################################################* > >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* > >>>>>> > > >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > >>>>>> > * # ##########################################################* > >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > >>>>>> > "wordpress_logged_in" ) {* > >>>>>> > * unset beresp.http.set-cookie;* > >>>>>> > * set beresp.ttl = 52w;* > >>>>>> > *# set beresp.grace =1w;* > >>>>>> > * }* > >>>>>> > > >>>>>> > * if (beresp.ttl <= 0s ||* > >>>>>> > * beresp.http.Set-Cookie ||* > >>>>>> > * beresp.http.Vary == "*") {* > >>>>>> > * set beresp.ttl = 120 s;* > >>>>>> > * # set beresp.ttl = 120s;* > >>>>>> > * set beresp.uncacheable = true;* > >>>>>> > * return (deliver);* > >>>>>> > * }* > >>>>>> > > >>>>>> > * return (deliver);* > >>>>>> > *}* > >>>>>> > > >>>>>> > *# DELIVER FUNCTION* > >>>>>> > *# ##########################################################* > >>>>>> > *sub vcl_deliver {* > >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* > >>>>>> > * # ##########################################################* > >>>>>> > * if (obj.hits > 0) {* > >>>>>> > * set resp.http.X-Cache = "HIT";* > >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > >>>>>> > * # ##########################################################* > >>>>>> > * } else {* > >>>>>> > * set resp.http.X-Cache = "MISS";* > >>>>>> > * }* > >>>>>> > *}* > >>>>>> > > >>>>>> > > >>>>>> > Thanks, > >>>>>> > > >>>>>> -------------- next part -------------- > >>>>>> An HTML attachment was scrubbed... > >>>>>> URL: misc/attachments/20160804/4e3f064a/attachment.html> > >>>>>> > >>>>>> ------------------------------ > >>>>>> > >>>>>> _______________________________________________ > >>>>>> varnish-misc mailing list > >>>>>> varnish-misc at varnish-cache.org > >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > >>>>>> > >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 > >>>>>> ********************************************* > >>>>> > >>>>> > >>>>> > >>>>> _______________________________________________ > >>>>> varnish-misc mailing list > >>>>> varnish-misc at varnish-cache.org > >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > >>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> varnish-misc mailing list > >>>> varnish-misc at varnish-cache.org > >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > >>> > >>> > >> > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lagged at gmail.com Thu Aug 4 14:50:38 2016 From: lagged at gmail.com (Andrei) Date: Thu, 4 Aug 2016 09:50:38 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: The log output suggests the xf_ cookie check in vcl_recv is not the first thing to run as you pasted earlier. Also, looking a bit closer, your issue the fact that you unset the cookie in vcl_backend_response if it's not wordpress related. Again, you should really audit your entire VCL, and remove unneeded stuff, like all the WordPress related rules if you're not using it. On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz wrote: > Log message: > > [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" > - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" > - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT > - ReqHeader X-Forwarded-For: 95.5.187.232 > - VCL_call RECV > - ReqHeader X-Actual-IP: 95.5.187.232 > - ReqUnset X-Forwarded-For: 95.5.187.232 > - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 > - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla > wFoW2XT0IpqCIsH5v7bQ; xf_session= > - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t > est_cookie=WP+Cookie+check > - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t > est_cookie=WP+Cookie+check > - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t > est_cookie=WP+Cookie+check > - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 > - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, > 95.5.187.232 > - ReqUnset Accept-Encoding: gzip, deflate, sdch > - ReqHeader Accept-Encoding: gzip > - VCL_Log PPPAASS > - VCL_return pass > - VCL_call HASH > - VCL_return lookup > - VCL_call PASS > - VCL_return fetch > - Link bereq 524435 pass > - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 > - RespProtocol HTTP/1.1 > - RespStatus 200 > - RespReason OK > - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT > - RespHeader Server: Apache/2 > - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT > - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" > - RespHeader Accept-Ranges: bytes > -- > - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT > - ReqHeader X-Forwarded-For: 95.5.187.232 > - VCL_call RECV > - ReqHeader X-Actual-IP: 95.5.187.232 > - ReqUnset X-Forwarded-For: 95.5.187.232 > - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 > - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla > wFoW2XT0IpqCIsH5v7bQ; xf_session= > - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t > est_cookie=WP+Cookie+check > - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; > pps_times_showed_100=1; > xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t > est_cookie=WP+Cookie+check > - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; > pps_show_100=Th > > 2016-08-04 17:24 GMT+03:00 Lane, Richard : > >> I assume you reloaded/restarted Varnish after these changes were made. If >> so, can you verify that you do have the cookies set on the request? >> >> maybe add this log message right before returning >> >> if(req.http.Cookie ~ "xf_(session|user)") { >> std.log( "PPPAASS Cookie set for forum"); >> return (pass); >> >> } >> >> Then you can use varnishlog command (below) to verify cookie is found >> >> varnishlog | grep -A15 -B15 "PPPAASS" >> >> >> Cheers, >> Richard >> >> >> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> > >> > First of all, thank you. However the problem continues. Can you examine >> the codes? >> > >> > >> > /* SET THE HOST AND PORT OF WORDPRESS >> > * *********************************************************/ >> > vcl 4.0; >> > import std; >> > >> > backend default { >> > .host = "*******"; >> > .port = "8080"; >> > .connect_timeout = 600s; >> > .first_byte_timeout = 600s; >> > .between_bytes_timeout = 600s; >> > .max_connections = 800; >> > } >> > >> > # SET THE ALLOWED IP OF PURGE REQUESTS >> > # ########################################################## >> > acl purge { >> > "localhost"; >> > "127.0.0.1"; >> > } >> > >> > #THE RECV FUNCTION >> > # ########################################################## >> > sub vcl_recv { >> > >> > if(req.http.Cookie ~ "xf_(session|user)") { >> > return (pass); >> > } >> > >> > # set realIP by trimming CloudFlare IP which will be used for various >> checks >> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> ""); >> > >> > # FORWARD THE IP OF THE REQUEST >> > if (req.restarts == 0) { >> > if (req.http.x-forwarded-for) { >> > set req.http.X-Forwarded-For = >> > req.http.X-Forwarded-For + ", " + client.ip; >> > } else { >> > set req.http.X-Forwarded-For = client.ip; >> > } >> > } >> > >> > # Purge request check sections for hash_always_miss, purge and ban >> > # BLOCK IF NOT IP is not in purge acl >> > # ########################################################## >> > >> > # Enable smart refreshing using hash_always_miss >> > if (req.http.Cache-Control ~ "no-cache") { >> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) { >> > set req.hash_always_miss = true; >> > } >> > } >> > >> > if (req.method == "PURGE") { >> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >> ~ purge) { >> > return(synth(405,"Not allowed.")); >> > } >> > return (purge); >> > >> > } >> > if (req.method == "BAN") { >> > # Same ACL check as above: >> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ purge) { >> > return(synth(403, "Not allowed.")); >> > } >> > ban("req.http.host == " + req.http.host + >> > " && req.url == " + req.url); >> > >> > # Throw a synthetic page so the >> > # request won't go to the backend. >> > return(synth(200, "Ban added")); >> > } >> > >> > >> > # Unset cloudflare cookies >> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >> > set req.http.Cookie = regsuball(req.http.Cookie, >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >> > # Remove a ";" prefix, if present. >> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >> > >> > # For Testing: If you want to test with Varnish passing (not caching) >> uncomment >> > # return( pass ); >> > >> > # FORWARD THE IP OF THE REQUEST >> > if (req.restarts == 0) { >> > if (req.http.x-forwarded-for) { >> > set req.http.X-Forwarded-For = >> > req.http.X-Forwarded-For + ", " + client.ip; >> > } else { >> > set req.http.X-Forwarded-For = client.ip; >> > } >> > } >> > >> > # DO NOT CACHE RSS FEED >> > if (req.url ~ "/feed(/)?") { >> > return ( pass ); >> > } >> > >> > ## Do not cache search results, comment these 3 lines if you do want to >> cache them >> > >> > if (req.url ~ "/\?s\=") { >> > return ( pass ); >> > } >> > >> > # CLEAN UP THE ENCODING HEADER. >> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING >> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >> > # ########################################################## >> > if (req.http.Accept-Encoding) { >> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >> > # No point in compressing these >> > unset req.http.Accept-Encoding; >> > } elsif (req.http.Accept-Encoding ~ "gzip") { >> > set req.http.Accept-Encoding = "gzip"; >> > } elsif (req.http.Accept-Encoding ~ "deflate") { >> > set req.http.Accept-Encoding = "deflate"; >> > } else { >> > # unknown algorithm >> > unset req.http.Accept-Encoding; >> > } >> > } >> > >> > # PIPE ALL NON-STANDARD REQUESTS >> > # ########################################################## >> > if (req.method != "GET" && >> > req.method != "HEAD" && >> > req.method != "PUT" && >> > req.method != "POST" && >> > req.method != "TRACE" && >> > req.method != "OPTIONS" && >> > req.method != "DELETE") { >> > return (pipe); >> > } >> > >> > # ONLY CACHE GET AND HEAD REQUESTS >> > # ########################################################## >> > if (req.method != "GET" && req.method != "HEAD") { >> > return (pass); >> > } >> > >> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> EITHER >> > # COMMENT OR UNCOMMENT BOTH >> > # ########################################################## >> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >> > return( pass ); >> > } >> > >> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >> > # THEN UNSET THE COOKIES >> > # ########################################################## >> > if (!(req.url ~ "wp-(login|admin)") >> > && !(req.url ~ "&preview=true" ) >> > ){ >> > unset req.http.cookie; >> > } >> > >> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >> > # ########################################################## >> > if (req.http.Authorization || req.http.Cookie) { >> > return (pass); >> > } >> > >> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >> > # ########################################################## >> > return (hash); >> > # This is for phpmyadmin >> > if (req.http.Host == "ki1.org") { >> > return (pass); >> > } >> > >> > if (req.http.Host == "mysql.ki1.org") { >> > return (pass); >> > } >> > >> > } >> > >> > # HIT FUNCTION >> > # ########################################################## >> > sub vcl_hit { >> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >> > # ########################################################## >> > if (req.method == "PURGE") { >> > # >> > # This is now handled in vcl_recv. >> > # >> > # purge; >> > return (synth(200, "Purged.")); >> > } >> > return (deliver); >> > } >> > >> > # MISS FUNCTION >> > # ########################################################## >> > sub vcl_miss { >> > if (req.method == "PURGE") { >> > # >> > # This is now handled in vcl_recv. >> > # >> > # purge; >> > return (synth(200, "Purged.")); >> > } >> > return (fetch); >> > } >> > >> > # FETCH FUNCTION >> > # ########################################################## >> > sub vcl_backend_response { >> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >> > # TO DO THIS >> > # ########################################################## >> > set beresp.http.Vary = "Accept-Encoding"; >> > >> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >> > # TIME THIS PAGE WILL STAY CACHED (TTL) >> > # ########################################################## >> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> "wordpress_logged_in" ) { >> > unset beresp.http.set-cookie; >> > set beresp.ttl = 52w; >> > # set beresp.grace =1w; >> > } >> > >> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> > set beresp.uncacheable = true; >> > set beresp.ttl = 1w; >> > return (deliver); >> > } >> > >> > >> > if (beresp.ttl <= 0s || >> > beresp.http.Set-Cookie || >> > beresp.http.Vary == "*") { >> > set beresp.ttl = 120 s; >> > # set beresp.ttl = 120s; >> > set beresp.uncacheable = true; >> > return (deliver); >> > } >> > >> > return (deliver); >> > } >> > >> > # DELIVER FUNCTION >> > # ########################################################## >> > sub vcl_deliver { >> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >> > # IN THE HEADER (GREAT FOR DEBUGGING) >> > # ########################################################## >> > if (obj.hits > 0) { >> > set resp.http.X-Cache = "HIT"; >> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >> > # ########################################################## >> > } else { >> > set resp.http.X-Cache = "MISS"; >> > } >> > } >> > >> > >> > >> > 2016-08-04 16:36 GMT+03:00 Andrei : >> >> >> >> correction: >> >> >> >> sub vcl_recv { >> >> if(req.http.Cookie ~ "xf_(session|user)") { >> >> return (pass); >> >> } >> >> } >> >> >> >> sub vcl_backend_response { >> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> >> set beresp.uncacheable = true; >> >> set beresp.ttl = 1w; >> >> return (deliver); >> >> } >> >> } >> >> >> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >> >>> >> >>> Hello, >> >>> >> >>> Aside from the provided VCL being for WordPress, while you're running >> XenForo, the xf_ cookies are being dropped by your config. A quick fix is: >> >>> >> >>> sub vcl_recv { >> >>> if( req.http.Cookie ~ "xf_(session|user)") { >> >>> return (pass); >> >>> } >> >>> } >> >>> >> >>> sub vcl_backend_response { >> >>> if (req.http.Cookie ~ "xf_(session|user)") { >> >>> set beresp.uncacheable = true; >> >>> set beresp.ttl = 1w; >> >>> return (deliver); >> >>> } >> >>> } >> >>> >> >>> However, I suggest auditing your VCL, and only including rules >> specific to the application(s) which you are running. >> >>> >> >>> >> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>>> >> >>>> Users can't login or register to domain.com/forum with the current >> settings. So we need to make a change related to xf_user and xf_session but >> how? >> >>>> >> >>>> >> >>>> >> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >> >>>>> >> >>>>> If you want Varnish to ignore request for a path you need to tell >> it to pass. In your example you have a rule for the RSS feed. You can do >> the same for /forum/ in your vcl_recv block. >> >>>>> >> >>>>> *# DO NOT CACHE RSS FEED* >> >>>>> * if (req.url ~ "/feed(/)?") {* >> >>>>> * return ( pass ); * >> >>>>> *}* >> >>>>> >> >>>>> *# DO NOT CACHE FORUM* >> >>>>> if (req.url ~ "/forum(/)?") { >> >>>>> return ( pass ); >> >>>>> } >> >>>>> >> >>>>> Cheers, >> >>>>> Richard >> >>>>> >> >>>>>> >> >>>>>> >> >>>>>> Message: 1 >> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >> >>>>>> From: Ayberk Kimsesiz >> >>>>>> To: varnish-misc >> >>>>>> Subject: XenForo default.vcl settings >> >>>>>> Message-ID: >> >>>>>> > gmail.com> >> >>>>>> Content-Type: text/plain; charset="utf-8" >> >>>>>> >> >>>>>> Hi, >> >>>>>> >> >>>>>> Could you please share the appropriate Default.vcl settings for >> XenForo >> >>>>>> Forums? No one can register to the forum at the moment. My current >> >>>>>> Default.vcl settings are as follows. >> >>>>>> >> >>>>>> Forum address: domain.com/forum >> >>>>>> >> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >> >>>>>> * * *********************************************************/* >> >>>>>> *vcl 4.0;* >> >>>>>> *import std;* >> >>>>>> >> >>>>>> *backend default {* >> >>>>>> * .host = "*******";* >> >>>>>> * .port = "8080";* >> >>>>>> * .connect_timeout = 600s;* >> >>>>>> * .first_byte_timeout = 600s;* >> >>>>>> * .between_bytes_timeout = 600s;* >> >>>>>> * .max_connections = 800;* >> >>>>>> *}* >> >>>>>> >> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >> >>>>>> *# ##########################################################* >> >>>>>> *acl purge {* >> >>>>>> * "localhost";* >> >>>>>> * "127.0.0.1";* >> >>>>>> *}* >> >>>>>> >> >>>>>> *#THE RECV FUNCTION* >> >>>>>> *# ##########################################################* >> >>>>>> *sub vcl_recv {* >> >>>>>> >> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >> various >> >>>>>> checks* >> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >> ].*$", >> >>>>>> ""); * >> >>>>>> >> >>>>>> * # FORWARD THE IP OF THE REQUEST* >> >>>>>> * if (req.restarts == 0) {* >> >>>>>> * if (req.http.x-forwarded-for) {* >> >>>>>> * set req.http.X-Forwarded-For =* >> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >> >>>>>> * } else {* >> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >> >>>>>> * }* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # Purge request check sections for hash_always_miss, purge and >> ban* >> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >> >>>>>> * # ##########################################################* >> >>>>>> >> >>>>>> * # Enable smart refreshing using hash_always_miss* >> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ >> >>>>>> purge) {* >> >>>>>> * set req.hash_always_miss = true;* >> >>>>>> * }* >> >>>>>> *}* >> >>>>>> >> >>>>>> *if (req.method == "PURGE") {* >> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ >> >>>>>> purge) {* >> >>>>>> * return(synth(405,"Not allowed."));* >> >>>>>> * }* >> >>>>>> * return (purge);* >> >>>>>> >> >>>>>> * }* >> >>>>>> *if (req.method == "BAN") {* >> >>>>>> * # Same ACL check as above:* >> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") >> >>>>>> ~ purge) {* >> >>>>>> * return(synth(403, "Not allowed."));* >> >>>>>> * }* >> >>>>>> * ban("req.http.host == " + req.http.host +* >> >>>>>> * " && req.url == " + req.url);* >> >>>>>> >> >>>>>> * # Throw a synthetic page so the* >> >>>>>> * # request won't go to the backend.* >> >>>>>> * return(synth(200, "Ban added"));* >> >>>>>> *}* >> >>>>>> >> >>>>>> >> >>>>>> *# Unset cloudflare cookies* >> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> >>>>>> * # Remove a ";" prefix, if present.* >> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >> >>>>>> >> >>>>>> * # For Testing: If you want to test with Varnish passing (not >> caching) >> >>>>>> uncomment* >> >>>>>> * # return( pass );* >> >>>>>> >> >>>>>> * # FORWARD THE IP OF THE REQUEST* >> >>>>>> * if (req.restarts == 0) {* >> >>>>>> * if (req.http.x-forwarded-for) {* >> >>>>>> * set req.http.X-Forwarded-For =* >> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >> >>>>>> * } else {* >> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >> >>>>>> * }* >> >>>>>> * }* >> >>>>>> >> >>>>>> *# DO NOT CACHE RSS FEED* >> >>>>>> * if (req.url ~ "/feed(/)?") {* >> >>>>>> * return ( pass ); * >> >>>>>> *}* >> >>>>>> >> >>>>>> *## Do not cache search results, comment these 3 lines if you do >> want to >> >>>>>> cache them* >> >>>>>> >> >>>>>> *if (req.url ~ "/\?s\=") {* >> >>>>>> * return ( pass ); * >> >>>>>> *}* >> >>>>>> >> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >> ACCEPT-ENCODING* >> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> >>>>>> * # ##########################################################* >> >>>>>> * if (req.http.Accept-Encoding) {* >> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> >>>>>> * # No point in compressing these* >> >>>>>> * unset req.http.Accept-Encoding;* >> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> >>>>>> * set req.http.Accept-Encoding = "gzip";* >> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> >>>>>> * set req.http.Accept-Encoding = "deflate";* >> >>>>>> * } else {* >> >>>>>> * # unknown algorithm* >> >>>>>> * unset req.http.Accept-Encoding;* >> >>>>>> * }* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >> >>>>>> * # ##########################################################* >> >>>>>> * if (req.method != "GET" &&* >> >>>>>> * req.method != "HEAD" &&* >> >>>>>> * req.method != "PUT" && * >> >>>>>> * req.method != "POST" &&* >> >>>>>> * req.method != "TRACE" &&* >> >>>>>> * req.method != "OPTIONS" &&* >> >>>>>> * req.method != "DELETE") {* >> >>>>>> * return (pipe);* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >> >>>>>> * # ##########################################################* >> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >> >>>>>> * return (pass);* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >> TOO, >> >>>>>> EITHER* >> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >> >>>>>> * # ##########################################################* >> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> >>>>>> * return( pass );* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> >>>>>> * # THEN UNSET THE COOKIES* >> >>>>>> * # ##########################################################* >> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >> >>>>>> * && !(req.url ~ "&preview=true" ) * >> >>>>>> * ){* >> >>>>>> * unset req.http.cookie;* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> >>>>>> * # ##########################################################* >> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >> >>>>>> * return (pass);* >> >>>>>> * }* >> >>>>>> >> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> >>>>>> * # ##########################################################* >> >>>>>> * return (hash);* >> >>>>>> * # This is for phpmyadmin* >> >>>>>> *if (req.http.Host == "ki1.org ") {* >> >>>>>> *return (pass);* >> >>>>>> *}* >> >>>>>> >> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >> >>>>>> *return (pass);* >> >>>>>> *}* >> >>>>>> >> >>>>>> *}* >> >>>>>> >> >>>>>> *# HIT FUNCTION* >> >>>>>> *# ##########################################################* >> >>>>>> *sub vcl_hit {* >> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> >>>>>> * # ##########################################################* >> >>>>>> * if (req.method == "PURGE") {* >> >>>>>> * #* >> >>>>>> * # This is now handled in vcl_recv.* >> >>>>>> * #* >> >>>>>> * # purge;* >> >>>>>> * return (synth(200, "Purged."));* >> >>>>>> * }* >> >>>>>> * return (deliver);* >> >>>>>> *}* >> >>>>>> >> >>>>>> *# MISS FUNCTION* >> >>>>>> *# ##########################################################* >> >>>>>> *sub vcl_miss {* >> >>>>>> * if (req.method == "PURGE") {* >> >>>>>> * #* >> >>>>>> * # This is now handled in vcl_recv.* >> >>>>>> * #* >> >>>>>> * # purge;* >> >>>>>> * return (synth(200, "Purged."));* >> >>>>>> * }* >> >>>>>> * return (fetch);* >> >>>>>> *}* >> >>>>>> >> >>>>>> *# FETCH FUNCTION* >> >>>>>> *# ##########################################################* >> >>>>>> *sub vcl_backend_response {* >> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> >>>>>> * # TO DO THIS* >> >>>>>> * # ##########################################################* >> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >> >>>>>> >> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> >>>>>> * # ##########################################################* >> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> >>>>>> "wordpress_logged_in" ) {* >> >>>>>> * unset beresp.http.set-cookie;* >> >>>>>> * set beresp.ttl = 52w;* >> >>>>>> *# set beresp.grace =1w;* >> >>>>>> * }* >> >>>>>> >> >>>>>> * if (beresp.ttl <= 0s ||* >> >>>>>> * beresp.http.Set-Cookie ||* >> >>>>>> * beresp.http.Vary == "*") {* >> >>>>>> * set beresp.ttl = 120 s;* >> >>>>>> * # set beresp.ttl = 120s;* >> >>>>>> * set beresp.uncacheable = true;* >> >>>>>> * return (deliver);* >> >>>>>> * }* >> >>>>>> >> >>>>>> * return (deliver);* >> >>>>>> *}* >> >>>>>> >> >>>>>> *# DELIVER FUNCTION* >> >>>>>> *# ##########################################################* >> >>>>>> *sub vcl_deliver {* >> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> >>>>>> * # ##########################################################* >> >>>>>> * if (obj.hits > 0) {* >> >>>>>> * set resp.http.X-Cache = "HIT";* >> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> >>>>>> * # ##########################################################* >> >>>>>> * } else {* >> >>>>>> * set resp.http.X-Cache = "MISS";* >> >>>>>> * }* >> >>>>>> *}* >> >>>>>> >> >>>>>> >> >>>>>> Thanks, >> >>>>>> -------------- next part -------------- >> >>>>>> An HTML attachment was scrubbed... >> >>>>>> URL: > attachments/20160803/d572e4b2/attachment-0001.html> >> >>>>>> >> >>>>>> ------------------------------ >> >>>>>> >> >>>>>> Message: 2 >> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >> >>>>>> From: Ayberk Kimsesiz >> >>>>>> To: varnish-misc >> >>>>>> Subject: Re: XenForo default.vcl settings >> >>>>>> Message-ID: >> >>>>>> > gmail.com> >> >>>>>> Content-Type: text/plain; charset="utf-8" >> >>>>>> >> >>>>>> I need to add the followings to default.vcl for Xenforo. However, >> solutions >> >>>>>> in the Xenforo forums for this didn't work. Can you please help? >> >>>>>> >> >>>>>> xf_session_admin >> >>>>>> xf_user >> >>>>>> xf_session >> >>>>>> >> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >> domain.com/forum >> >>>>>> * >> >>>>>> >> >>>>>> >> >>>>>> >> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com>: >> >>>>>> >> >>>>>> > Hi, >> >>>>>> > >> >>>>>> > Could you please share the appropriate Default.vcl settings for >> XenForo >> >>>>>> > Forums? No one can register to the forum at the moment. My >> current >> >>>>>> > Default.vcl settings are as follows. >> >>>>>> > >> >>>>>> > Forum address: domain.com/forum >> >>>>>> > >> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >> >>>>>> > * * *********************************************************/* >> >>>>>> > *vcl 4.0;* >> >>>>>> > *import std;* >> >>>>>> > >> >>>>>> > *backend default {* >> >>>>>> > * .host = "*******";* >> >>>>>> > * .port = "8080";* >> >>>>>> > * .connect_timeout = 600s;* >> >>>>>> > * .first_byte_timeout = 600s;* >> >>>>>> > * .between_bytes_timeout = 600s;* >> >>>>>> > * .max_connections = 800;* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >> >>>>>> > *# ##########################################################* >> >>>>>> > *acl purge {* >> >>>>>> > * "localhost";* >> >>>>>> > * "127.0.0.1";* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *#THE RECV FUNCTION* >> >>>>>> > *# ##########################################################* >> >>>>>> > *sub vcl_recv {* >> >>>>>> > >> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for >> various >> >>>>>> > checks* >> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >> "[, ].*$", >> >>>>>> > ""); * >> >>>>>> > >> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >> >>>>>> > * if (req.restarts == 0) {* >> >>>>>> > * if (req.http.x-forwarded-for) {* >> >>>>>> > * set req.http.X-Forwarded-For =* >> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >> >>>>>> > * } else {* >> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >> >>>>>> > * }* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # Purge request check sections for hash_always_miss, purge and >> ban* >> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >> >>>>>> > * # ##########################################################* >> >>>>>> > >> >>>>>> > * # Enable smart refreshing using hash_always_miss* >> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ >> >>>>>> > purge) {* >> >>>>>> > * set req.hash_always_miss = true;* >> >>>>>> > * }* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *if (req.method == "PURGE") {* >> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ >> >>>>>> > purge) {* >> >>>>>> > * return(synth(405,"Not allowed."));* >> >>>>>> > * }* >> >>>>>> > * return (purge);* >> >>>>>> > >> >>>>>> > * }* >> >>>>>> > *if (req.method == "BAN") {* >> >>>>>> > * # Same ACL check as above:* >> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> >>>>>> > "1.2.3.4") ~ purge) {* >> >>>>>> > * return(synth(403, "Not allowed."));* >> >>>>>> > * }* >> >>>>>> > * ban("req.http.host == " + req.http.host +* >> >>>>>> > * " && req.url == " + req.url);* >> >>>>>> > >> >>>>>> > * # Throw a synthetic page so the* >> >>>>>> > * # request won't go to the backend.* >> >>>>>> > * return(synth(200, "Ban added"));* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > >> >>>>>> > *# Unset cloudflare cookies* >> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >> >>>>>> > * # Remove a ";" prefix, if present.* >> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >> "");* >> >>>>>> > >> >>>>>> > * # For Testing: If you want to test with Varnish passing (not >> caching) >> >>>>>> > uncomment* >> >>>>>> > * # return( pass );* >> >>>>>> > >> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >> >>>>>> > * if (req.restarts == 0) {* >> >>>>>> > * if (req.http.x-forwarded-for) {* >> >>>>>> > * set req.http.X-Forwarded-For =* >> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >> >>>>>> > * } else {* >> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >> >>>>>> > * }* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > *# DO NOT CACHE RSS FEED* >> >>>>>> > * if (req.url ~ "/feed(/)?") {* >> >>>>>> > * return ( pass ); * >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *## Do not cache search results, comment these 3 lines if you do >> want to >> >>>>>> > cache them* >> >>>>>> > >> >>>>>> > *if (req.url ~ "/\?s\=") {* >> >>>>>> > * return ( pass ); * >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >> ACCEPT-ENCODING* >> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (req.http.Accept-Encoding) {* >> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >> >>>>>> > * # No point in compressing these* >> >>>>>> > * unset req.http.Accept-Encoding;* >> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >> >>>>>> > * } else {* >> >>>>>> > * # unknown algorithm* >> >>>>>> > * unset req.http.Accept-Encoding;* >> >>>>>> > * }* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (req.method != "GET" &&* >> >>>>>> > * req.method != "HEAD" &&* >> >>>>>> > * req.method != "PUT" && * >> >>>>>> > * req.method != "POST" &&* >> >>>>>> > * req.method != "TRACE" &&* >> >>>>>> > * req.method != "OPTIONS" &&* >> >>>>>> > * req.method != "DELETE") {* >> >>>>>> > * return (pipe);* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >> >>>>>> > * return (pass);* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >> FETCH TOO, >> >>>>>> > EITHER* >> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >> >>>>>> > * return( pass );* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >> >>>>>> > * # THEN UNSET THE COOKIES* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >> >>>>>> > * && !(req.url ~ "&preview=true" ) * >> >>>>>> > * ){* >> >>>>>> > * unset req.http.cookie;* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >> >>>>>> > * return (pass);* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >> >>>>>> > * # ##########################################################* >> >>>>>> > * return (hash);* >> >>>>>> > * # This is for phpmyadmin* >> >>>>>> > *if (req.http.Host == "ki1.org ") {* >> >>>>>> > *return (pass);* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") {* >> >>>>>> > *return (pass);* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# HIT FUNCTION* >> >>>>>> > *# ##########################################################* >> >>>>>> > *sub vcl_hit {* >> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (req.method == "PURGE") {* >> >>>>>> > * #* >> >>>>>> > * # This is now handled in vcl_recv.* >> >>>>>> > * #* >> >>>>>> > * # purge;* >> >>>>>> > * return (synth(200, "Purged."));* >> >>>>>> > * }* >> >>>>>> > * return (deliver);* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# MISS FUNCTION* >> >>>>>> > *# ##########################################################* >> >>>>>> > *sub vcl_miss {* >> >>>>>> > * if (req.method == "PURGE") {* >> >>>>>> > * #* >> >>>>>> > * # This is now handled in vcl_recv.* >> >>>>>> > * #* >> >>>>>> > * # purge;* >> >>>>>> > * return (synth(200, "Purged."));* >> >>>>>> > * }* >> >>>>>> > * return (fetch);* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# FETCH FUNCTION* >> >>>>>> > *# ##########################################################* >> >>>>>> > *sub vcl_backend_response {* >> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> >>>>>> > * # TO DO THIS* >> >>>>>> > * # ##########################################################* >> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >> >>>>>> > >> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> >>>>>> > "wordpress_logged_in" ) {* >> >>>>>> > * unset beresp.http.set-cookie;* >> >>>>>> > * set beresp.ttl = 52w;* >> >>>>>> > *# set beresp.grace =1w;* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * if (beresp.ttl <= 0s ||* >> >>>>>> > * beresp.http.Set-Cookie ||* >> >>>>>> > * beresp.http.Vary == "*") {* >> >>>>>> > * set beresp.ttl = 120 s;* >> >>>>>> > * # set beresp.ttl = 120s;* >> >>>>>> > * set beresp.uncacheable = true;* >> >>>>>> > * return (deliver);* >> >>>>>> > * }* >> >>>>>> > >> >>>>>> > * return (deliver);* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > *# DELIVER FUNCTION* >> >>>>>> > *# ##########################################################* >> >>>>>> > *sub vcl_deliver {* >> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >> >>>>>> > * # ##########################################################* >> >>>>>> > * if (obj.hits > 0) {* >> >>>>>> > * set resp.http.X-Cache = "HIT";* >> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> >>>>>> > * # ##########################################################* >> >>>>>> > * } else {* >> >>>>>> > * set resp.http.X-Cache = "MISS";* >> >>>>>> > * }* >> >>>>>> > *}* >> >>>>>> > >> >>>>>> > >> >>>>>> > Thanks, >> >>>>>> > >> >>>>>> -------------- next part -------------- >> >>>>>> An HTML attachment was scrubbed... >> >>>>>> URL: > attachments/20160804/4e3f064a/attachment.html> >> >>>>>> >> >>>>>> ------------------------------ >> >>>>>> >> >>>>>> _______________________________________________ >> >>>>>> varnish-misc mailing list >> >>>>>> varnish-misc at varnish-cache.org >> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >>>>>> >> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >> >>>>>> ********************************************* >> >>>>> >> >>>>> >> >>>>> >> >>>>> _______________________________________________ >> >>>>> varnish-misc mailing list >> >>>>> varnish-misc at varnish-cache.org >> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >>>> >> >>>> >> >>>> >> >>>> _______________________________________________ >> >>>> varnish-misc mailing list >> >>>> varnish-misc at varnish-cache.org >> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >> >>> >> >>> >> >> >> > >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Thu Aug 4 15:02:34 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Thu, 4 Aug 2016 10:02:34 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: I agree that the order of execution may be getting you here. If you need the WordPress rules then you may need to put additional logic to ensure non-wordpress applications are not negatively affected. What happens if you change the order of these two blocks? Put your Set-Cookie check block before the wp-login check. > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) { > unset beresp.http.set-cookie; > set beresp.ttl = 52w; > # set beresp.grace =1w; > } > > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: > The log output suggests the xf_ cookie check in vcl_recv is not the first > thing to run as you pasted earlier. Also, looking a bit closer, your issue > the fact that you unset the cookie in vcl_backend_response if it's not > wordpress related. Again, you should really audit your entire VCL, and > remove unneeded stuff, like all the WordPress related rules if you're not > using it. > > On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz > wrote: > >> Log message: >> >> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >> - ReqHeader X-Forwarded-For: 95.5.187.232 >> - VCL_call RECV >> - ReqHeader X-Actual-IP: 95.5.187.232 >> - ReqUnset X-Forwarded-For: 95.5.187.232 >> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >> wFoW2XT0IpqCIsH5v7bQ; xf_session= >> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >> est_cookie=WP+Cookie+check >> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >> est_cookie=WP+Cookie+check >> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >> est_cookie=WP+Cookie+check >> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >> 95.5.187.232 >> - ReqUnset Accept-Encoding: gzip, deflate, sdch >> - ReqHeader Accept-Encoding: gzip >> - VCL_Log PPPAASS >> - VCL_return pass >> - VCL_call HASH >> - VCL_return lookup >> - VCL_call PASS >> - VCL_return fetch >> - Link bereq 524435 pass >> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >> - RespProtocol HTTP/1.1 >> - RespStatus 200 >> - RespReason OK >> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >> - RespHeader Server: Apache/2 >> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >> - RespHeader Accept-Ranges: bytes >> -- >> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >> - ReqHeader X-Forwarded-For: 95.5.187.232 >> - VCL_call RECV >> - ReqHeader X-Actual-IP: 95.5.187.232 >> - ReqUnset X-Forwarded-For: 95.5.187.232 >> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >> wFoW2XT0IpqCIsH5v7bQ; xf_session= >> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >> est_cookie=WP+Cookie+check >> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >> pps_times_showed_100=1; >> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >> est_cookie=WP+Cookie+check >> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >> pps_show_100=Th >> >> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >> >>> I assume you reloaded/restarted Varnish after these changes were made. >>> If so, can you verify that you do have the cookies set on the request? >>> >>> maybe add this log message right before returning >>> >>> if(req.http.Cookie ~ "xf_(session|user)") { >>> std.log( "PPPAASS Cookie set for forum"); >>> return (pass); >>> >>> } >>> >>> Then you can use varnishlog command (below) to verify cookie is found >>> >>> varnishlog | grep -A15 -B15 "PPPAASS" >>> >>> >>> Cheers, >>> Richard >>> >>> >>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> > >>> > First of all, thank you. However the problem continues. Can you >>> examine the codes? >>> > >>> > >>> > /* SET THE HOST AND PORT OF WORDPRESS >>> > * *********************************************************/ >>> > vcl 4.0; >>> > import std; >>> > >>> > backend default { >>> > .host = "*******"; >>> > .port = "8080"; >>> > .connect_timeout = 600s; >>> > .first_byte_timeout = 600s; >>> > .between_bytes_timeout = 600s; >>> > .max_connections = 800; >>> > } >>> > >>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>> > # ########################################################## >>> > acl purge { >>> > "localhost"; >>> > "127.0.0.1"; >>> > } >>> > >>> > #THE RECV FUNCTION >>> > # ########################################################## >>> > sub vcl_recv { >>> > >>> > if(req.http.Cookie ~ "xf_(session|user)") { >>> > return (pass); >>> > } >>> > >>> > # set realIP by trimming CloudFlare IP which will be used for various >>> checks >>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>> ].*$", ""); >>> > >>> > # FORWARD THE IP OF THE REQUEST >>> > if (req.restarts == 0) { >>> > if (req.http.x-forwarded-for) { >>> > set req.http.X-Forwarded-For = >>> > req.http.X-Forwarded-For + ", " + client.ip; >>> > } else { >>> > set req.http.X-Forwarded-For = client.ip; >>> > } >>> > } >>> > >>> > # Purge request check sections for hash_always_miss, purge and ban >>> > # BLOCK IF NOT IP is not in purge acl >>> > # ########################################################## >>> > >>> > # Enable smart refreshing using hash_always_miss >>> > if (req.http.Cache-Control ~ "no-cache") { >>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>> ~ purge) { >>> > set req.hash_always_miss = true; >>> > } >>> > } >>> > >>> > if (req.method == "PURGE") { >>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>> ~ purge) { >>> > return(synth(405,"Not allowed.")); >>> > } >>> > return (purge); >>> > >>> > } >>> > if (req.method == "BAN") { >>> > # Same ACL check as above: >>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ purge) { >>> > return(synth(403, "Not allowed.")); >>> > } >>> > ban("req.http.host == " + req.http.host + >>> > " && req.url == " + req.url); >>> > >>> > # Throw a synthetic page so the >>> > # request won't go to the backend. >>> > return(synth(200, "Ban added")); >>> > } >>> > >>> > >>> > # Unset cloudflare cookies >>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>> > set req.http.Cookie = regsuball(req.http.Cookie, >>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>> > # Remove a ";" prefix, if present. >>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>> > >>> > # For Testing: If you want to test with Varnish passing (not >>> caching) uncomment >>> > # return( pass ); >>> > >>> > # FORWARD THE IP OF THE REQUEST >>> > if (req.restarts == 0) { >>> > if (req.http.x-forwarded-for) { >>> > set req.http.X-Forwarded-For = >>> > req.http.X-Forwarded-For + ", " + client.ip; >>> > } else { >>> > set req.http.X-Forwarded-For = client.ip; >>> > } >>> > } >>> > >>> > # DO NOT CACHE RSS FEED >>> > if (req.url ~ "/feed(/)?") { >>> > return ( pass ); >>> > } >>> > >>> > ## Do not cache search results, comment these 3 lines if you do want >>> to cache them >>> > >>> > if (req.url ~ "/\?s\=") { >>> > return ( pass ); >>> > } >>> > >>> > # CLEAN UP THE ENCODING HEADER. >>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING >>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>> > # ########################################################## >>> > if (req.http.Accept-Encoding) { >>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>> > # No point in compressing these >>> > unset req.http.Accept-Encoding; >>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>> > set req.http.Accept-Encoding = "gzip"; >>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>> > set req.http.Accept-Encoding = "deflate"; >>> > } else { >>> > # unknown algorithm >>> > unset req.http.Accept-Encoding; >>> > } >>> > } >>> > >>> > # PIPE ALL NON-STANDARD REQUESTS >>> > # ########################################################## >>> > if (req.method != "GET" && >>> > req.method != "HEAD" && >>> > req.method != "PUT" && >>> > req.method != "POST" && >>> > req.method != "TRACE" && >>> > req.method != "OPTIONS" && >>> > req.method != "DELETE") { >>> > return (pipe); >>> > } >>> > >>> > # ONLY CACHE GET AND HEAD REQUESTS >>> > # ########################################################## >>> > if (req.method != "GET" && req.method != "HEAD") { >>> > return (pass); >>> > } >>> > >>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>> EITHER >>> > # COMMENT OR UNCOMMENT BOTH >>> > # ########################################################## >>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>> > return( pass ); >>> > } >>> > >>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>> > # THEN UNSET THE COOKIES >>> > # ########################################################## >>> > if (!(req.url ~ "wp-(login|admin)") >>> > && !(req.url ~ "&preview=true" ) >>> > ){ >>> > unset req.http.cookie; >>> > } >>> > >>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>> > # ########################################################## >>> > if (req.http.Authorization || req.http.Cookie) { >>> > return (pass); >>> > } >>> > >>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>> > # ########################################################## >>> > return (hash); >>> > # This is for phpmyadmin >>> > if (req.http.Host == "ki1.org") { >>> > return (pass); >>> > } >>> > >>> > if (req.http.Host == "mysql.ki1.org") { >>> > return (pass); >>> > } >>> > >>> > } >>> > >>> > # HIT FUNCTION >>> > # ########################################################## >>> > sub vcl_hit { >>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>> > # ########################################################## >>> > if (req.method == "PURGE") { >>> > # >>> > # This is now handled in vcl_recv. >>> > # >>> > # purge; >>> > return (synth(200, "Purged.")); >>> > } >>> > return (deliver); >>> > } >>> > >>> > # MISS FUNCTION >>> > # ########################################################## >>> > sub vcl_miss { >>> > if (req.method == "PURGE") { >>> > # >>> > # This is now handled in vcl_recv. >>> > # >>> > # purge; >>> > return (synth(200, "Purged.")); >>> > } >>> > return (fetch); >>> > } >>> > >>> > # FETCH FUNCTION >>> > # ########################################################## >>> > sub vcl_backend_response { >>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>> > # TO DO THIS >>> > # ########################################################## >>> > set beresp.http.Vary = "Accept-Encoding"; >>> > >>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>> > # ########################################################## >>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> "wordpress_logged_in" ) { >>> > unset beresp.http.set-cookie; >>> > set beresp.ttl = 52w; >>> > # set beresp.grace =1w; >>> > } >>> > >>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>> > set beresp.uncacheable = true; >>> > set beresp.ttl = 1w; >>> > return (deliver); >>> > } >>> > >>> > >>> > if (beresp.ttl <= 0s || >>> > beresp.http.Set-Cookie || >>> > beresp.http.Vary == "*") { >>> > set beresp.ttl = 120 s; >>> > # set beresp.ttl = 120s; >>> > set beresp.uncacheable = true; >>> > return (deliver); >>> > } >>> > >>> > return (deliver); >>> > } >>> > >>> > # DELIVER FUNCTION >>> > # ########################################################## >>> > sub vcl_deliver { >>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>> > # ########################################################## >>> > if (obj.hits > 0) { >>> > set resp.http.X-Cache = "HIT"; >>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>> > # ########################################################## >>> > } else { >>> > set resp.http.X-Cache = "MISS"; >>> > } >>> > } >>> > >>> > >>> > >>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>> >> >>> >> correction: >>> >> >>> >> sub vcl_recv { >>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>> >> return (pass); >>> >> } >>> >> } >>> >> >>> >> sub vcl_backend_response { >>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>> >> set beresp.uncacheable = true; >>> >> set beresp.ttl = 1w; >>> >> return (deliver); >>> >> } >>> >> } >>> >> >>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>> >>> >>> >>> Hello, >>> >>> >>> >>> Aside from the provided VCL being for WordPress, while you're >>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>> fix is: >>> >>> >>> >>> sub vcl_recv { >>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> >>> return (pass); >>> >>> } >>> >>> } >>> >>> >>> >>> sub vcl_backend_response { >>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>> >>> set beresp.uncacheable = true; >>> >>> set beresp.ttl = 1w; >>> >>> return (deliver); >>> >>> } >>> >>> } >>> >>> >>> >>> However, I suggest auditing your VCL, and only including rules >>> specific to the application(s) which you are running. >>> >>> >>> >>> >>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> >>> >>>> Users can't login or register to domain.com/forum with the current >>> settings. So we need to make a change related to xf_user and xf_session but >>> how? >>> >>>> >>> >>>> >>> >>>> >>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>> >>>>> >>> >>>>> If you want Varnish to ignore request for a path you need to tell >>> it to pass. In your example you have a rule for the RSS feed. You can do >>> the same for /forum/ in your vcl_recv block. >>> >>>>> >>> >>>>> *# DO NOT CACHE RSS FEED* >>> >>>>> * if (req.url ~ "/feed(/)?") {* >>> >>>>> * return ( pass ); * >>> >>>>> *}* >>> >>>>> >>> >>>>> *# DO NOT CACHE FORUM* >>> >>>>> if (req.url ~ "/forum(/)?") { >>> >>>>> return ( pass ); >>> >>>>> } >>> >>>>> >>> >>>>> Cheers, >>> >>>>> Richard >>> >>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> Message: 1 >>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>> >>>>>> From: Ayberk Kimsesiz >>> >>>>>> To: varnish-misc >>> >>>>>> Subject: XenForo default.vcl settings >>> >>>>>> Message-ID: >>> >>>>>> >> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>> >>>>>> Content-Type: text/plain; charset="utf-8" >>> >>>>>> >>> >>>>>> Hi, >>> >>>>>> >>> >>>>>> Could you please share the appropriate Default.vcl settings for >>> XenForo >>> >>>>>> Forums? No one can register to the forum at the moment. My current >>> >>>>>> Default.vcl settings are as follows. >>> >>>>>> >>> >>>>>> Forum address: domain.com/forum >>> >>>>>> >>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>> >>>>>> * * *********************************************************/* >>> >>>>>> *vcl 4.0;* >>> >>>>>> *import std;* >>> >>>>>> >>> >>>>>> *backend default {* >>> >>>>>> * .host = "*******";* >>> >>>>>> * .port = "8080";* >>> >>>>>> * .connect_timeout = 600s;* >>> >>>>>> * .first_byte_timeout = 600s;* >>> >>>>>> * .between_bytes_timeout = 600s;* >>> >>>>>> * .max_connections = 800;* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>> >>>>>> *# ##########################################################* >>> >>>>>> *acl purge {* >>> >>>>>> * "localhost";* >>> >>>>>> * "127.0.0.1";* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *#THE RECV FUNCTION* >>> >>>>>> *# ##########################################################* >>> >>>>>> *sub vcl_recv {* >>> >>>>>> >>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>> various >>> >>>>>> checks* >>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>> ].*$", >>> >>>>>> ""); * >>> >>>>>> >>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>> >>>>>> * if (req.restarts == 0) {* >>> >>>>>> * if (req.http.x-forwarded-for) {* >>> >>>>>> * set req.http.X-Forwarded-For =* >>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>>>>> * } else {* >>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>> >>>>>> * }* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # Purge request check sections for hash_always_miss, purge and >>> ban* >>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>> >>>>>> * # ##########################################################* >>> >>>>>> >>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ >>> >>>>>> purge) {* >>> >>>>>> * set req.hash_always_miss = true;* >>> >>>>>> * }* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *if (req.method == "PURGE") {* >>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ >>> >>>>>> purge) {* >>> >>>>>> * return(synth(405,"Not allowed."));* >>> >>>>>> * }* >>> >>>>>> * return (purge);* >>> >>>>>> >>> >>>>>> * }* >>> >>>>>> *if (req.method == "BAN") {* >>> >>>>>> * # Same ACL check as above:* >>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") >>> >>>>>> ~ purge) {* >>> >>>>>> * return(synth(403, "Not allowed."));* >>> >>>>>> * }* >>> >>>>>> * ban("req.http.host == " + req.http.host +* >>> >>>>>> * " && req.url == " + req.url);* >>> >>>>>> >>> >>>>>> * # Throw a synthetic page so the* >>> >>>>>> * # request won't go to the backend.* >>> >>>>>> * return(synth(200, "Ban added"));* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> >>> >>>>>> *# Unset cloudflare cookies* >>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>> >>>>>> * # Remove a ";" prefix, if present.* >>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");* >>> >>>>>> >>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>> caching) >>> >>>>>> uncomment* >>> >>>>>> * # return( pass );* >>> >>>>>> >>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>> >>>>>> * if (req.restarts == 0) {* >>> >>>>>> * if (req.http.x-forwarded-for) {* >>> >>>>>> * set req.http.X-Forwarded-For =* >>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>>>>> * } else {* >>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>> >>>>>> * }* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> *# DO NOT CACHE RSS FEED* >>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>> >>>>>> * return ( pass ); * >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *## Do not cache search results, comment these 3 lines if you do >>> want to >>> >>>>>> cache them* >>> >>>>>> >>> >>>>>> *if (req.url ~ "/\?s\=") {* >>> >>>>>> * return ( pass ); * >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING* >>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (req.http.Accept-Encoding) {* >>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>> >>>>>> * # No point in compressing these* >>> >>>>>> * unset req.http.Accept-Encoding;* >>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>> >>>>>> * } else {* >>> >>>>>> * # unknown algorithm* >>> >>>>>> * unset req.http.Accept-Encoding;* >>> >>>>>> * }* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (req.method != "GET" &&* >>> >>>>>> * req.method != "HEAD" &&* >>> >>>>>> * req.method != "PUT" && * >>> >>>>>> * req.method != "POST" &&* >>> >>>>>> * req.method != "TRACE" &&* >>> >>>>>> * req.method != "OPTIONS" &&* >>> >>>>>> * req.method != "DELETE") {* >>> >>>>>> * return (pipe);* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>> >>>>>> * return (pass);* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>> TOO, >>> >>>>>> EITHER* >>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>> >>>>>> * return( pass );* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>> >>>>>> * # THEN UNSET THE COOKIES* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>> >>>>>> * ){* >>> >>>>>> * unset req.http.cookie;* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>> >>>>>> * return (pass);* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>> >>>>>> * # ##########################################################* >>> >>>>>> * return (hash);* >>> >>>>>> * # This is for phpmyadmin* >>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>> >>>>>> *return (pass);* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>> >>>>>> *return (pass);* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# HIT FUNCTION* >>> >>>>>> *# ##########################################################* >>> >>>>>> *sub vcl_hit {* >>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (req.method == "PURGE") {* >>> >>>>>> * #* >>> >>>>>> * # This is now handled in vcl_recv.* >>> >>>>>> * #* >>> >>>>>> * # purge;* >>> >>>>>> * return (synth(200, "Purged."));* >>> >>>>>> * }* >>> >>>>>> * return (deliver);* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# MISS FUNCTION* >>> >>>>>> *# ##########################################################* >>> >>>>>> *sub vcl_miss {* >>> >>>>>> * if (req.method == "PURGE") {* >>> >>>>>> * #* >>> >>>>>> * # This is now handled in vcl_recv.* >>> >>>>>> * #* >>> >>>>>> * # purge;* >>> >>>>>> * return (synth(200, "Purged."));* >>> >>>>>> * }* >>> >>>>>> * return (fetch);* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# FETCH FUNCTION* >>> >>>>>> *# ##########################################################* >>> >>>>>> *sub vcl_backend_response {* >>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> >>>>>> * # TO DO THIS* >>> >>>>>> * # ##########################################################* >>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>> >>>>>> >>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> >>>>>> "wordpress_logged_in" ) {* >>> >>>>>> * unset beresp.http.set-cookie;* >>> >>>>>> * set beresp.ttl = 52w;* >>> >>>>>> *# set beresp.grace =1w;* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * if (beresp.ttl <= 0s ||* >>> >>>>>> * beresp.http.Set-Cookie ||* >>> >>>>>> * beresp.http.Vary == "*") {* >>> >>>>>> * set beresp.ttl = 120 s;* >>> >>>>>> * # set beresp.ttl = 120s;* >>> >>>>>> * set beresp.uncacheable = true;* >>> >>>>>> * return (deliver);* >>> >>>>>> * }* >>> >>>>>> >>> >>>>>> * return (deliver);* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> *# DELIVER FUNCTION* >>> >>>>>> *# ##########################################################* >>> >>>>>> *sub vcl_deliver {* >>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> >>>>>> * # ##########################################################* >>> >>>>>> * if (obj.hits > 0) {* >>> >>>>>> * set resp.http.X-Cache = "HIT";* >>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> >>>>>> * # ##########################################################* >>> >>>>>> * } else {* >>> >>>>>> * set resp.http.X-Cache = "MISS";* >>> >>>>>> * }* >>> >>>>>> *}* >>> >>>>>> >>> >>>>>> >>> >>>>>> Thanks, >>> >>>>>> -------------- next part -------------- >>> >>>>>> An HTML attachment was scrubbed... >>> >>>>>> URL: >> attachments/20160803/d572e4b2/attachment-0001.html> >>> >>>>>> >>> >>>>>> ------------------------------ >>> >>>>>> >>> >>>>>> Message: 2 >>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>> >>>>>> From: Ayberk Kimsesiz >>> >>>>>> To: varnish-misc >>> >>>>>> Subject: Re: XenForo default.vcl settings >>> >>>>>> Message-ID: >>> >>>>>> >> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>> >>>>>> Content-Type: text/plain; charset="utf-8" >>> >>>>>> >>> >>>>>> I need to add the followings to default.vcl for Xenforo. However, >>> solutions >>> >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>> >>>>>> >>> >>>>>> xf_session_admin >>> >>>>>> xf_user >>> >>>>>> xf_session >>> >>>>>> >>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>> domain.com/forum >>> >>>>>> * >>> >>>>>> >>> >>>>>> >>> >>>>>> >>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com>: >>> >>>>>> >>> >>>>>> > Hi, >>> >>>>>> > >>> >>>>>> > Could you please share the appropriate Default.vcl settings for >>> XenForo >>> >>>>>> > Forums? No one can register to the forum at the moment. My >>> current >>> >>>>>> > Default.vcl settings are as follows. >>> >>>>>> > >>> >>>>>> > Forum address: domain.com/forum >>> >>>>>> > >>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>> >>>>>> > * * *********************************************************/* >>> >>>>>> > *vcl 4.0;* >>> >>>>>> > *import std;* >>> >>>>>> > >>> >>>>>> > *backend default {* >>> >>>>>> > * .host = "*******";* >>> >>>>>> > * .port = "8080";* >>> >>>>>> > * .connect_timeout = 600s;* >>> >>>>>> > * .first_byte_timeout = 600s;* >>> >>>>>> > * .between_bytes_timeout = 600s;* >>> >>>>>> > * .max_connections = 800;* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *acl purge {* >>> >>>>>> > * "localhost";* >>> >>>>>> > * "127.0.0.1";* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *#THE RECV FUNCTION* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *sub vcl_recv {* >>> >>>>>> > >>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for >>> various >>> >>>>>> > checks* >>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>> "[, ].*$", >>> >>>>>> > ""); * >>> >>>>>> > >>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>> >>>>>> > * if (req.restarts == 0) {* >>> >>>>>> > * if (req.http.x-forwarded-for) {* >>> >>>>>> > * set req.http.X-Forwarded-For =* >>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>>>>> > * } else {* >>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>> >>>>>> > * }* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # Purge request check sections for hash_always_miss, purge >>> and ban* >>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>> >>>>>> > * # ##########################################################* >>> >>>>>> > >>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ >>> >>>>>> > purge) {* >>> >>>>>> > * set req.hash_always_miss = true;* >>> >>>>>> > * }* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *if (req.method == "PURGE") {* >>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> "1.2.3.4") ~ >>> >>>>>> > purge) {* >>> >>>>>> > * return(synth(405,"Not allowed."));* >>> >>>>>> > * }* >>> >>>>>> > * return (purge);* >>> >>>>>> > >>> >>>>>> > * }* >>> >>>>>> > *if (req.method == "BAN") {* >>> >>>>>> > * # Same ACL check as above:* >>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>> >>>>>> > "1.2.3.4") ~ purge) {* >>> >>>>>> > * return(synth(403, "Not allowed."));* >>> >>>>>> > * }* >>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>> >>>>>> > * " && req.url == " + req.url);* >>> >>>>>> > >>> >>>>>> > * # Throw a synthetic page so the* >>> >>>>>> > * # request won't go to the backend.* >>> >>>>>> > * return(synth(200, "Ban added"));* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > >>> >>>>>> > *# Unset cloudflare cookies* >>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>> >>>>>> > * # Remove a ";" prefix, if present.* >>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>> "");* >>> >>>>>> > >>> >>>>>> > * # For Testing: If you want to test with Varnish passing (not >>> caching) >>> >>>>>> > uncomment* >>> >>>>>> > * # return( pass );* >>> >>>>>> > >>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>> >>>>>> > * if (req.restarts == 0) {* >>> >>>>>> > * if (req.http.x-forwarded-for) {* >>> >>>>>> > * set req.http.X-Forwarded-For =* >>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>> >>>>>> > * } else {* >>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>> >>>>>> > * }* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > *# DO NOT CACHE RSS FEED* >>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>> >>>>>> > * return ( pass ); * >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *## Do not cache search results, comment these 3 lines if you >>> do want to >>> >>>>>> > cache them* >>> >>>>>> > >>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>> >>>>>> > * return ( pass ); * >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>> ACCEPT-ENCODING* >>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (req.http.Accept-Encoding) {* >>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>> {* >>> >>>>>> > * # No point in compressing these* >>> >>>>>> > * unset req.http.Accept-Encoding;* >>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>> >>>>>> > * } else {* >>> >>>>>> > * # unknown algorithm* >>> >>>>>> > * unset req.http.Accept-Encoding;* >>> >>>>>> > * }* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (req.method != "GET" &&* >>> >>>>>> > * req.method != "HEAD" &&* >>> >>>>>> > * req.method != "PUT" && * >>> >>>>>> > * req.method != "POST" &&* >>> >>>>>> > * req.method != "TRACE" &&* >>> >>>>>> > * req.method != "OPTIONS" &&* >>> >>>>>> > * req.method != "DELETE") {* >>> >>>>>> > * return (pipe);* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>> >>>>>> > * return (pass);* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>> FETCH TOO, >>> >>>>>> > EITHER* >>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>> >>>>>> > * return( pass );* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>> >>>>>> > * # THEN UNSET THE COOKIES* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>> >>>>>> > * ){* >>> >>>>>> > * unset req.http.cookie;* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>> >>>>>> > * return (pass);* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * return (hash);* >>> >>>>>> > * # This is for phpmyadmin* >>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>> >>>>>> > *return (pass);* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>> {* >>> >>>>>> > *return (pass);* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# HIT FUNCTION* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *sub vcl_hit {* >>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (req.method == "PURGE") {* >>> >>>>>> > * #* >>> >>>>>> > * # This is now handled in vcl_recv.* >>> >>>>>> > * #* >>> >>>>>> > * # purge;* >>> >>>>>> > * return (synth(200, "Purged."));* >>> >>>>>> > * }* >>> >>>>>> > * return (deliver);* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# MISS FUNCTION* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *sub vcl_miss {* >>> >>>>>> > * if (req.method == "PURGE") {* >>> >>>>>> > * #* >>> >>>>>> > * # This is now handled in vcl_recv.* >>> >>>>>> > * #* >>> >>>>>> > * # purge;* >>> >>>>>> > * return (synth(200, "Purged."));* >>> >>>>>> > * }* >>> >>>>>> > * return (fetch);* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# FETCH FUNCTION* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *sub vcl_backend_response {* >>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> >>>>>> > * # TO DO THIS* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>> >>>>>> > >>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> >>>>>> > "wordpress_logged_in" ) {* >>> >>>>>> > * unset beresp.http.set-cookie;* >>> >>>>>> > * set beresp.ttl = 52w;* >>> >>>>>> > *# set beresp.grace =1w;* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * if (beresp.ttl <= 0s ||* >>> >>>>>> > * beresp.http.Set-Cookie ||* >>> >>>>>> > * beresp.http.Vary == "*") {* >>> >>>>>> > * set beresp.ttl = 120 s;* >>> >>>>>> > * # set beresp.ttl = 120s;* >>> >>>>>> > * set beresp.uncacheable = true;* >>> >>>>>> > * return (deliver);* >>> >>>>>> > * }* >>> >>>>>> > >>> >>>>>> > * return (deliver);* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > *# DELIVER FUNCTION* >>> >>>>>> > *# ##########################################################* >>> >>>>>> > *sub vcl_deliver {* >>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * if (obj.hits > 0) {* >>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> >>>>>> > * # ############################## >>> ############################* >>> >>>>>> > * } else {* >>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>> >>>>>> > * }* >>> >>>>>> > *}* >>> >>>>>> > >>> >>>>>> > >>> >>>>>> > Thanks, >>> >>>>>> > >>> >>>>>> -------------- next part -------------- >>> >>>>>> An HTML attachment was scrubbed... >>> >>>>>> URL: >> attachments/20160804/4e3f064a/attachment.html> >>> >>>>>> >>> >>>>>> ------------------------------ >>> >>>>>> >>> >>>>>> _______________________________________________ >>> >>>>>> varnish-misc mailing list >>> >>>>>> varnish-misc at varnish-cache.org >>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>>>>> >>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>> >>>>>> ********************************************* >>> >>>>> >>> >>>>> >>> >>>>> >>> >>>>> _______________________________________________ >>> >>>>> varnish-misc mailing list >>> >>>>> varnish-misc at varnish-cache.org >>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>>> >>> >>>> >>> >>>> >>> >>>> _______________________________________________ >>> >>>> varnish-misc mailing list >>> >>>> varnish-misc at varnish-cache.org >>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>> >>> >>> >>> >>> >> >>> > >>> >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 15:47:37 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 18:47:37 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Finally! Login function is now working with the following settings but X-Cache shows MISS instead of HIT. *#THE RECV FUNCTION* *# ##########################################################* *sub vcl_recv { * * if( req.http.Cookie ~ "xf_(session|user)") {* * return (pass);* * }* *# FETCH FUNCTION* *# ##########################################################* *sub vcl_backend_response { * * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* * # TO DO THIS* * # ##########################################################* * set beresp.http.Vary = "Accept-Encoding";* * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * * # TIME THIS PAGE WILL STAY CACHED (TTL)* * # ##########################################################* *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * *{ set beresp.uncacheable = true;* * set beresp.ttl = 1w;* * return (deliver);* * }* * if (beresp.ttl <= 0s ||* * beresp.http.Set-Cookie ||* * beresp.http.Vary == "*") {* * set beresp.ttl = 120 s;* * # set beresp.ttl = 120s;* * set beresp.uncacheable = true;* * return (deliver);* * }* * return (deliver);* *}* *# DELIVER FUNCTION* *# ##########################################################* *sub vcl_deliver {* * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * * # IN THE HEADER (GREAT FOR DEBUGGING)* * # ##########################################################* * if (obj.hits > 0) {* * set resp.http.X-Cache = "HIT";* * # IF THIS IS A MISS RETURN THAT IN THE HEADER* * # ##########################################################* * } else {* * set resp.http.X-Cache = "MISS";* * }* *}* 2016-08-04 18:02 GMT+03:00 Lane, Richard : > I agree that the order of execution may be getting you here. If you need > the WordPress rules then you may need to put additional logic to ensure > non-wordpress applications are not negatively affected. > > What happens if you change the order of these two blocks? Put your > Set-Cookie check block before the wp-login check. > > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > > # TIME THIS PAGE WILL STAY CACHED (TTL) > > # ########################################################## > > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ > "wordpress_logged_in" ) { > > unset beresp.http.set-cookie; > > set beresp.ttl = 52w; > > # set beresp.grace =1w; > > } > > > > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > > set beresp.uncacheable = true; > > set beresp.ttl = 1w; > > return (deliver); > > } > > On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: > >> The log output suggests the xf_ cookie check in vcl_recv is not the first >> thing to run as you pasted earlier. Also, looking a bit closer, your issue >> the fact that you unset the cookie in vcl_backend_response if it's not >> wordpress related. Again, you should really audit your entire VCL, and >> remove unneeded stuff, like all the WordPress related rules if you're not >> using it. >> >> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> Log message: >>> >>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>> - VCL_call RECV >>> - ReqHeader X-Actual-IP: 95.5.187.232 >>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>> est_cookie=WP+Cookie+check >>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>> est_cookie=WP+Cookie+check >>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>> est_cookie=WP+Cookie+check >>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>> 95.5.187.232 >>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>> - ReqHeader Accept-Encoding: gzip >>> - VCL_Log PPPAASS >>> - VCL_return pass >>> - VCL_call HASH >>> - VCL_return lookup >>> - VCL_call PASS >>> - VCL_return fetch >>> - Link bereq 524435 pass >>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>> - RespProtocol HTTP/1.1 >>> - RespStatus 200 >>> - RespReason OK >>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>> - RespHeader Server: Apache/2 >>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>> - RespHeader Accept-Ranges: bytes >>> -- >>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>> - VCL_call RECV >>> - ReqHeader X-Actual-IP: 95.5.187.232 >>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>> est_cookie=WP+Cookie+check >>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>> pps_times_showed_100=1; >>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>> est_cookie=WP+Cookie+check >>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>> pps_show_100=Th >>> >>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>> >>>> I assume you reloaded/restarted Varnish after these changes were made. >>>> If so, can you verify that you do have the cookies set on the request? >>>> >>>> maybe add this log message right before returning >>>> >>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>> std.log( "PPPAASS Cookie set for forum"); >>>> return (pass); >>>> >>>> } >>>> >>>> Then you can use varnishlog command (below) to verify cookie is found >>>> >>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>> >>>> >>>> Cheers, >>>> Richard >>>> >>>> >>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> > >>>> > First of all, thank you. However the problem continues. Can you >>>> examine the codes? >>>> > >>>> > >>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>> > * *********************************************************/ >>>> > vcl 4.0; >>>> > import std; >>>> > >>>> > backend default { >>>> > .host = "*******"; >>>> > .port = "8080"; >>>> > .connect_timeout = 600s; >>>> > .first_byte_timeout = 600s; >>>> > .between_bytes_timeout = 600s; >>>> > .max_connections = 800; >>>> > } >>>> > >>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>> > # ########################################################## >>>> > acl purge { >>>> > "localhost"; >>>> > "127.0.0.1"; >>>> > } >>>> > >>>> > #THE RECV FUNCTION >>>> > # ########################################################## >>>> > sub vcl_recv { >>>> > >>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>> > return (pass); >>>> > } >>>> > >>>> > # set realIP by trimming CloudFlare IP which will be used for various >>>> checks >>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>> ].*$", ""); >>>> > >>>> > # FORWARD THE IP OF THE REQUEST >>>> > if (req.restarts == 0) { >>>> > if (req.http.x-forwarded-for) { >>>> > set req.http.X-Forwarded-For = >>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>> > } else { >>>> > set req.http.X-Forwarded-For = client.ip; >>>> > } >>>> > } >>>> > >>>> > # Purge request check sections for hash_always_miss, purge and ban >>>> > # BLOCK IF NOT IP is not in purge acl >>>> > # ########################################################## >>>> > >>>> > # Enable smart refreshing using hash_always_miss >>>> > if (req.http.Cache-Control ~ "no-cache") { >>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>> ~ purge) { >>>> > set req.hash_always_miss = true; >>>> > } >>>> > } >>>> > >>>> > if (req.method == "PURGE") { >>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ purge) { >>>> > return(synth(405,"Not allowed.")); >>>> > } >>>> > return (purge); >>>> > >>>> > } >>>> > if (req.method == "BAN") { >>>> > # Same ACL check as above: >>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ purge) { >>>> > return(synth(403, "Not allowed.")); >>>> > } >>>> > ban("req.http.host == " + req.http.host + >>>> > " && req.url == " + req.url); >>>> > >>>> > # Throw a synthetic page so the >>>> > # request won't go to the backend. >>>> > return(synth(200, "Ban added")); >>>> > } >>>> > >>>> > >>>> > # Unset cloudflare cookies >>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>> > # Remove a ";" prefix, if present. >>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>> > >>>> > # For Testing: If you want to test with Varnish passing (not >>>> caching) uncomment >>>> > # return( pass ); >>>> > >>>> > # FORWARD THE IP OF THE REQUEST >>>> > if (req.restarts == 0) { >>>> > if (req.http.x-forwarded-for) { >>>> > set req.http.X-Forwarded-For = >>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>> > } else { >>>> > set req.http.X-Forwarded-For = client.ip; >>>> > } >>>> > } >>>> > >>>> > # DO NOT CACHE RSS FEED >>>> > if (req.url ~ "/feed(/)?") { >>>> > return ( pass ); >>>> > } >>>> > >>>> > ## Do not cache search results, comment these 3 lines if you do want >>>> to cache them >>>> > >>>> > if (req.url ~ "/\?s\=") { >>>> > return ( pass ); >>>> > } >>>> > >>>> > # CLEAN UP THE ENCODING HEADER. >>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING >>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>> > # ########################################################## >>>> > if (req.http.Accept-Encoding) { >>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>> > # No point in compressing these >>>> > unset req.http.Accept-Encoding; >>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>> > set req.http.Accept-Encoding = "gzip"; >>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>> > set req.http.Accept-Encoding = "deflate"; >>>> > } else { >>>> > # unknown algorithm >>>> > unset req.http.Accept-Encoding; >>>> > } >>>> > } >>>> > >>>> > # PIPE ALL NON-STANDARD REQUESTS >>>> > # ########################################################## >>>> > if (req.method != "GET" && >>>> > req.method != "HEAD" && >>>> > req.method != "PUT" && >>>> > req.method != "POST" && >>>> > req.method != "TRACE" && >>>> > req.method != "OPTIONS" && >>>> > req.method != "DELETE") { >>>> > return (pipe); >>>> > } >>>> > >>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>> > # ########################################################## >>>> > if (req.method != "GET" && req.method != "HEAD") { >>>> > return (pass); >>>> > } >>>> > >>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >>>> EITHER >>>> > # COMMENT OR UNCOMMENT BOTH >>>> > # ########################################################## >>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>> > return( pass ); >>>> > } >>>> > >>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>> > # THEN UNSET THE COOKIES >>>> > # ########################################################## >>>> > if (!(req.url ~ "wp-(login|admin)") >>>> > && !(req.url ~ "&preview=true" ) >>>> > ){ >>>> > unset req.http.cookie; >>>> > } >>>> > >>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>> > # ########################################################## >>>> > if (req.http.Authorization || req.http.Cookie) { >>>> > return (pass); >>>> > } >>>> > >>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>> > # ########################################################## >>>> > return (hash); >>>> > # This is for phpmyadmin >>>> > if (req.http.Host == "ki1.org") { >>>> > return (pass); >>>> > } >>>> > >>>> > if (req.http.Host == "mysql.ki1.org") { >>>> > return (pass); >>>> > } >>>> > >>>> > } >>>> > >>>> > # HIT FUNCTION >>>> > # ########################################################## >>>> > sub vcl_hit { >>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>> > # ########################################################## >>>> > if (req.method == "PURGE") { >>>> > # >>>> > # This is now handled in vcl_recv. >>>> > # >>>> > # purge; >>>> > return (synth(200, "Purged.")); >>>> > } >>>> > return (deliver); >>>> > } >>>> > >>>> > # MISS FUNCTION >>>> > # ########################################################## >>>> > sub vcl_miss { >>>> > if (req.method == "PURGE") { >>>> > # >>>> > # This is now handled in vcl_recv. >>>> > # >>>> > # purge; >>>> > return (synth(200, "Purged.")); >>>> > } >>>> > return (fetch); >>>> > } >>>> > >>>> > # FETCH FUNCTION >>>> > # ########################################################## >>>> > sub vcl_backend_response { >>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>> > # TO DO THIS >>>> > # ########################################################## >>>> > set beresp.http.Vary = "Accept-Encoding"; >>>> > >>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>> > # ########################################################## >>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> "wordpress_logged_in" ) { >>>> > unset beresp.http.set-cookie; >>>> > set beresp.ttl = 52w; >>>> > # set beresp.grace =1w; >>>> > } >>>> > >>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>> > set beresp.uncacheable = true; >>>> > set beresp.ttl = 1w; >>>> > return (deliver); >>>> > } >>>> > >>>> > >>>> > if (beresp.ttl <= 0s || >>>> > beresp.http.Set-Cookie || >>>> > beresp.http.Vary == "*") { >>>> > set beresp.ttl = 120 s; >>>> > # set beresp.ttl = 120s; >>>> > set beresp.uncacheable = true; >>>> > return (deliver); >>>> > } >>>> > >>>> > return (deliver); >>>> > } >>>> > >>>> > # DELIVER FUNCTION >>>> > # ########################################################## >>>> > sub vcl_deliver { >>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>> > # ########################################################## >>>> > if (obj.hits > 0) { >>>> > set resp.http.X-Cache = "HIT"; >>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>> > # ########################################################## >>>> > } else { >>>> > set resp.http.X-Cache = "MISS"; >>>> > } >>>> > } >>>> > >>>> > >>>> > >>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>> >> >>>> >> correction: >>>> >> >>>> >> sub vcl_recv { >>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>> >> return (pass); >>>> >> } >>>> >> } >>>> >> >>>> >> sub vcl_backend_response { >>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>> >> set beresp.uncacheable = true; >>>> >> set beresp.ttl = 1w; >>>> >> return (deliver); >>>> >> } >>>> >> } >>>> >> >>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>>> >>> >>>> >>> Hello, >>>> >>> >>>> >>> Aside from the provided VCL being for WordPress, while you're >>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>> fix is: >>>> >>> >>>> >>> sub vcl_recv { >>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>> >>> return (pass); >>>> >>> } >>>> >>> } >>>> >>> >>>> >>> sub vcl_backend_response { >>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>> >>> set beresp.uncacheable = true; >>>> >>> set beresp.ttl = 1w; >>>> >>> return (deliver); >>>> >>> } >>>> >>> } >>>> >>> >>>> >>> However, I suggest auditing your VCL, and only including rules >>>> specific to the application(s) which you are running. >>>> >>> >>>> >>> >>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>> >>>> >>>> Users can't login or register to domain.com/forum with the >>>> current settings. So we need to make a change related to xf_user and >>>> xf_session but how? >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>> >>>>> >>>> >>>>> If you want Varnish to ignore request for a path you need to tell >>>> it to pass. In your example you have a rule for the RSS feed. You can do >>>> the same for /forum/ in your vcl_recv block. >>>> >>>>> >>>> >>>>> *# DO NOT CACHE RSS FEED* >>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>> >>>>> * return ( pass ); * >>>> >>>>> *}* >>>> >>>>> >>>> >>>>> *# DO NOT CACHE FORUM* >>>> >>>>> if (req.url ~ "/forum(/)?") { >>>> >>>>> return ( pass ); >>>> >>>>> } >>>> >>>>> >>>> >>>>> Cheers, >>>> >>>>> Richard >>>> >>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> Message: 1 >>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>> >>>>>> From: Ayberk Kimsesiz >>>> >>>>>> To: varnish-misc >>>> >>>>>> Subject: XenForo default.vcl settings >>>> >>>>>> Message-ID: >>>> >>>>>> >>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>> >>>>>> >>>> >>>>>> Hi, >>>> >>>>>> >>>> >>>>>> Could you please share the appropriate Default.vcl settings for >>>> XenForo >>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>> current >>>> >>>>>> Default.vcl settings are as follows. >>>> >>>>>> >>>> >>>>>> Forum address: domain.com/forum >>>> >>>>>> >>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>> >>>>>> * * *********************************************************/* >>>> >>>>>> *vcl 4.0;* >>>> >>>>>> *import std;* >>>> >>>>>> >>>> >>>>>> *backend default {* >>>> >>>>>> * .host = "*******";* >>>> >>>>>> * .port = "8080";* >>>> >>>>>> * .connect_timeout = 600s;* >>>> >>>>>> * .first_byte_timeout = 600s;* >>>> >>>>>> * .between_bytes_timeout = 600s;* >>>> >>>>>> * .max_connections = 800;* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *acl purge {* >>>> >>>>>> * "localhost";* >>>> >>>>>> * "127.0.0.1";* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *#THE RECV FUNCTION* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *sub vcl_recv {* >>>> >>>>>> >>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>> various >>>> >>>>>> checks* >>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>> "[, ].*$", >>>> >>>>>> ""); * >>>> >>>>>> >>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>> >>>>>> * if (req.restarts == 0) {* >>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>> >>>>>> * set req.http.X-Forwarded-For =* >>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>>>> * } else {* >>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>> >>>>>> * }* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # Purge request check sections for hash_always_miss, purge and >>>> ban* >>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> >>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> >>>>>> purge) {* >>>> >>>>>> * set req.hash_always_miss = true;* >>>> >>>>>> * }* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *if (req.method == "PURGE") {* >>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> >>>>>> purge) {* >>>> >>>>>> * return(synth(405,"Not allowed."));* >>>> >>>>>> * }* >>>> >>>>>> * return (purge);* >>>> >>>>>> >>>> >>>>>> * }* >>>> >>>>>> *if (req.method == "BAN") {* >>>> >>>>>> * # Same ACL check as above:* >>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") >>>> >>>>>> ~ purge) {* >>>> >>>>>> * return(synth(403, "Not allowed."));* >>>> >>>>>> * }* >>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>> >>>>>> * " && req.url == " + req.url);* >>>> >>>>>> >>>> >>>>>> * # Throw a synthetic page so the* >>>> >>>>>> * # request won't go to the backend.* >>>> >>>>>> * return(synth(200, "Ban added"));* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> *# Unset cloudflare cookies* >>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>> >>>>>> * # Remove a ";" prefix, if present.* >>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>> "");* >>>> >>>>>> >>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>>> caching) >>>> >>>>>> uncomment* >>>> >>>>>> * # return( pass );* >>>> >>>>>> >>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>> >>>>>> * if (req.restarts == 0) {* >>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>> >>>>>> * set req.http.X-Forwarded-For =* >>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>>>> * } else {* >>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>> >>>>>> * }* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>> >>>>>> * return ( pass ); * >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *## Do not cache search results, comment these 3 lines if you do >>>> want to >>>> >>>>>> cache them* >>>> >>>>>> >>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>> >>>>>> * return ( pass ); * >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING* >>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {* >>>> >>>>>> * # No point in compressing these* >>>> >>>>>> * unset req.http.Accept-Encoding;* >>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>> >>>>>> * } else {* >>>> >>>>>> * # unknown algorithm* >>>> >>>>>> * unset req.http.Accept-Encoding;* >>>> >>>>>> * }* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (req.method != "GET" &&* >>>> >>>>>> * req.method != "HEAD" &&* >>>> >>>>>> * req.method != "PUT" && * >>>> >>>>>> * req.method != "POST" &&* >>>> >>>>>> * req.method != "TRACE" &&* >>>> >>>>>> * req.method != "OPTIONS" &&* >>>> >>>>>> * req.method != "DELETE") {* >>>> >>>>>> * return (pipe);* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>> >>>>>> * return (pass);* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>> FETCH TOO, >>>> >>>>>> EITHER* >>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>> >>>>>> * return( pass );* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>> >>>>>> * # THEN UNSET THE COOKIES* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>> >>>>>> * ){* >>>> >>>>>> * unset req.http.cookie;* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>> >>>>>> * return (pass);* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * return (hash);* >>>> >>>>>> * # This is for phpmyadmin* >>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>> >>>>>> *return (pass);* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") {* >>>> >>>>>> *return (pass);* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# HIT FUNCTION* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *sub vcl_hit {* >>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (req.method == "PURGE") {* >>>> >>>>>> * #* >>>> >>>>>> * # This is now handled in vcl_recv.* >>>> >>>>>> * #* >>>> >>>>>> * # purge;* >>>> >>>>>> * return (synth(200, "Purged."));* >>>> >>>>>> * }* >>>> >>>>>> * return (deliver);* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# MISS FUNCTION* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *sub vcl_miss {* >>>> >>>>>> * if (req.method == "PURGE") {* >>>> >>>>>> * #* >>>> >>>>>> * # This is now handled in vcl_recv.* >>>> >>>>>> * #* >>>> >>>>>> * # purge;* >>>> >>>>>> * return (synth(200, "Purged."));* >>>> >>>>>> * }* >>>> >>>>>> * return (fetch);* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# FETCH FUNCTION* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *sub vcl_backend_response {* >>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> >>>>>> * # TO DO THIS* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>>>> >>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> >>>>>> "wordpress_logged_in" ) {* >>>> >>>>>> * unset beresp.http.set-cookie;* >>>> >>>>>> * set beresp.ttl = 52w;* >>>> >>>>>> *# set beresp.grace =1w;* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>> >>>>>> * beresp.http.Set-Cookie ||* >>>> >>>>>> * beresp.http.Vary == "*") {* >>>> >>>>>> * set beresp.ttl = 120 s;* >>>> >>>>>> * # set beresp.ttl = 120s;* >>>> >>>>>> * set beresp.uncacheable = true;* >>>> >>>>>> * return (deliver);* >>>> >>>>>> * }* >>>> >>>>>> >>>> >>>>>> * return (deliver);* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> *# DELIVER FUNCTION* >>>> >>>>>> *# ##########################################################* >>>> >>>>>> *sub vcl_deliver {* >>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * if (obj.hits > 0) {* >>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> >>>>>> * # ##########################################################* >>>> >>>>>> * } else {* >>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>> >>>>>> * }* >>>> >>>>>> *}* >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> Thanks, >>>> >>>>>> -------------- next part -------------- >>>> >>>>>> An HTML attachment was scrubbed... >>>> >>>>>> URL: >>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>> attachment-0001.html> >>>> >>>>>> >>>> >>>>>> ------------------------------ >>>> >>>>>> >>>> >>>>>> Message: 2 >>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>> >>>>>> From: Ayberk Kimsesiz >>>> >>>>>> To: varnish-misc >>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>> >>>>>> Message-ID: >>>> >>>>>> >>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>> >>>>>> >>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>> However, solutions >>>> >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>>> >>>>>> >>>> >>>>>> xf_session_admin >>>> >>>>>> xf_user >>>> >>>>>> xf_session >>>> >>>>>> >>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>> domain.com/forum >>>> >>>>>> * >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com>: >>>> >>>>>> >>>> >>>>>> > Hi, >>>> >>>>>> > >>>> >>>>>> > Could you please share the appropriate Default.vcl settings >>>> for XenForo >>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>> current >>>> >>>>>> > Default.vcl settings are as follows. >>>> >>>>>> > >>>> >>>>>> > Forum address: domain.com/forum >>>> >>>>>> > >>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>> >>>>>> > * * ****************************** >>>> ***************************/* >>>> >>>>>> > *vcl 4.0;* >>>> >>>>>> > *import std;* >>>> >>>>>> > >>>> >>>>>> > *backend default {* >>>> >>>>>> > * .host = "*******";* >>>> >>>>>> > * .port = "8080";* >>>> >>>>>> > * .connect_timeout = 600s;* >>>> >>>>>> > * .first_byte_timeout = 600s;* >>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>> >>>>>> > * .max_connections = 800;* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *acl purge {* >>>> >>>>>> > * "localhost";* >>>> >>>>>> > * "127.0.0.1";* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *#THE RECV FUNCTION* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *sub vcl_recv {* >>>> >>>>>> > >>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used for >>>> various >>>> >>>>>> > checks* >>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>> "[, ].*$", >>>> >>>>>> > ""); * >>>> >>>>>> > >>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>> >>>>>> > * if (req.restarts == 0) {* >>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>>>> > * } else {* >>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>> >>>>>> > * }* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge >>>> and ban* >>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > >>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> >>>>>> > purge) {* >>>> >>>>>> > * set req.hash_always_miss = true;* >>>> >>>>>> > * }* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *if (req.method == "PURGE") {* >>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>> "1.2.3.4") ~ >>>> >>>>>> > purge) {* >>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>> >>>>>> > * }* >>>> >>>>>> > * return (purge);* >>>> >>>>>> > >>>> >>>>>> > * }* >>>> >>>>>> > *if (req.method == "BAN") {* >>>> >>>>>> > * # Same ACL check as above:* >>>> >>>>>> > * if (!client.ip ~ purge || >>>> !std.ip(req.http.X-Actual-IP, >>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>> >>>>>> > * return(synth(403, "Not allowed."));* >>>> >>>>>> > * }* >>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>> >>>>>> > * " && req.url == " + req.url);* >>>> >>>>>> > >>>> >>>>>> > * # Throw a synthetic page so the* >>>> >>>>>> > * # request won't go to the backend.* >>>> >>>>>> > * return(synth(200, "Ban added"));* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > >>>> >>>>>> > *# Unset cloudflare cookies* >>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>> "");* >>>> >>>>>> > >>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>> (not caching) >>>> >>>>>> > uncomment* >>>> >>>>>> > * # return( pass );* >>>> >>>>>> > >>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>> >>>>>> > * if (req.restarts == 0) {* >>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>> >>>>>> > * } else {* >>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>> >>>>>> > * }* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>> >>>>>> > * return ( pass ); * >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *## Do not cache search results, comment these 3 lines if you >>>> do want to >>>> >>>>>> > cache them* >>>> >>>>>> > >>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>> >>>>>> > * return ( pass ); * >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>> ACCEPT-ENCODING* >>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>> {* >>>> >>>>>> > * # No point in compressing these* >>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>> >>>>>> > * } else {* >>>> >>>>>> > * # unknown algorithm* >>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>> >>>>>> > * }* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (req.method != "GET" &&* >>>> >>>>>> > * req.method != "HEAD" &&* >>>> >>>>>> > * req.method != "PUT" && * >>>> >>>>>> > * req.method != "POST" &&* >>>> >>>>>> > * req.method != "TRACE" &&* >>>> >>>>>> > * req.method != "OPTIONS" &&* >>>> >>>>>> > * req.method != "DELETE") {* >>>> >>>>>> > * return (pipe);* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>> >>>>>> > * return (pass);* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>> FETCH TOO, >>>> >>>>>> > EITHER* >>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>> >>>>>> > * return( pass );* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>> >>>>>> > * ){* >>>> >>>>>> > * unset req.http.cookie;* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>> >>>>>> > * return (pass);* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * return (hash);* >>>> >>>>>> > * # This is for phpmyadmin* >>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>> >>>>>> > *return (pass);* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>>> {* >>>> >>>>>> > *return (pass);* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# HIT FUNCTION* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *sub vcl_hit {* >>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (req.method == "PURGE") {* >>>> >>>>>> > * #* >>>> >>>>>> > * # This is now handled in vcl_recv.* >>>> >>>>>> > * #* >>>> >>>>>> > * # purge;* >>>> >>>>>> > * return (synth(200, "Purged."));* >>>> >>>>>> > * }* >>>> >>>>>> > * return (deliver);* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# MISS FUNCTION* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *sub vcl_miss {* >>>> >>>>>> > * if (req.method == "PURGE") {* >>>> >>>>>> > * #* >>>> >>>>>> > * # This is now handled in vcl_recv.* >>>> >>>>>> > * #* >>>> >>>>>> > * # purge;* >>>> >>>>>> > * return (synth(200, "Purged."));* >>>> >>>>>> > * }* >>>> >>>>>> > * return (fetch);* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# FETCH FUNCTION* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *sub vcl_backend_response {* >>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> >>>>>> > * # TO DO THIS* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>>>> > >>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie >>>> ~ >>>> >>>>>> > "wordpress_logged_in" ) {* >>>> >>>>>> > * unset beresp.http.set-cookie;* >>>> >>>>>> > * set beresp.ttl = 52w;* >>>> >>>>>> > *# set beresp.grace =1w;* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>> >>>>>> > * beresp.http.Vary == "*") {* >>>> >>>>>> > * set beresp.ttl = 120 s;* >>>> >>>>>> > * # set beresp.ttl = 120s;* >>>> >>>>>> > * set beresp.uncacheable = true;* >>>> >>>>>> > * return (deliver);* >>>> >>>>>> > * }* >>>> >>>>>> > >>>> >>>>>> > * return (deliver);* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > *# DELIVER FUNCTION* >>>> >>>>>> > *# ##########################################################* >>>> >>>>>> > *sub vcl_deliver {* >>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * if (obj.hits > 0) {* >>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> >>>>>> > * # ############################## >>>> ############################* >>>> >>>>>> > * } else {* >>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>> >>>>>> > * }* >>>> >>>>>> > *}* >>>> >>>>>> > >>>> >>>>>> > >>>> >>>>>> > Thanks, >>>> >>>>>> > >>>> >>>>>> -------------- next part -------------- >>>> >>>>>> An HTML attachment was scrubbed... >>>> >>>>>> URL: >>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>> attachment.html> >>>> >>>>>> >>>> >>>>>> ------------------------------ >>>> >>>>>> >>>> >>>>>> _______________________________________________ >>>> >>>>>> varnish-misc mailing list >>>> >>>>>> varnish-misc at varnish-cache.org >>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>> -misc >>>> >>>>>> >>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>> >>>>>> ********************************************* >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> _______________________________________________ >>>> >>>>> varnish-misc mailing list >>>> >>>>> varnish-misc at varnish-cache.org >>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> _______________________________________________ >>>> >>>> varnish-misc mailing list >>>> >>>> varnish-misc at varnish-cache.org >>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>> >>> >>>> >>> >>>> >> >>>> > >>>> >>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 16:07:54 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 19:07:54 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Finally! Login function is now working with the following settings but X-Cache shows MISS instead of HIT. #THE RECV FUNCTION # ########################################################## sub vcl_recv { if( req.http.Cookie ~ "xf_(session|user)") { return (pass); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (beresp.http.Set-Cookie ~ "xf_(session|user)") { set beresp.uncacheable = true; set beresp.ttl = 1w; return (deliver); } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz : > Finally! > Login function is now working with the following settings but X-Cache > shows MISS instead of HIT. > > > *#THE RECV FUNCTION* > *# ##########################################################* > *sub vcl_recv { * > * if( req.http.Cookie ~ "xf_(session|user)") {* > * return (pass);* > * }* > > > *# FETCH FUNCTION* > *# ##########################################################* > *sub vcl_backend_response { * > > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* > * # TO DO THIS* > * # ##########################################################* > * set beresp.http.Vary = "Accept-Encoding";* > > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * > * # TIME THIS PAGE WILL STAY CACHED (TTL)* > * # ##########################################################* > *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * > *{ set beresp.uncacheable = true;* > * set beresp.ttl = 1w;* > * return (deliver);* > * }* > > * if (beresp.ttl <= 0s ||* > * beresp.http.Set-Cookie ||* > * beresp.http.Vary == "*") {* > * set beresp.ttl = 120 s;* > * # set beresp.ttl = 120s;* > * set beresp.uncacheable = true;* > * return (deliver);* > * }* > > * return (deliver);* > *}* > > *# DELIVER FUNCTION* > *# ##########################################################* > *sub vcl_deliver {* > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * > * # IN THE HEADER (GREAT FOR DEBUGGING)* > * # ##########################################################* > * if (obj.hits > 0) {* > * set resp.http.X-Cache = "HIT";* > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* > * # ##########################################################* > * } else {* > * set resp.http.X-Cache = "MISS";* > * }* > *}* > > 2016-08-04 18:02 GMT+03:00 Lane, Richard : > >> I agree that the order of execution may be getting you here. If you need >> the WordPress rules then you may need to put additional logic to ensure >> non-wordpress applications are not negatively affected. >> >> What happens if you change the order of these two blocks? Put your >> Set-Cookie check block before the wp-login check. >> >> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >> > # TIME THIS PAGE WILL STAY CACHED (TTL) >> > # ########################################################## >> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >> "wordpress_logged_in" ) { >> > unset beresp.http.set-cookie; >> > set beresp.ttl = 52w; >> > # set beresp.grace =1w; >> > } >> > >> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> > set beresp.uncacheable = true; >> > set beresp.ttl = 1w; >> > return (deliver); >> > } >> >> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >> >>> The log output suggests the xf_ cookie check in vcl_recv is not the >>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>> issue the fact that you unset the cookie in vcl_backend_response if it's >>> not wordpress related. Again, you should really audit your entire VCL, and >>> remove unneeded stuff, like all the WordPress related rules if you're not >>> using it. >>> >>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> Log message: >>>> >>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>> - VCL_call RECV >>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>> est_cookie=WP+Cookie+check >>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>> est_cookie=WP+Cookie+check >>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>> est_cookie=WP+Cookie+check >>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>> 95.5.187.232 >>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>> - ReqHeader Accept-Encoding: gzip >>>> - VCL_Log PPPAASS >>>> - VCL_return pass >>>> - VCL_call HASH >>>> - VCL_return lookup >>>> - VCL_call PASS >>>> - VCL_return fetch >>>> - Link bereq 524435 pass >>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>> - RespProtocol HTTP/1.1 >>>> - RespStatus 200 >>>> - RespReason OK >>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>> - RespHeader Server: Apache/2 >>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>> - RespHeader Accept-Ranges: bytes >>>> -- >>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>> - VCL_call RECV >>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>> est_cookie=WP+Cookie+check >>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>> pps_times_showed_100=1; >>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>> est_cookie=WP+Cookie+check >>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>> pps_show_100=Th >>>> >>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>> >>>>> I assume you reloaded/restarted Varnish after these changes were made. >>>>> If so, can you verify that you do have the cookies set on the request? >>>>> >>>>> maybe add this log message right before returning >>>>> >>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>> std.log( "PPPAASS Cookie set for forum"); >>>>> return (pass); >>>>> >>>>> } >>>>> >>>>> Then you can use varnishlog command (below) to verify cookie is found >>>>> >>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>> >>>>> >>>>> Cheers, >>>>> Richard >>>>> >>>>> >>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> > >>>>> > First of all, thank you. However the problem continues. Can you >>>>> examine the codes? >>>>> > >>>>> > >>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>> > * *********************************************************/ >>>>> > vcl 4.0; >>>>> > import std; >>>>> > >>>>> > backend default { >>>>> > .host = "*******"; >>>>> > .port = "8080"; >>>>> > .connect_timeout = 600s; >>>>> > .first_byte_timeout = 600s; >>>>> > .between_bytes_timeout = 600s; >>>>> > .max_connections = 800; >>>>> > } >>>>> > >>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>> > # ########################################################## >>>>> > acl purge { >>>>> > "localhost"; >>>>> > "127.0.0.1"; >>>>> > } >>>>> > >>>>> > #THE RECV FUNCTION >>>>> > # ########################################################## >>>>> > sub vcl_recv { >>>>> > >>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>> > return (pass); >>>>> > } >>>>> > >>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>> various checks >>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>> ].*$", ""); >>>>> > >>>>> > # FORWARD THE IP OF THE REQUEST >>>>> > if (req.restarts == 0) { >>>>> > if (req.http.x-forwarded-for) { >>>>> > set req.http.X-Forwarded-For = >>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>> > } else { >>>>> > set req.http.X-Forwarded-For = client.ip; >>>>> > } >>>>> > } >>>>> > >>>>> > # Purge request check sections for hash_always_miss, purge and ban >>>>> > # BLOCK IF NOT IP is not in purge acl >>>>> > # ########################################################## >>>>> > >>>>> > # Enable smart refreshing using hash_always_miss >>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ purge) { >>>>> > set req.hash_always_miss = true; >>>>> > } >>>>> > } >>>>> > >>>>> > if (req.method == "PURGE") { >>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ purge) { >>>>> > return(synth(405,"Not allowed.")); >>>>> > } >>>>> > return (purge); >>>>> > >>>>> > } >>>>> > if (req.method == "BAN") { >>>>> > # Same ACL check as above: >>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ purge) { >>>>> > return(synth(403, "Not allowed.")); >>>>> > } >>>>> > ban("req.http.host == " + req.http.host + >>>>> > " && req.url == " + req.url); >>>>> > >>>>> > # Throw a synthetic page so the >>>>> > # request won't go to the backend. >>>>> > return(synth(200, "Ban added")); >>>>> > } >>>>> > >>>>> > >>>>> > # Unset cloudflare cookies >>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>> > # Remove a ";" prefix, if present. >>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>> > >>>>> > # For Testing: If you want to test with Varnish passing (not >>>>> caching) uncomment >>>>> > # return( pass ); >>>>> > >>>>> > # FORWARD THE IP OF THE REQUEST >>>>> > if (req.restarts == 0) { >>>>> > if (req.http.x-forwarded-for) { >>>>> > set req.http.X-Forwarded-For = >>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>> > } else { >>>>> > set req.http.X-Forwarded-For = client.ip; >>>>> > } >>>>> > } >>>>> > >>>>> > # DO NOT CACHE RSS FEED >>>>> > if (req.url ~ "/feed(/)?") { >>>>> > return ( pass ); >>>>> > } >>>>> > >>>>> > ## Do not cache search results, comment these 3 lines if you do want >>>>> to cache them >>>>> > >>>>> > if (req.url ~ "/\?s\=") { >>>>> > return ( pass ); >>>>> > } >>>>> > >>>>> > # CLEAN UP THE ENCODING HEADER. >>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING >>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>> > # ########################################################## >>>>> > if (req.http.Accept-Encoding) { >>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>> > # No point in compressing these >>>>> > unset req.http.Accept-Encoding; >>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>> > set req.http.Accept-Encoding = "gzip"; >>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>> > set req.http.Accept-Encoding = "deflate"; >>>>> > } else { >>>>> > # unknown algorithm >>>>> > unset req.http.Accept-Encoding; >>>>> > } >>>>> > } >>>>> > >>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>> > # ########################################################## >>>>> > if (req.method != "GET" && >>>>> > req.method != "HEAD" && >>>>> > req.method != "PUT" && >>>>> > req.method != "POST" && >>>>> > req.method != "TRACE" && >>>>> > req.method != "OPTIONS" && >>>>> > req.method != "DELETE") { >>>>> > return (pipe); >>>>> > } >>>>> > >>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>> > # ########################################################## >>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>> > return (pass); >>>>> > } >>>>> > >>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>> TOO, EITHER >>>>> > # COMMENT OR UNCOMMENT BOTH >>>>> > # ########################################################## >>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>> > return( pass ); >>>>> > } >>>>> > >>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>> > # THEN UNSET THE COOKIES >>>>> > # ########################################################## >>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>> > && !(req.url ~ "&preview=true" ) >>>>> > ){ >>>>> > unset req.http.cookie; >>>>> > } >>>>> > >>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>> > # ########################################################## >>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>> > return (pass); >>>>> > } >>>>> > >>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>> > # ########################################################## >>>>> > return (hash); >>>>> > # This is for phpmyadmin >>>>> > if (req.http.Host == "ki1.org") { >>>>> > return (pass); >>>>> > } >>>>> > >>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>> > return (pass); >>>>> > } >>>>> > >>>>> > } >>>>> > >>>>> > # HIT FUNCTION >>>>> > # ########################################################## >>>>> > sub vcl_hit { >>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>> > # ########################################################## >>>>> > if (req.method == "PURGE") { >>>>> > # >>>>> > # This is now handled in vcl_recv. >>>>> > # >>>>> > # purge; >>>>> > return (synth(200, "Purged.")); >>>>> > } >>>>> > return (deliver); >>>>> > } >>>>> > >>>>> > # MISS FUNCTION >>>>> > # ########################################################## >>>>> > sub vcl_miss { >>>>> > if (req.method == "PURGE") { >>>>> > # >>>>> > # This is now handled in vcl_recv. >>>>> > # >>>>> > # purge; >>>>> > return (synth(200, "Purged.")); >>>>> > } >>>>> > return (fetch); >>>>> > } >>>>> > >>>>> > # FETCH FUNCTION >>>>> > # ########################################################## >>>>> > sub vcl_backend_response { >>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>> > # TO DO THIS >>>>> > # ########################################################## >>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>> > >>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>> > # ########################################################## >>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> "wordpress_logged_in" ) { >>>>> > unset beresp.http.set-cookie; >>>>> > set beresp.ttl = 52w; >>>>> > # set beresp.grace =1w; >>>>> > } >>>>> > >>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>> > set beresp.uncacheable = true; >>>>> > set beresp.ttl = 1w; >>>>> > return (deliver); >>>>> > } >>>>> > >>>>> > >>>>> > if (beresp.ttl <= 0s || >>>>> > beresp.http.Set-Cookie || >>>>> > beresp.http.Vary == "*") { >>>>> > set beresp.ttl = 120 s; >>>>> > # set beresp.ttl = 120s; >>>>> > set beresp.uncacheable = true; >>>>> > return (deliver); >>>>> > } >>>>> > >>>>> > return (deliver); >>>>> > } >>>>> > >>>>> > # DELIVER FUNCTION >>>>> > # ########################################################## >>>>> > sub vcl_deliver { >>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>> > # ########################################################## >>>>> > if (obj.hits > 0) { >>>>> > set resp.http.X-Cache = "HIT"; >>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>> > # ########################################################## >>>>> > } else { >>>>> > set resp.http.X-Cache = "MISS"; >>>>> > } >>>>> > } >>>>> > >>>>> > >>>>> > >>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>> >> >>>>> >> correction: >>>>> >> >>>>> >> sub vcl_recv { >>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>> >> return (pass); >>>>> >> } >>>>> >> } >>>>> >> >>>>> >> sub vcl_backend_response { >>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>> >> set beresp.uncacheable = true; >>>>> >> set beresp.ttl = 1w; >>>>> >> return (deliver); >>>>> >> } >>>>> >> } >>>>> >> >>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>>>> >>> >>>>> >>> Hello, >>>>> >>> >>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>> fix is: >>>>> >>> >>>>> >>> sub vcl_recv { >>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>> >>> return (pass); >>>>> >>> } >>>>> >>> } >>>>> >>> >>>>> >>> sub vcl_backend_response { >>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>> >>> set beresp.uncacheable = true; >>>>> >>> set beresp.ttl = 1w; >>>>> >>> return (deliver); >>>>> >>> } >>>>> >>> } >>>>> >>> >>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>> specific to the application(s) which you are running. >>>>> >>> >>>>> >>> >>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> >>>> >>>>> >>>> Users can't login or register to domain.com/forum with the >>>>> current settings. So we need to make a change related to xf_user and >>>>> xf_session but how? >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>> >>>>> >>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>> tell it to pass. In your example you have a rule for the RSS feed. You can >>>>> do the same for /forum/ in your vcl_recv block. >>>>> >>>>> >>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>> >>>>> * return ( pass ); * >>>>> >>>>> *}* >>>>> >>>>> >>>>> >>>>> *# DO NOT CACHE FORUM* >>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>> >>>>> return ( pass ); >>>>> >>>>> } >>>>> >>>>> >>>>> >>>>> Cheers, >>>>> >>>>> Richard >>>>> >>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> Message: 1 >>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>> >>>>>> From: Ayberk Kimsesiz >>>>> >>>>>> To: varnish-misc >>>>> >>>>>> Subject: XenForo default.vcl settings >>>>> >>>>>> Message-ID: >>>>> >>>>>> >>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>> >>>>>> >>>>> >>>>>> Hi, >>>>> >>>>>> >>>>> >>>>>> Could you please share the appropriate Default.vcl settings for >>>>> XenForo >>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>> current >>>>> >>>>>> Default.vcl settings are as follows. >>>>> >>>>>> >>>>> >>>>>> Forum address: domain.com/forum >>>>> >>>>>> >>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>> >>>>>> * * *********************************************************/* >>>>> >>>>>> *vcl 4.0;* >>>>> >>>>>> *import std;* >>>>> >>>>>> >>>>> >>>>>> *backend default {* >>>>> >>>>>> * .host = "*******";* >>>>> >>>>>> * .port = "8080";* >>>>> >>>>>> * .connect_timeout = 600s;* >>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>> >>>>>> * .max_connections = 800;* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *acl purge {* >>>>> >>>>>> * "localhost";* >>>>> >>>>>> * "127.0.0.1";* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *#THE RECV FUNCTION* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *sub vcl_recv {* >>>>> >>>>>> >>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>> various >>>>> >>>>>> checks* >>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>> "[, ].*$", >>>>> >>>>>> ""); * >>>>> >>>>>> >>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>>> * if (req.restarts == 0) {* >>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>>> * } else {* >>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>>> * }* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>> and ban* >>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>> >>>>>> * # ##########################################################* >>>>> >>>>>> >>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> >>>>>> purge) {* >>>>> >>>>>> * set req.hash_always_miss = true;* >>>>> >>>>>> * }* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *if (req.method == "PURGE") {* >>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> >>>>>> purge) {* >>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>> >>>>>> * }* >>>>> >>>>>> * return (purge);* >>>>> >>>>>> >>>>> >>>>>> * }* >>>>> >>>>>> *if (req.method == "BAN") {* >>>>> >>>>>> * # Same ACL check as above:* >>>>> >>>>>> * if (!client.ip ~ purge || >>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>> >>>>>> ~ purge) {* >>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>> >>>>>> * }* >>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>> >>>>>> * " && req.url == " + req.url);* >>>>> >>>>>> >>>>> >>>>>> * # Throw a synthetic page so the* >>>>> >>>>>> * # request won't go to the backend.* >>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> *# Unset cloudflare cookies* >>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>> "");* >>>>> >>>>>> >>>>> >>>>>> * # For Testing: If you want to test with Varnish passing (not >>>>> caching) >>>>> >>>>>> uncomment* >>>>> >>>>>> * # return( pass );* >>>>> >>>>>> >>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>>> * if (req.restarts == 0) {* >>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>>> * } else {* >>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>>> * }* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>> >>>>>> * return ( pass ); * >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you >>>>> do want to >>>>> >>>>>> cache them* >>>>> >>>>>> >>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>> >>>>>> * return ( pass ); * >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING* >>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>> {* >>>>> >>>>>> * # No point in compressing these* >>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>> >>>>>> * } else {* >>>>> >>>>>> * # unknown algorithm* >>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>> >>>>>> * }* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (req.method != "GET" &&* >>>>> >>>>>> * req.method != "HEAD" &&* >>>>> >>>>>> * req.method != "PUT" && * >>>>> >>>>>> * req.method != "POST" &&* >>>>> >>>>>> * req.method != "TRACE" &&* >>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>> >>>>>> * req.method != "DELETE") {* >>>>> >>>>>> * return (pipe);* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>> >>>>>> * return (pass);* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>> FETCH TOO, >>>>> >>>>>> EITHER* >>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>> >>>>>> * return( pass );* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>> >>>>>> * ){* >>>>> >>>>>> * unset req.http.cookie;* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>> >>>>>> * return (pass);* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * return (hash);* >>>>> >>>>>> * # This is for phpmyadmin* >>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>> >>>>>> *return (pass);* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>> {* >>>>> >>>>>> *return (pass);* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# HIT FUNCTION* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *sub vcl_hit {* >>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (req.method == "PURGE") {* >>>>> >>>>>> * #* >>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>> >>>>>> * #* >>>>> >>>>>> * # purge;* >>>>> >>>>>> * return (synth(200, "Purged."));* >>>>> >>>>>> * }* >>>>> >>>>>> * return (deliver);* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# MISS FUNCTION* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *sub vcl_miss {* >>>>> >>>>>> * if (req.method == "PURGE") {* >>>>> >>>>>> * #* >>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>> >>>>>> * #* >>>>> >>>>>> * # purge;* >>>>> >>>>>> * return (synth(200, "Purged."));* >>>>> >>>>>> * }* >>>>> >>>>>> * return (fetch);* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# FETCH FUNCTION* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *sub vcl_backend_response {* >>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>> >>>>>> * # TO DO THIS* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>> >>>>>> >>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> >>>>>> "wordpress_logged_in" ) {* >>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>> >>>>>> * set beresp.ttl = 52w;* >>>>> >>>>>> *# set beresp.grace =1w;* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>> >>>>>> * set beresp.uncacheable = true;* >>>>> >>>>>> * return (deliver);* >>>>> >>>>>> * }* >>>>> >>>>>> >>>>> >>>>>> * return (deliver);* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> *# DELIVER FUNCTION* >>>>> >>>>>> *# ##########################################################* >>>>> >>>>>> *sub vcl_deliver {* >>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * if (obj.hits > 0) {* >>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> >>>>>> * # ############################## >>>>> ############################* >>>>> >>>>>> * } else {* >>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>> >>>>>> * }* >>>>> >>>>>> *}* >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> Thanks, >>>>> >>>>>> -------------- next part -------------- >>>>> >>>>>> An HTML attachment was scrubbed... >>>>> >>>>>> URL: >>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>> attachment-0001.html> >>>>> >>>>>> >>>>> >>>>>> ------------------------------ >>>>> >>>>>> >>>>> >>>>>> Message: 2 >>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>> >>>>>> From: Ayberk Kimsesiz >>>>> >>>>>> To: varnish-misc >>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>> >>>>>> Message-ID: >>>>> >>>>>> >>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>> >>>>>> >>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>> However, solutions >>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please help? >>>>> >>>>>> >>>>> >>>>>> xf_session_admin >>>>> >>>>>> xf_user >>>>> >>>>>> xf_session >>>>> >>>>>> >>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>> domain.com/forum >>>>> >>>>>> * >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com>: >>>>> >>>>>> >>>>> >>>>>> > Hi, >>>>> >>>>>> > >>>>> >>>>>> > Could you please share the appropriate Default.vcl settings >>>>> for XenForo >>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>> current >>>>> >>>>>> > Default.vcl settings are as follows. >>>>> >>>>>> > >>>>> >>>>>> > Forum address: domain.com/forum >>>>> >>>>>> > >>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>> >>>>>> > * * ****************************** >>>>> ***************************/* >>>>> >>>>>> > *vcl 4.0;* >>>>> >>>>>> > *import std;* >>>>> >>>>>> > >>>>> >>>>>> > *backend default {* >>>>> >>>>>> > * .host = "*******";* >>>>> >>>>>> > * .port = "8080";* >>>>> >>>>>> > * .connect_timeout = 600s;* >>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>> >>>>>> > * .max_connections = 800;* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *acl purge {* >>>>> >>>>>> > * "localhost";* >>>>> >>>>>> > * "127.0.0.1";* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *#THE RECV FUNCTION* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *sub vcl_recv {* >>>>> >>>>>> > >>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>> for various >>>>> >>>>>> > checks* >>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>> "[, ].*$", >>>>> >>>>>> > ""); * >>>>> >>>>>> > >>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>>> > * if (req.restarts == 0) {* >>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>>> > * } else {* >>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>>> > * }* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge >>>>> and ban* >>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > >>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> >>>>>> > purge) {* >>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>> >>>>>> > * }* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>> "1.2.3.4") ~ >>>>> >>>>>> > purge) {* >>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>> >>>>>> > * }* >>>>> >>>>>> > * return (purge);* >>>>> >>>>>> > >>>>> >>>>>> > * }* >>>>> >>>>>> > *if (req.method == "BAN") {* >>>>> >>>>>> > * # Same ACL check as above:* >>>>> >>>>>> > * if (!client.ip ~ purge || >>>>> !std.ip(req.http.X-Actual-IP, >>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>> >>>>>> > * return(synth(403, "Not allowed."));* >>>>> >>>>>> > * }* >>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>> >>>>>> > * " && req.url == " + req.url);* >>>>> >>>>>> > >>>>> >>>>>> > * # Throw a synthetic page so the* >>>>> >>>>>> > * # request won't go to the backend.* >>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > >>>>> >>>>>> > *# Unset cloudflare cookies* >>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>> "");* >>>>> >>>>>> > >>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>> (not caching) >>>>> >>>>>> > uncomment* >>>>> >>>>>> > * # return( pass );* >>>>> >>>>>> > >>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>> >>>>>> > * if (req.restarts == 0) {* >>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>> >>>>>> > * } else {* >>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>> >>>>>> > * }* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>> >>>>>> > * return ( pass ); * >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if you >>>>> do want to >>>>> >>>>>> > cache them* >>>>> >>>>>> > >>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>> >>>>>> > * return ( pass ); * >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>> ACCEPT-ENCODING* >>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>> {* >>>>> >>>>>> > * # No point in compressing these* >>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>> >>>>>> > * } else {* >>>>> >>>>>> > * # unknown algorithm* >>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>> >>>>>> > * }* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (req.method != "GET" &&* >>>>> >>>>>> > * req.method != "HEAD" &&* >>>>> >>>>>> > * req.method != "PUT" && * >>>>> >>>>>> > * req.method != "POST" &&* >>>>> >>>>>> > * req.method != "TRACE" &&* >>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>> >>>>>> > * req.method != "DELETE") {* >>>>> >>>>>> > * return (pipe);* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>> >>>>>> > * return (pass);* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>> FETCH TOO, >>>>> >>>>>> > EITHER* >>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>> >>>>>> > * return( pass );* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>> WP-LOGIN* >>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>> >>>>>> > * ){* >>>>> >>>>>> > * unset req.http.cookie;* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>> >>>>>> > * return (pass);* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * return (hash);* >>>>> >>>>>> > * # This is for phpmyadmin* >>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>> >>>>>> > *return (pass);* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>>>> {* >>>>> >>>>>> > *return (pass);* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# HIT FUNCTION* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *sub vcl_hit {* >>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>> >>>>>> > * #* >>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>> >>>>>> > * #* >>>>> >>>>>> > * # purge;* >>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>> >>>>>> > * }* >>>>> >>>>>> > * return (deliver);* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# MISS FUNCTION* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *sub vcl_miss {* >>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>> >>>>>> > * #* >>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>> >>>>>> > * #* >>>>> >>>>>> > * # purge;* >>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>> >>>>>> > * }* >>>>> >>>>>> > * return (fetch);* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# FETCH FUNCTION* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *sub vcl_backend_response {* >>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>> WANT* >>>>> >>>>>> > * # TO DO THIS* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>> >>>>>> > >>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>> * >>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>> !bereq.http.cookie ~ >>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>> >>>>>> > *# set beresp.grace =1w;* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>> >>>>>> > * return (deliver);* >>>>> >>>>>> > * }* >>>>> >>>>>> > >>>>> >>>>>> > * return (deliver);* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > *# DELIVER FUNCTION* >>>>> >>>>>> > *# ############################## >>>>> ############################* >>>>> >>>>>> > *sub vcl_deliver {* >>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * if (obj.hits > 0) {* >>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> >>>>>> > * # ############################## >>>>> ############################* >>>>> >>>>>> > * } else {* >>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>> >>>>>> > * }* >>>>> >>>>>> > *}* >>>>> >>>>>> > >>>>> >>>>>> > >>>>> >>>>>> > Thanks, >>>>> >>>>>> > >>>>> >>>>>> -------------- next part -------------- >>>>> >>>>>> An HTML attachment was scrubbed... >>>>> >>>>>> URL: >>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>> attachment.html> >>>>> >>>>>> >>>>> >>>>>> ------------------------------ >>>>> >>>>>> >>>>> >>>>>> _______________________________________________ >>>>> >>>>>> varnish-misc mailing list >>>>> >>>>>> varnish-misc at varnish-cache.org >>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>> -misc >>>>> >>>>>> >>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>> >>>>>> ********************************************* >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> >>>>> varnish-misc mailing list >>>>> >>>>> varnish-misc at varnish-cache.org >>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>> -misc >>>>> >>>> >>>>> >>>> >>>>> >>>> >>>>> >>>> _______________________________________________ >>>>> >>>> varnish-misc mailing list >>>>> >>>> varnish-misc at varnish-cache.org >>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >>>>> >>> >>>>> >>> >>>>> >> >>>>> > >>>>> >>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 19:16:11 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 22:16:11 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: If i use the given settings MISS appears in the Header. Accept-Ranges bytes Age 0 Cache-control private, max-age=0 Content-Encoding gzip Content-Length 10075 Content-Type text/html; charset=UTF-8 Date Thu, 04 Aug 2016 18:30:52 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Last-Modified Thu, 04 Aug 2016 18:30:52 GMT Server Apache/2 Vary Accept-Encoding Via 1.1 varnish-v4 X-Cache MISS What do you suggest me to do? 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz : > Finally! > Login function is now working with the following settings but X-Cache > shows MISS instead of HIT. > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > if( req.http.Cookie ~ "xf_(session|user)") { > return (pass); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (beresp.http.Set-Cookie ~ "xf_(session|user)") > { set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz : > >> Finally! >> Login function is now working with the following settings but X-Cache >> shows MISS instead of HIT. >> >> >> *#THE RECV FUNCTION* >> *# ##########################################################* >> *sub vcl_recv { * >> * if( req.http.Cookie ~ "xf_(session|user)") {* >> * return (pass);* >> * }* >> >> >> *# FETCH FUNCTION* >> *# ##########################################################* >> *sub vcl_backend_response { * >> >> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >> * # TO DO THIS* >> * # ##########################################################* >> * set beresp.http.Vary = "Accept-Encoding";* >> >> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >> * # ##########################################################* >> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >> *{ set beresp.uncacheable = true;* >> * set beresp.ttl = 1w;* >> * return (deliver);* >> * }* >> >> * if (beresp.ttl <= 0s ||* >> * beresp.http.Set-Cookie ||* >> * beresp.http.Vary == "*") {* >> * set beresp.ttl = 120 s;* >> * # set beresp.ttl = 120s;* >> * set beresp.uncacheable = true;* >> * return (deliver);* >> * }* >> >> * return (deliver);* >> *}* >> >> *# DELIVER FUNCTION* >> *# ##########################################################* >> *sub vcl_deliver {* >> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >> * # IN THE HEADER (GREAT FOR DEBUGGING)* >> * # ##########################################################* >> * if (obj.hits > 0) {* >> * set resp.http.X-Cache = "HIT";* >> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >> * # ##########################################################* >> * } else {* >> * set resp.http.X-Cache = "MISS";* >> * }* >> *}* >> >> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >> >>> I agree that the order of execution may be getting you here. If you need >>> the WordPress rules then you may need to put additional logic to ensure >>> non-wordpress applications are not negatively affected. >>> >>> What happens if you change the order of these two blocks? Put your >>> Set-Cookie check block before the wp-login check. >>> >>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>> > # ########################################################## >>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>> "wordpress_logged_in" ) { >>> > unset beresp.http.set-cookie; >>> > set beresp.ttl = 52w; >>> > # set beresp.grace =1w; >>> > } >>> > >>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>> > set beresp.uncacheable = true; >>> > set beresp.ttl = 1w; >>> > return (deliver); >>> > } >>> >>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>> >>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>> not wordpress related. Again, you should really audit your entire VCL, and >>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>> using it. >>>> >>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>>> Log message: >>>>> >>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>> - VCL_call RECV >>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>> 95.5.187.232 >>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>> - ReqHeader Accept-Encoding: gzip >>>>> - VCL_Log PPPAASS >>>>> - VCL_return pass >>>>> - VCL_call HASH >>>>> - VCL_return lookup >>>>> - VCL_call PASS >>>>> - VCL_return fetch >>>>> - Link bereq 524435 pass >>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>> - RespProtocol HTTP/1.1 >>>>> - RespStatus 200 >>>>> - RespReason OK >>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>> - RespHeader Server: Apache/2 >>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>> - RespHeader Accept-Ranges: bytes >>>>> -- >>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>> - VCL_call RECV >>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>> pps_times_showed_100=1; >>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>> est_cookie=WP+Cookie+check >>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>> pps_show_100=Th >>>>> >>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>> >>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>> >>>>>> maybe add this log message right before returning >>>>>> >>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>> return (pass); >>>>>> >>>>>> } >>>>>> >>>>>> Then you can use varnishlog command (below) to verify cookie is found >>>>>> >>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>> >>>>>> >>>>>> Cheers, >>>>>> Richard >>>>>> >>>>>> >>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>> > >>>>>> > First of all, thank you. However the problem continues. Can you >>>>>> examine the codes? >>>>>> > >>>>>> > >>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>> > * *********************************************************/ >>>>>> > vcl 4.0; >>>>>> > import std; >>>>>> > >>>>>> > backend default { >>>>>> > .host = "*******"; >>>>>> > .port = "8080"; >>>>>> > .connect_timeout = 600s; >>>>>> > .first_byte_timeout = 600s; >>>>>> > .between_bytes_timeout = 600s; >>>>>> > .max_connections = 800; >>>>>> > } >>>>>> > >>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>> > # ########################################################## >>>>>> > acl purge { >>>>>> > "localhost"; >>>>>> > "127.0.0.1"; >>>>>> > } >>>>>> > >>>>>> > #THE RECV FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_recv { >>>>>> > >>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>> various checks >>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>> ].*$", ""); >>>>>> > >>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>> > if (req.restarts == 0) { >>>>>> > if (req.http.x-forwarded-for) { >>>>>> > set req.http.X-Forwarded-For = >>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>> > } else { >>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # Purge request check sections for hash_always_miss, purge and ban >>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>> > # ########################################################## >>>>>> > >>>>>> > # Enable smart refreshing using hash_always_miss >>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > set req.hash_always_miss = true; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > if (req.method == "PURGE") { >>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > return(synth(405,"Not allowed.")); >>>>>> > } >>>>>> > return (purge); >>>>>> > >>>>>> > } >>>>>> > if (req.method == "BAN") { >>>>>> > # Same ACL check as above: >>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ purge) { >>>>>> > return(synth(403, "Not allowed.")); >>>>>> > } >>>>>> > ban("req.http.host == " + req.http.host + >>>>>> > " && req.url == " + req.url); >>>>>> > >>>>>> > # Throw a synthetic page so the >>>>>> > # request won't go to the backend. >>>>>> > return(synth(200, "Ban added")); >>>>>> > } >>>>>> > >>>>>> > >>>>>> > # Unset cloudflare cookies >>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>> > # Remove a ";" prefix, if present. >>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>> > >>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>> caching) uncomment >>>>>> > # return( pass ); >>>>>> > >>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>> > if (req.restarts == 0) { >>>>>> > if (req.http.x-forwarded-for) { >>>>>> > set req.http.X-Forwarded-For = >>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>> > } else { >>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # DO NOT CACHE RSS FEED >>>>>> > if (req.url ~ "/feed(/)?") { >>>>>> > return ( pass ); >>>>>> > } >>>>>> > >>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>> want to cache them >>>>>> > >>>>>> > if (req.url ~ "/\?s\=") { >>>>>> > return ( pass ); >>>>>> > } >>>>>> > >>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING >>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>> > # ########################################################## >>>>>> > if (req.http.Accept-Encoding) { >>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>> > # No point in compressing these >>>>>> > unset req.http.Accept-Encoding; >>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>> > } else { >>>>>> > # unknown algorithm >>>>>> > unset req.http.Accept-Encoding; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>> > # ########################################################## >>>>>> > if (req.method != "GET" && >>>>>> > req.method != "HEAD" && >>>>>> > req.method != "PUT" && >>>>>> > req.method != "POST" && >>>>>> > req.method != "TRACE" && >>>>>> > req.method != "OPTIONS" && >>>>>> > req.method != "DELETE") { >>>>>> > return (pipe); >>>>>> > } >>>>>> > >>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>> > # ########################################################## >>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>> TOO, EITHER >>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>> > # ########################################################## >>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>> > return( pass ); >>>>>> > } >>>>>> > >>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>> > # THEN UNSET THE COOKIES >>>>>> > # ########################################################## >>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>> > && !(req.url ~ "&preview=true" ) >>>>>> > ){ >>>>>> > unset req.http.cookie; >>>>>> > } >>>>>> > >>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>> > # ########################################################## >>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>> > # ########################################################## >>>>>> > return (hash); >>>>>> > # This is for phpmyadmin >>>>>> > if (req.http.Host == "ki1.org") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>> > return (pass); >>>>>> > } >>>>>> > >>>>>> > } >>>>>> > >>>>>> > # HIT FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_hit { >>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>> > # ########################################################## >>>>>> > if (req.method == "PURGE") { >>>>>> > # >>>>>> > # This is now handled in vcl_recv. >>>>>> > # >>>>>> > # purge; >>>>>> > return (synth(200, "Purged.")); >>>>>> > } >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > # MISS FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_miss { >>>>>> > if (req.method == "PURGE") { >>>>>> > # >>>>>> > # This is now handled in vcl_recv. >>>>>> > # >>>>>> > # purge; >>>>>> > return (synth(200, "Purged.")); >>>>>> > } >>>>>> > return (fetch); >>>>>> > } >>>>>> > >>>>>> > # FETCH FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_backend_response { >>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>> > # TO DO THIS >>>>>> > # ########################################################## >>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>> > >>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>> > # ########################################################## >>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) { >>>>>> > unset beresp.http.set-cookie; >>>>>> > set beresp.ttl = 52w; >>>>>> > # set beresp.grace =1w; >>>>>> > } >>>>>> > >>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>> > set beresp.uncacheable = true; >>>>>> > set beresp.ttl = 1w; >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > >>>>>> > if (beresp.ttl <= 0s || >>>>>> > beresp.http.Set-Cookie || >>>>>> > beresp.http.Vary == "*") { >>>>>> > set beresp.ttl = 120 s; >>>>>> > # set beresp.ttl = 120s; >>>>>> > set beresp.uncacheable = true; >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > return (deliver); >>>>>> > } >>>>>> > >>>>>> > # DELIVER FUNCTION >>>>>> > # ########################################################## >>>>>> > sub vcl_deliver { >>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>> > # ########################################################## >>>>>> > if (obj.hits > 0) { >>>>>> > set resp.http.X-Cache = "HIT"; >>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>> > # ########################################################## >>>>>> > } else { >>>>>> > set resp.http.X-Cache = "MISS"; >>>>>> > } >>>>>> > } >>>>>> > >>>>>> > >>>>>> > >>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>> >> >>>>>> >> correction: >>>>>> >> >>>>>> >> sub vcl_recv { >>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>> >> return (pass); >>>>>> >> } >>>>>> >> } >>>>>> >> >>>>>> >> sub vcl_backend_response { >>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>> >> set beresp.uncacheable = true; >>>>>> >> set beresp.ttl = 1w; >>>>>> >> return (deliver); >>>>>> >> } >>>>>> >> } >>>>>> >> >>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>>>>> >>> >>>>>> >>> Hello, >>>>>> >>> >>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>>> fix is: >>>>>> >>> >>>>>> >>> sub vcl_recv { >>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>> >>> return (pass); >>>>>> >>> } >>>>>> >>> } >>>>>> >>> >>>>>> >>> sub vcl_backend_response { >>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>> >>> set beresp.uncacheable = true; >>>>>> >>> set beresp.ttl = 1w; >>>>>> >>> return (deliver); >>>>>> >>> } >>>>>> >>> } >>>>>> >>> >>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>> specific to the application(s) which you are running. >>>>>> >>> >>>>>> >>> >>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>> >>>> >>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>> current settings. So we need to make a change related to xf_user and >>>>>> xf_session but how? >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>>> >>>>> >>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>> tell it to pass. In your example you have a rule for the RSS feed. You can >>>>>> do the same for /forum/ in your vcl_recv block. >>>>>> >>>>> >>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>> * return ( pass ); * >>>>>> >>>>> *}* >>>>>> >>>>> >>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>> >>>>> return ( pass ); >>>>>> >>>>> } >>>>>> >>>>> >>>>>> >>>>> Cheers, >>>>>> >>>>> Richard >>>>>> >>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Message: 1 >>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>> >>>>>> To: varnish-misc >>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>> >>>>>> Message-ID: >>>>>> >>>>>> >>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> >>>>>> >>>>>> Hi, >>>>>> >>>>>> >>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>> for XenForo >>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>> current >>>>>> >>>>>> Default.vcl settings are as follows. >>>>>> >>>>>> >>>>>> >>>>>> Forum address: domain.com/forum >>>>>> >>>>>> >>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> >>>>>> * * ****************************** >>>>>> ***************************/* >>>>>> >>>>>> *vcl 4.0;* >>>>>> >>>>>> *import std;* >>>>>> >>>>>> >>>>>> >>>>>> *backend default {* >>>>>> >>>>>> * .host = "*******";* >>>>>> >>>>>> * .port = "8080";* >>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>> >>>>>> * .max_connections = 800;* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *acl purge {* >>>>>> >>>>>> * "localhost";* >>>>>> >>>>>> * "127.0.0.1";* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_recv {* >>>>>> >>>>>> >>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used for >>>>>> various >>>>>> >>>>>> checks* >>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>> "[, ].*$", >>>>>> >>>>>> ""); * >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>>> and ban* >>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> >>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> purge) {* >>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> purge) {* >>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (purge);* >>>>>> >>>>>> >>>>>> >>>>>> * }* >>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>> >>>>>> * # Same ACL check as above:* >>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>> >>>>>> ~ purge) {* >>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>> >>>>>> >>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>> >>>>>> * # request won't go to the backend.* >>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>> "");* >>>>>> >>>>>> >>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>> (not caching) >>>>>> >>>>>> uncomment* >>>>>> >>>>>> * # return( pass );* >>>>>> >>>>>> >>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you >>>>>> do want to >>>>>> >>>>>> cache them* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>> >>>>>> * return ( pass ); * >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>> {* >>>>>> >>>>>> * # No point in compressing these* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * # unknown algorithm* >>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>> >>>>>> * }* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>> >>>>>> * req.method != "PUT" && * >>>>>> >>>>>> * req.method != "POST" &&* >>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>> >>>>>> * req.method != "DELETE") {* >>>>>> >>>>>> * return (pipe);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>> FETCH TOO, >>>>>> >>>>>> EITHER* >>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> >>>>>> * return( pass );* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN* >>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>> >>>>>> * ){* >>>>>> >>>>>> * unset req.http.cookie;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>> >>>>>> * return (pass);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * return (hash);* >>>>>> >>>>>> * # This is for phpmyadmin* >>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>>> {* >>>>>> >>>>>> *return (pass);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# HIT FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_hit {* >>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# MISS FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_miss {* >>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>> >>>>>> * #* >>>>>> >>>>>> * # purge;* >>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>> >>>>>> * }* >>>>>> >>>>>> * return (fetch);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_backend_response {* >>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> >>>>>> * # TO DO THIS* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie >>>>>> ~ >>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> * }* >>>>>> >>>>>> >>>>>> >>>>>> * return (deliver);* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> >>>>>> *# ##########################################################* >>>>>> >>>>>> *sub vcl_deliver {* >>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> >>>>>> * # ############################## >>>>>> ############################* >>>>>> >>>>>> * } else {* >>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> >>>>>> * }* >>>>>> >>>>>> *}* >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Thanks, >>>>>> >>>>>> -------------- next part -------------- >>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>> >>>>>> URL: >>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>> attachment-0001.html> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> Message: 2 >>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>> >>>>>> To: varnish-misc >>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>> >>>>>> Message-ID: >>>>>> >>>>>> >>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>> >>>>>> >>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>> However, solutions >>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>> help? >>>>>> >>>>>> >>>>>> >>>>>> xf_session_admin >>>>>> >>>>>> xf_user >>>>>> >>>>>> xf_session >>>>>> >>>>>> >>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>> domain.com/forum >>>>>> >>>>>> * >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com>: >>>>>> >>>>>> >>>>>> >>>>>> > Hi, >>>>>> >>>>>> > >>>>>> >>>>>> > Could you please share the appropriate Default.vcl settings >>>>>> for XenForo >>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>>> current >>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>> >>>>>> > >>>>>> >>>>>> > Forum address: domain.com/forum >>>>>> >>>>>> > >>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>> >>>>>> > * * ****************************** >>>>>> ***************************/* >>>>>> >>>>>> > *vcl 4.0;* >>>>>> >>>>>> > *import std;* >>>>>> >>>>>> > >>>>>> >>>>>> > *backend default {* >>>>>> >>>>>> > * .host = "*******";* >>>>>> >>>>>> > * .port = "8080";* >>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>> >>>>>> > * .max_connections = 800;* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *acl purge {* >>>>>> >>>>>> > * "localhost";* >>>>>> >>>>>> > * "127.0.0.1";* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_recv {* >>>>>> >>>>>> > >>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>>> for various >>>>>> >>>>>> > checks* >>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>> "[, ].*$", >>>>>> >>>>>> > ""); * >>>>>> >>>>>> > >>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, purge >>>>>> and ban* >>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> > purge) {* >>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>> >>>>>> > * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>> "1.2.3.4") ~ >>>>>> >>>>>> > purge) {* >>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (purge);* >>>>>> >>>>>> > >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>> >>>>>> > * # Same ACL check as above:* >>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>> !std.ip(req.http.X-Actual-IP, >>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>> >>>>>> > * return(synth(403, "Not allowed."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>> >>>>>> > >>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>> >>>>>> > * # request won't go to the backend.* >>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > >>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>> cookies.* >>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>> "");* >>>>>> >>>>>> > >>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>>> (not caching) >>>>>> >>>>>> > uncomment* >>>>>> >>>>>> > * # return( pass );* >>>>>> >>>>>> > >>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>> >>>>>> > * return ( pass ); * >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>> you do want to >>>>>> >>>>>> > cache them* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>> >>>>>> > * return ( pass ); * >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>> ACCEPT-ENCODING* >>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>> ETC.* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>> {* >>>>>> >>>>>> > * # No point in compressing these* >>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * # unknown algorithm* >>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>> >>>>>> > * req.method != "PUT" && * >>>>>> >>>>>> > * req.method != "POST" &&* >>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>> >>>>>> > * return (pipe);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>> >>>>>> > * return (pass);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>> FETCH TOO, >>>>>> >>>>>> > EITHER* >>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>> >>>>>> > * return( pass );* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>> WP-LOGIN* >>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>> >>>>>> > * ){* >>>>>> >>>>>> > * unset req.http.cookie;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>> >>>>>> > * return (pass);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * return (hash);* >>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>> >>>>>> > *return (pass);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>>>>> {* >>>>>> >>>>>> > *return (pass);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# HIT FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_hit {* >>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # purge;* >>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# MISS FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_miss {* >>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>> >>>>>> > * #* >>>>>> >>>>>> > * # purge;* >>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > * return (fetch);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>> WANT* >>>>>> >>>>>> > * # TO DO THIS* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> > >>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>> OF * >>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>> !bereq.http.cookie ~ >>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > >>>>>> >>>>>> > * return (deliver);* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>> >>>>>> > *# ############################## >>>>>> ############################* >>>>>> >>>>>> > *sub vcl_deliver {* >>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>> * >>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> >>>>>> > * # ############################## >>>>>> ############################* >>>>>> >>>>>> > * } else {* >>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>> >>>>>> > * }* >>>>>> >>>>>> > *}* >>>>>> >>>>>> > >>>>>> >>>>>> > >>>>>> >>>>>> > Thanks, >>>>>> >>>>>> > >>>>>> >>>>>> -------------- next part -------------- >>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>> >>>>>> URL: >>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>> attachment.html> >>>>>> >>>>>> >>>>>> >>>>>> ------------------------------ >>>>>> >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> >>>>>> varnish-misc mailing list >>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>>>>> >>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>> >>>>>> ********************************************* >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> >>>>>> >>>>> _______________________________________________ >>>>>> >>>>> varnish-misc mailing list >>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> >>>>>> >>>> _______________________________________________ >>>>>> >>>> varnish-misc mailing list >>>>>> >>>> varnish-misc at varnish-cache.org >>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>> -misc >>>>>> >>> >>>>>> >>> >>>>>> >> >>>>>> > >>>>>> >>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Thu Aug 4 19:34:02 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Thu, 4 Aug 2016 14:34:02 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: If you PASS then your request will not be cached. Varnish marks these non-cached items as a MISS since they go to the backend each time and therefore a miss and not a hit on cache. What were you expecting? Is this still requests with the forum cookies? If you want to cache request from logged in users you will need to add the specific user cookies to the hash so each user served their cached copy. On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz wrote: > If i use the given settings MISS appears in the Header. > > Accept-Ranges bytes > Age 0 > Cache-control private, max-age=0 > Content-Encoding gzip > Content-Length 10075 > Content-Type text/html; charset=UTF-8 > Date Thu, 04 Aug 2016 18:30:52 GMT > Expires Thu, 19 Nov 1981 08:52:00 GMT > Last-Modified Thu, 04 Aug 2016 18:30:52 GMT > Server Apache/2 > Vary Accept-Encoding > Via 1.1 varnish-v4 > X-Cache MISS > > What do you suggest me to do? > > > > 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz : > >> Finally! >> Login function is now working with the following settings but X-Cache >> shows MISS instead of HIT. >> >> #THE RECV FUNCTION >> # ########################################################## >> sub vcl_recv { >> if( req.http.Cookie ~ "xf_(session|user)") { >> return (pass); >> } >> >> # FETCH FUNCTION >> # ########################################################## >> sub vcl_backend_response { >> >> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >> # TO DO THIS >> # ########################################################## >> set beresp.http.Vary = "Accept-Encoding"; >> >> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >> # TIME THIS PAGE WILL STAY CACHED (TTL) >> # ########################################################## >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >> { set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> >> if (beresp.ttl <= 0s || >> beresp.http.Set-Cookie || >> beresp.http.Vary == "*") { >> set beresp.ttl = 120 s; >> # set beresp.ttl = 120s; >> set beresp.uncacheable = true; >> return (deliver); >> } >> >> return (deliver); >> } >> >> # DELIVER FUNCTION >> # ########################################################## >> sub vcl_deliver { >> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >> # IN THE HEADER (GREAT FOR DEBUGGING) >> # ########################################################## >> if (obj.hits > 0) { >> set resp.http.X-Cache = "HIT"; >> # IF THIS IS A MISS RETURN THAT IN THE HEADER >> # ########################################################## >> } else { >> set resp.http.X-Cache = "MISS"; >> } >> } >> >> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz : >> >>> Finally! >>> Login function is now working with the following settings but X-Cache >>> shows MISS instead of HIT. >>> >>> >>> *#THE RECV FUNCTION* >>> *# ##########################################################* >>> *sub vcl_recv { * >>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>> * return (pass);* >>> * }* >>> >>> >>> *# FETCH FUNCTION* >>> *# ##########################################################* >>> *sub vcl_backend_response { * >>> >>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>> * # TO DO THIS* >>> * # ##########################################################* >>> * set beresp.http.Vary = "Accept-Encoding";* >>> >>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>> * # ##########################################################* >>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>> *{ set beresp.uncacheable = true;* >>> * set beresp.ttl = 1w;* >>> * return (deliver);* >>> * }* >>> >>> * if (beresp.ttl <= 0s ||* >>> * beresp.http.Set-Cookie ||* >>> * beresp.http.Vary == "*") {* >>> * set beresp.ttl = 120 s;* >>> * # set beresp.ttl = 120s;* >>> * set beresp.uncacheable = true;* >>> * return (deliver);* >>> * }* >>> >>> * return (deliver);* >>> *}* >>> >>> *# DELIVER FUNCTION* >>> *# ##########################################################* >>> *sub vcl_deliver {* >>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>> * # ##########################################################* >>> * if (obj.hits > 0) {* >>> * set resp.http.X-Cache = "HIT";* >>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>> * # ##########################################################* >>> * } else {* >>> * set resp.http.X-Cache = "MISS";* >>> * }* >>> *}* >>> >>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>> >>>> I agree that the order of execution may be getting you here. If you >>>> need the WordPress rules then you may need to put additional logic to >>>> ensure non-wordpress applications are not negatively affected. >>>> >>>> What happens if you change the order of these two blocks? Put your >>>> Set-Cookie check block before the wp-login check. >>>> >>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>> > # ########################################################## >>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>> "wordpress_logged_in" ) { >>>> > unset beresp.http.set-cookie; >>>> > set beresp.ttl = 52w; >>>> > # set beresp.grace =1w; >>>> > } >>>> > >>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>> > set beresp.uncacheable = true; >>>> > set beresp.ttl = 1w; >>>> > return (deliver); >>>> > } >>>> >>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>> >>>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>>> not wordpress related. Again, you should really audit your entire VCL, and >>>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>>> using it. >>>>> >>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> >>>>>> Log message: >>>>>> >>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>> - VCL_call RECV >>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>> est_cookie=WP+Cookie+check >>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>> est_cookie=WP+Cookie+check >>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>> est_cookie=WP+Cookie+check >>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>> 95.5.187.232 >>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>> - ReqHeader Accept-Encoding: gzip >>>>>> - VCL_Log PPPAASS >>>>>> - VCL_return pass >>>>>> - VCL_call HASH >>>>>> - VCL_return lookup >>>>>> - VCL_call PASS >>>>>> - VCL_return fetch >>>>>> - Link bereq 524435 pass >>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>> - RespProtocol HTTP/1.1 >>>>>> - RespStatus 200 >>>>>> - RespReason OK >>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>> - RespHeader Server: Apache/2 >>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>> - RespHeader Accept-Ranges: bytes >>>>>> -- >>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>> - VCL_call RECV >>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>> est_cookie=WP+Cookie+check >>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>> pps_times_showed_100=1; >>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>> est_cookie=WP+Cookie+check >>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>> pps_show_100=Th >>>>>> >>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>> >>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>>> >>>>>>> maybe add this log message right before returning >>>>>>> >>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>> return (pass); >>>>>>> >>>>>>> } >>>>>>> >>>>>>> Then you can use varnishlog command (below) to verify cookie is found >>>>>>> >>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>> >>>>>>> >>>>>>> Cheers, >>>>>>> Richard >>>>>>> >>>>>>> >>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>> > >>>>>>> > First of all, thank you. However the problem continues. Can you >>>>>>> examine the codes? >>>>>>> > >>>>>>> > >>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>> > * *********************************************************/ >>>>>>> > vcl 4.0; >>>>>>> > import std; >>>>>>> > >>>>>>> > backend default { >>>>>>> > .host = "*******"; >>>>>>> > .port = "8080"; >>>>>>> > .connect_timeout = 600s; >>>>>>> > .first_byte_timeout = 600s; >>>>>>> > .between_bytes_timeout = 600s; >>>>>>> > .max_connections = 800; >>>>>>> > } >>>>>>> > >>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>> > # ########################################################## >>>>>>> > acl purge { >>>>>>> > "localhost"; >>>>>>> > "127.0.0.1"; >>>>>>> > } >>>>>>> > >>>>>>> > #THE RECV FUNCTION >>>>>>> > # ########################################################## >>>>>>> > sub vcl_recv { >>>>>>> > >>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>> > return (pass); >>>>>>> > } >>>>>>> > >>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>> various checks >>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>> ].*$", ""); >>>>>>> > >>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>> > if (req.restarts == 0) { >>>>>>> > if (req.http.x-forwarded-for) { >>>>>>> > set req.http.X-Forwarded-For = >>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>> > } else { >>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>> > } >>>>>>> > } >>>>>>> > >>>>>>> > # Purge request check sections for hash_always_miss, purge and ban >>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>> > # ########################################################## >>>>>>> > >>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) { >>>>>>> > set req.hash_always_miss = true; >>>>>>> > } >>>>>>> > } >>>>>>> > >>>>>>> > if (req.method == "PURGE") { >>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) { >>>>>>> > return(synth(405,"Not allowed.")); >>>>>>> > } >>>>>>> > return (purge); >>>>>>> > >>>>>>> > } >>>>>>> > if (req.method == "BAN") { >>>>>>> > # Same ACL check as above: >>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ purge) { >>>>>>> > return(synth(403, "Not allowed.")); >>>>>>> > } >>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>> > " && req.url == " + req.url); >>>>>>> > >>>>>>> > # Throw a synthetic page so the >>>>>>> > # request won't go to the backend. >>>>>>> > return(synth(200, "Ban added")); >>>>>>> > } >>>>>>> > >>>>>>> > >>>>>>> > # Unset cloudflare cookies >>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>> > # Remove a ";" prefix, if present. >>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>>> > >>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>> caching) uncomment >>>>>>> > # return( pass ); >>>>>>> > >>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>> > if (req.restarts == 0) { >>>>>>> > if (req.http.x-forwarded-for) { >>>>>>> > set req.http.X-Forwarded-For = >>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>> > } else { >>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>> > } >>>>>>> > } >>>>>>> > >>>>>>> > # DO NOT CACHE RSS FEED >>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>> > return ( pass ); >>>>>>> > } >>>>>>> > >>>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>>> want to cache them >>>>>>> > >>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>> > return ( pass ); >>>>>>> > } >>>>>>> > >>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>> ACCEPT-ENCODING >>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>> > # ########################################################## >>>>>>> > if (req.http.Accept-Encoding) { >>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>> > # No point in compressing these >>>>>>> > unset req.http.Accept-Encoding; >>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>> > } else { >>>>>>> > # unknown algorithm >>>>>>> > unset req.http.Accept-Encoding; >>>>>>> > } >>>>>>> > } >>>>>>> > >>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>> > # ########################################################## >>>>>>> > if (req.method != "GET" && >>>>>>> > req.method != "HEAD" && >>>>>>> > req.method != "PUT" && >>>>>>> > req.method != "POST" && >>>>>>> > req.method != "TRACE" && >>>>>>> > req.method != "OPTIONS" && >>>>>>> > req.method != "DELETE") { >>>>>>> > return (pipe); >>>>>>> > } >>>>>>> > >>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>> > # ########################################################## >>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>> > return (pass); >>>>>>> > } >>>>>>> > >>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>> TOO, EITHER >>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>> > # ########################################################## >>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>> > return( pass ); >>>>>>> > } >>>>>>> > >>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>> > # THEN UNSET THE COOKIES >>>>>>> > # ########################################################## >>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>> > ){ >>>>>>> > unset req.http.cookie; >>>>>>> > } >>>>>>> > >>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>> > # ########################################################## >>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>> > return (pass); >>>>>>> > } >>>>>>> > >>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>> > # ########################################################## >>>>>>> > return (hash); >>>>>>> > # This is for phpmyadmin >>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>> > return (pass); >>>>>>> > } >>>>>>> > >>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>> > return (pass); >>>>>>> > } >>>>>>> > >>>>>>> > } >>>>>>> > >>>>>>> > # HIT FUNCTION >>>>>>> > # ########################################################## >>>>>>> > sub vcl_hit { >>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>> > # ########################################################## >>>>>>> > if (req.method == "PURGE") { >>>>>>> > # >>>>>>> > # This is now handled in vcl_recv. >>>>>>> > # >>>>>>> > # purge; >>>>>>> > return (synth(200, "Purged.")); >>>>>>> > } >>>>>>> > return (deliver); >>>>>>> > } >>>>>>> > >>>>>>> > # MISS FUNCTION >>>>>>> > # ########################################################## >>>>>>> > sub vcl_miss { >>>>>>> > if (req.method == "PURGE") { >>>>>>> > # >>>>>>> > # This is now handled in vcl_recv. >>>>>>> > # >>>>>>> > # purge; >>>>>>> > return (synth(200, "Purged.")); >>>>>>> > } >>>>>>> > return (fetch); >>>>>>> > } >>>>>>> > >>>>>>> > # FETCH FUNCTION >>>>>>> > # ########################################################## >>>>>>> > sub vcl_backend_response { >>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>> > # TO DO THIS >>>>>>> > # ########################################################## >>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>> > >>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>> > # ########################################################## >>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>> "wordpress_logged_in" ) { >>>>>>> > unset beresp.http.set-cookie; >>>>>>> > set beresp.ttl = 52w; >>>>>>> > # set beresp.grace =1w; >>>>>>> > } >>>>>>> > >>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>> > set beresp.uncacheable = true; >>>>>>> > set beresp.ttl = 1w; >>>>>>> > return (deliver); >>>>>>> > } >>>>>>> > >>>>>>> > >>>>>>> > if (beresp.ttl <= 0s || >>>>>>> > beresp.http.Set-Cookie || >>>>>>> > beresp.http.Vary == "*") { >>>>>>> > set beresp.ttl = 120 s; >>>>>>> > # set beresp.ttl = 120s; >>>>>>> > set beresp.uncacheable = true; >>>>>>> > return (deliver); >>>>>>> > } >>>>>>> > >>>>>>> > return (deliver); >>>>>>> > } >>>>>>> > >>>>>>> > # DELIVER FUNCTION >>>>>>> > # ########################################################## >>>>>>> > sub vcl_deliver { >>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>> > # ########################################################## >>>>>>> > if (obj.hits > 0) { >>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>> > # ########################################################## >>>>>>> > } else { >>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>> > } >>>>>>> > } >>>>>>> > >>>>>>> > >>>>>>> > >>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>> >> >>>>>>> >> correction: >>>>>>> >> >>>>>>> >> sub vcl_recv { >>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>> >> return (pass); >>>>>>> >> } >>>>>>> >> } >>>>>>> >> >>>>>>> >> sub vcl_backend_response { >>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>> >> set beresp.uncacheable = true; >>>>>>> >> set beresp.ttl = 1w; >>>>>>> >> return (deliver); >>>>>>> >> } >>>>>>> >> } >>>>>>> >> >>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>>>>>> >>> >>>>>>> >>> Hello, >>>>>>> >>> >>>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>>>> fix is: >>>>>>> >>> >>>>>>> >>> sub vcl_recv { >>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>> >>> return (pass); >>>>>>> >>> } >>>>>>> >>> } >>>>>>> >>> >>>>>>> >>> sub vcl_backend_response { >>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>> >>> set beresp.uncacheable = true; >>>>>>> >>> set beresp.ttl = 1w; >>>>>>> >>> return (deliver); >>>>>>> >>> } >>>>>>> >>> } >>>>>>> >>> >>>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>>> specific to the application(s) which you are running. >>>>>>> >>> >>>>>>> >>> >>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>> >>>> >>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>> xf_session but how? >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>>>> >>>>> >>>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>>> tell it to pass. In your example you have a rule for the RSS feed. You can >>>>>>> do the same for /forum/ in your vcl_recv block. >>>>>>> >>>>> >>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>> >>>>> * return ( pass ); * >>>>>>> >>>>> *}* >>>>>>> >>>>> >>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>> >>>>> return ( pass ); >>>>>>> >>>>> } >>>>>>> >>>>> >>>>>>> >>>>> Cheers, >>>>>>> >>>>> Richard >>>>>>> >>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> Message: 1 >>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>> >>>>>> To: varnish-misc >>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>> >>>>>> Message-ID: >>>>>>> >>>>>> >>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>> >>>>>> >>>>>>> >>>>>> Hi, >>>>>>> >>>>>> >>>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>>> for XenForo >>>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>>> current >>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>> >>>>>> >>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>> >>>>>> >>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>> >>>>>> * * ****************************** >>>>>>> ***************************/* >>>>>>> >>>>>> *vcl 4.0;* >>>>>>> >>>>>> *import std;* >>>>>>> >>>>>> >>>>>>> >>>>>> *backend default {* >>>>>>> >>>>>> * .host = "*******";* >>>>>>> >>>>>> * .port = "8080";* >>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>> >>>>>> * .max_connections = 800;* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *acl purge {* >>>>>>> >>>>>> * "localhost";* >>>>>>> >>>>>> * "127.0.0.1";* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *sub vcl_recv {* >>>>>>> >>>>>> >>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used >>>>>>> for various >>>>>>> >>>>>> checks* >>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>> "[, ].*$", >>>>>>> >>>>>> ""); * >>>>>>> >>>>>> >>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>> * } else {* >>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>>>> and ban* >>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> >>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ >>>>>>> >>>>>> purge) {* >>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ >>>>>>> >>>>>> purge) {* >>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * return (purge);* >>>>>>> >>>>>> >>>>>>> >>>>>> * }* >>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>> >>>>>> ~ purge) {* >>>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>> >>>>>> >>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* cookies.* >>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>> "");* >>>>>>> >>>>>> >>>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>>> (not caching) >>>>>>> >>>>>> uncomment* >>>>>>> >>>>>> * # return( pass );* >>>>>>> >>>>>> >>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>> * } else {* >>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>> >>>>>> * return ( pass ); * >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if you >>>>>>> do want to >>>>>>> >>>>>> cache them* >>>>>>> >>>>>> >>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>> >>>>>> * return ( pass ); * >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>> ACCEPT-ENCODING* >>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>> {* >>>>>>> >>>>>> * # No point in compressing these* >>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>> >>>>>> * } else {* >>>>>>> >>>>>> * # unknown algorithm* >>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>> >>>>>> * return (pipe);* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>> >>>>>> * return (pass);* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>> FETCH TOO, >>>>>>> >>>>>> EITHER* >>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>> >>>>>> * return( pass );* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>> WP-LOGIN* >>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>> >>>>>> * ){* >>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>> >>>>>> * return (pass);* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * return (hash);* >>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>> >>>>>> *return (pass);* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>>>> {* >>>>>>> >>>>>> *return (pass);* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *sub vcl_hit {* >>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>> >>>>>> * #* >>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>> >>>>>> * #* >>>>>>> >>>>>> * # purge;* >>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * return (deliver);* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *sub vcl_miss {* >>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>> >>>>>> * #* >>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>> >>>>>> * #* >>>>>>> >>>>>> * # purge;* >>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> * return (fetch);* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>> WANT* >>>>>>> >>>>>> * # TO DO THIS* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>> >>>>>> >>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>> * >>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>> !bereq.http.cookie ~ >>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>> >>>>>> * return (deliver);* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> >>>>>>> >>>>>> * return (deliver);* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>> >>>>>> *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>> >>>>>> * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> * } else {* >>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>> >>>>>> * }* >>>>>>> >>>>>> *}* >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> Thanks, >>>>>>> >>>>>> -------------- next part -------------- >>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>> >>>>>> URL: >>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>> attachment-0001.html> >>>>>>> >>>>>> >>>>>>> >>>>>> ------------------------------ >>>>>>> >>>>>> >>>>>>> >>>>>> Message: 2 >>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>> >>>>>> To: varnish-misc >>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>> >>>>>> Message-ID: >>>>>>> >>>>>> >>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>> >>>>>> >>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>> However, solutions >>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>>> help? >>>>>>> >>>>>> >>>>>>> >>>>>> xf_session_admin >>>>>>> >>>>>> xf_user >>>>>>> >>>>>> xf_session >>>>>>> >>>>>> >>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>>> domain.com/forum >>>>>>> >>>>>> * >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> >>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>> >>>>>> >>>>>>> >>>>>> > Hi, >>>>>>> >>>>>> > >>>>>>> >>>>>> > Could you please share the appropriate Default.vcl settings >>>>>>> for XenForo >>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>>>> current >>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>> >>>>>> > >>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>> >>>>>> > >>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>> >>>>>> > * * ****************************** >>>>>>> ***************************/* >>>>>>> >>>>>> > *vcl 4.0;* >>>>>>> >>>>>> > *import std;* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *backend default {* >>>>>>> >>>>>> > * .host = "*******";* >>>>>>> >>>>>> > * .port = "8080";* >>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *acl purge {* >>>>>>> >>>>>> > * "localhost";* >>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>>>> for various >>>>>>> >>>>>> > checks* >>>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>> "[, ].*$", >>>>>>> >>>>>> > ""); * >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>> > * } else {* >>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>> purge and ban* >>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>> >>>>>> > * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>> "1.2.3.4") ~ >>>>>>> >>>>>> > purge) {* >>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>> >>>>>> > purge) {* >>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * return (purge);* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>> allowed."));* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>> cookies.* >>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>> "^;\s*", "");* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>>>> (not caching) >>>>>>> >>>>>> > uncomment* >>>>>>> >>>>>> > * # return( pass );* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>> >>>>>> > * } else {* >>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>> >>>>>> > * return ( pass ); * >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>>> you do want to >>>>>>> >>>>>> > cache them* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>> >>>>>> > * return ( pass ); * >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>> ACCEPT-ENCODING* >>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>> ETC.* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>> {* >>>>>>> >>>>>> > * # No point in compressing these* >>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>> >>>>>> > * } else {* >>>>>>> >>>>>> > * # unknown algorithm* >>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>> >>>>>> > * return (pipe);* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>> >>>>>> > * return (pass);* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>> FETCH TOO, >>>>>>> >>>>>> > EITHER* >>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>> >>>>>> > * return( pass );* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>> WP-LOGIN* >>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>> >>>>>> > * ){* >>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>> >>>>>> > * return (pass);* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * return (hash);* >>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>> >>>>>> > *return (pass);* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>>>>>> {* >>>>>>> >>>>>> > *return (pass);* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>> >>>>>> > * #* >>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>> >>>>>> > * #* >>>>>>> >>>>>> > * # purge;* >>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * return (deliver);* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>> >>>>>> > * #* >>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>> >>>>>> > * #* >>>>>>> >>>>>> > * # purge;* >>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > * return (fetch);* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>> * >>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>> WANT* >>>>>>> >>>>>> > * # TO DO THIS* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>> OF * >>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>> !bereq.http.cookie ~ >>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>> >>>>>> > * return (deliver);* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > >>>>>>> >>>>>> > * return (deliver);* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>> >>>>>> > *# ############################## >>>>>>> ############################* >>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>> TEXT * >>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>> >>>>>> > * # ############################## >>>>>>> ############################* >>>>>>> >>>>>> > * } else {* >>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>> >>>>>> > * }* >>>>>>> >>>>>> > *}* >>>>>>> >>>>>> > >>>>>>> >>>>>> > >>>>>>> >>>>>> > Thanks, >>>>>>> >>>>>> > >>>>>>> >>>>>> -------------- next part -------------- >>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>> >>>>>> URL: >>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>> attachment.html> >>>>>>> >>>>>> >>>>>>> >>>>>> ------------------------------ >>>>>>> >>>>>> >>>>>>> >>>>>> _______________________________________________ >>>>>>> >>>>>> varnish-misc mailing list >>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>> -misc >>>>>>> >>>>>> >>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>> >>>>>> ********************************************* >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> >>>>> >>>>>>> >>>>> _______________________________________________ >>>>>>> >>>>> varnish-misc mailing list >>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>> -misc >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> >>>>>>> >>>> _______________________________________________ >>>>>>> >>>> varnish-misc mailing list >>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>> -misc >>>>>>> >>> >>>>>>> >>> >>>>>>> >> >>>>>>> > >>>>>>> >>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 19:44:10 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 22:44:10 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Yes, i want /forum to be MISS, there is no problem. However, Wordpress (homepage) shows MISS too. 2016-08-04 22:34 GMT+03:00 Lane, Richard : > If you PASS then your request will not be cached. Varnish marks these > non-cached items as a MISS since they go to the backend each time and > therefore a miss and not a hit on cache. > > What were you expecting? Is this still requests with the forum cookies? > > If you want to cache request from logged in users you will need to add the > specific user cookies to the hash so each user served their cached copy. > > On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz > wrote: > >> If i use the given settings MISS appears in the Header. >> >> Accept-Ranges bytes >> Age 0 >> Cache-control private, max-age=0 >> Content-Encoding gzip >> Content-Length 10075 >> Content-Type text/html; charset=UTF-8 >> Date Thu, 04 Aug 2016 18:30:52 GMT >> Expires Thu, 19 Nov 1981 08:52:00 GMT >> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >> Server Apache/2 >> Vary Accept-Encoding >> Via 1.1 varnish-v4 >> X-Cache MISS >> >> What do you suggest me to do? >> >> >> >> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz : >> >>> Finally! >>> Login function is now working with the following settings but X-Cache >>> shows MISS instead of HIT. >>> >>> #THE RECV FUNCTION >>> # ########################################################## >>> sub vcl_recv { >>> if( req.http.Cookie ~ "xf_(session|user)") { >>> return (pass); >>> } >>> >>> # FETCH FUNCTION >>> # ########################################################## >>> sub vcl_backend_response { >>> >>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>> # TO DO THIS >>> # ########################################################## >>> set beresp.http.Vary = "Accept-Encoding"; >>> >>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>> # ########################################################## >>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>> { set beresp.uncacheable = true; >>> set beresp.ttl = 1w; >>> return (deliver); >>> } >>> >>> if (beresp.ttl <= 0s || >>> beresp.http.Set-Cookie || >>> beresp.http.Vary == "*") { >>> set beresp.ttl = 120 s; >>> # set beresp.ttl = 120s; >>> set beresp.uncacheable = true; >>> return (deliver); >>> } >>> >>> return (deliver); >>> } >>> >>> # DELIVER FUNCTION >>> # ########################################################## >>> sub vcl_deliver { >>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>> # IN THE HEADER (GREAT FOR DEBUGGING) >>> # ########################################################## >>> if (obj.hits > 0) { >>> set resp.http.X-Cache = "HIT"; >>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>> # ########################################################## >>> } else { >>> set resp.http.X-Cache = "MISS"; >>> } >>> } >>> >>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz : >>> >>>> Finally! >>>> Login function is now working with the following settings but X-Cache >>>> shows MISS instead of HIT. >>>> >>>> >>>> *#THE RECV FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_recv { * >>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>> * return (pass);* >>>> * }* >>>> >>>> >>>> *# FETCH FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_backend_response { * >>>> >>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>> * # TO DO THIS* >>>> * # ##########################################################* >>>> * set beresp.http.Vary = "Accept-Encoding";* >>>> >>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>> * # ##########################################################* >>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>> *{ set beresp.uncacheable = true;* >>>> * set beresp.ttl = 1w;* >>>> * return (deliver);* >>>> * }* >>>> >>>> * if (beresp.ttl <= 0s ||* >>>> * beresp.http.Set-Cookie ||* >>>> * beresp.http.Vary == "*") {* >>>> * set beresp.ttl = 120 s;* >>>> * # set beresp.ttl = 120s;* >>>> * set beresp.uncacheable = true;* >>>> * return (deliver);* >>>> * }* >>>> >>>> * return (deliver);* >>>> *}* >>>> >>>> *# DELIVER FUNCTION* >>>> *# ##########################################################* >>>> *sub vcl_deliver {* >>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>> * # ##########################################################* >>>> * if (obj.hits > 0) {* >>>> * set resp.http.X-Cache = "HIT";* >>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>> * # ##########################################################* >>>> * } else {* >>>> * set resp.http.X-Cache = "MISS";* >>>> * }* >>>> *}* >>>> >>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>> >>>>> I agree that the order of execution may be getting you here. If you >>>>> need the WordPress rules then you may need to put additional logic to >>>>> ensure non-wordpress applications are not negatively affected. >>>>> >>>>> What happens if you change the order of these two blocks? Put your >>>>> Set-Cookie check block before the wp-login check. >>>>> >>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>> > # ########################################################## >>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>> "wordpress_logged_in" ) { >>>>> > unset beresp.http.set-cookie; >>>>> > set beresp.ttl = 52w; >>>>> > # set beresp.grace =1w; >>>>> > } >>>>> > >>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>> > set beresp.uncacheable = true; >>>>> > set beresp.ttl = 1w; >>>>> > return (deliver); >>>>> > } >>>>> >>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>> >>>>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>>>> not wordpress related. Again, you should really audit your entire VCL, and >>>>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>>>> using it. >>>>>> >>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>> >>>>>>> Log message: >>>>>>> >>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>> - VCL_call RECV >>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>> 95.5.187.232 >>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>> - VCL_Log PPPAASS >>>>>>> - VCL_return pass >>>>>>> - VCL_call HASH >>>>>>> - VCL_return lookup >>>>>>> - VCL_call PASS >>>>>>> - VCL_return fetch >>>>>>> - Link bereq 524435 pass >>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>> - RespProtocol HTTP/1.1 >>>>>>> - RespStatus 200 >>>>>>> - RespReason OK >>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>> - RespHeader Server: Apache/2 >>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>> -- >>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>> - VCL_call RECV >>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>> pps_times_showed_100=1; >>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>> est_cookie=WP+Cookie+check >>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>> pps_show_100=Th >>>>>>> >>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>> >>>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>>>> >>>>>>>> maybe add this log message right before returning >>>>>>>> >>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>> return (pass); >>>>>>>> >>>>>>>> } >>>>>>>> >>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>> found >>>>>>>> >>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>> >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Richard >>>>>>>> >>>>>>>> >>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>> > >>>>>>>> > First of all, thank you. However the problem continues. Can you >>>>>>>> examine the codes? >>>>>>>> > >>>>>>>> > >>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>> > * *********************************************************/ >>>>>>>> > vcl 4.0; >>>>>>>> > import std; >>>>>>>> > >>>>>>>> > backend default { >>>>>>>> > .host = "*******"; >>>>>>>> > .port = "8080"; >>>>>>>> > .connect_timeout = 600s; >>>>>>>> > .first_byte_timeout = 600s; >>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>> > .max_connections = 800; >>>>>>>> > } >>>>>>>> > >>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > acl purge { >>>>>>>> > "localhost"; >>>>>>>> > "127.0.0.1"; >>>>>>>> > } >>>>>>>> > >>>>>>>> > #THE RECV FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_recv { >>>>>>>> > >>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>> various checks >>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>>> ].*$", ""); >>>>>>>> > >>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>> > if (req.restarts == 0) { >>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>> > } else { >>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # Purge request check sections for hash_always_miss, purge and >>>>>>>> ban >>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>> > # ########################################################## >>>>>>>> > >>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > set req.hash_always_miss = true; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>> > } >>>>>>>> > return (purge); >>>>>>>> > >>>>>>>> > } >>>>>>>> > if (req.method == "BAN") { >>>>>>>> > # Same ACL check as above: >>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>> > } >>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>> > " && req.url == " + req.url); >>>>>>>> > >>>>>>>> > # Throw a synthetic page so the >>>>>>>> > # request won't go to the backend. >>>>>>>> > return(synth(200, "Ban added")); >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > # Unset cloudflare cookies >>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>>>> > >>>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>>> caching) uncomment >>>>>>>> > # return( pass ); >>>>>>>> > >>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>> > if (req.restarts == 0) { >>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>> > } else { >>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>> > return ( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>>>> want to cache them >>>>>>>> > >>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>> > return ( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING >>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>> > # ########################################################## >>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>>> > # No point in compressing these >>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>> > } else { >>>>>>>> > # unknown algorithm >>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method != "GET" && >>>>>>>> > req.method != "HEAD" && >>>>>>>> > req.method != "PUT" && >>>>>>>> > req.method != "POST" && >>>>>>>> > req.method != "TRACE" && >>>>>>>> > req.method != "OPTIONS" && >>>>>>>> > req.method != "DELETE") { >>>>>>>> > return (pipe); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>>> TOO, EITHER >>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>> > # ########################################################## >>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>> > return( pass ); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>> > # ########################################################## >>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>> > ){ >>>>>>>> > unset req.http.cookie; >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>> > # ########################################################## >>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>> > # ########################################################## >>>>>>>> > return (hash); >>>>>>>> > # This is for phpmyadmin >>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>> > return (pass); >>>>>>>> > } >>>>>>>> > >>>>>>>> > } >>>>>>>> > >>>>>>>> > # HIT FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_hit { >>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>> > # ########################################################## >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > # >>>>>>>> > # This is now handled in vcl_recv. >>>>>>>> > # >>>>>>>> > # purge; >>>>>>>> > return (synth(200, "Purged.")); >>>>>>>> > } >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # MISS FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_miss { >>>>>>>> > if (req.method == "PURGE") { >>>>>>>> > # >>>>>>>> > # This is now handled in vcl_recv. >>>>>>>> > # >>>>>>>> > # purge; >>>>>>>> > return (synth(200, "Purged.")); >>>>>>>> > } >>>>>>>> > return (fetch); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # FETCH FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_backend_response { >>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>> > # TO DO THIS >>>>>>>> > # ########################################################## >>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>> > >>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>> > # ########################################################## >>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>> "wordpress_logged_in" ) { >>>>>>>> > unset beresp.http.set-cookie; >>>>>>>> > set beresp.ttl = 52w; >>>>>>>> > # set beresp.grace =1w; >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>> > set beresp.uncacheable = true; >>>>>>>> > set beresp.ttl = 1w; >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>> > beresp.http.Set-Cookie || >>>>>>>> > beresp.http.Vary == "*") { >>>>>>>> > set beresp.ttl = 120 s; >>>>>>>> > # set beresp.ttl = 120s; >>>>>>>> > set beresp.uncacheable = true; >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> > >>>>>>>> > # DELIVER FUNCTION >>>>>>>> > # ########################################################## >>>>>>>> > sub vcl_deliver { >>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>> > # ########################################################## >>>>>>>> > if (obj.hits > 0) { >>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>> > # ########################################################## >>>>>>>> > } else { >>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>> > } >>>>>>>> > } >>>>>>>> > >>>>>>>> > >>>>>>>> > >>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>> >> >>>>>>>> >> correction: >>>>>>>> >> >>>>>>>> >> sub vcl_recv { >>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >> return (pass); >>>>>>>> >> } >>>>>>>> >> } >>>>>>>> >> >>>>>>>> >> sub vcl_backend_response { >>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>> >> set beresp.uncacheable = true; >>>>>>>> >> set beresp.ttl = 1w; >>>>>>>> >> return (deliver); >>>>>>>> >> } >>>>>>>> >> } >>>>>>>> >> >>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei wrote: >>>>>>>> >>> >>>>>>>> >>> Hello, >>>>>>>> >>> >>>>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>>>>> fix is: >>>>>>>> >>> >>>>>>>> >>> sub vcl_recv { >>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >>> return (pass); >>>>>>>> >>> } >>>>>>>> >>> } >>>>>>>> >>> >>>>>>>> >>> sub vcl_backend_response { >>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>> >>> return (deliver); >>>>>>>> >>> } >>>>>>>> >>> } >>>>>>>> >>> >>>>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>>>> specific to the application(s) which you are running. >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>> >>>> >>>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>>> xf_session but how? >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>>>>> >>>>> >>>>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>>>> tell it to pass. In your example you have a rule for the RSS feed. You can >>>>>>>> do the same for /forum/ in your vcl_recv block. >>>>>>>> >>>>> >>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>> * return ( pass ); * >>>>>>>> >>>>> *}* >>>>>>>> >>>>> >>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>> >>>>> return ( pass ); >>>>>>>> >>>>> } >>>>>>>> >>>>> >>>>>>>> >>>>> Cheers, >>>>>>>> >>>>> Richard >>>>>>>> >>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> Message: 1 >>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>> >>>>>> To: varnish-misc >>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>> >>>>>> Message-ID: >>>>>>>> >>>>>> >>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>> >>>>>> >>>>>>>> >>>>>> Hi, >>>>>>>> >>>>>> >>>>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>>>> for XenForo >>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>>>> current >>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>> >>>>>> >>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>> >>>>>> >>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>> >>>>>> * * ****************************** >>>>>>>> ***************************/* >>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>> >>>>>> *import std;* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *backend default {* >>>>>>>> >>>>>> * .host = "*******";* >>>>>>>> >>>>>> * .port = "8080";* >>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *acl purge {* >>>>>>>> >>>>>> * "localhost";* >>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used >>>>>>>> for various >>>>>>>> >>>>>> checks* >>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>> "[, ].*$", >>>>>>>> >>>>>> ""); * >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, purge >>>>>>>> and ban* >>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ >>>>>>>> >>>>>> purge) {* >>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>> >>>>>> * if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>> "1.2.3.4") ~ >>>>>>>> >>>>>> purge) {* >>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (purge);* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>> >>>>>> ~ purge) {* >>>>>>>> >>>>>> * return(synth(403, "Not allowed."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>> cookies.* >>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>>> "");* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>>>> (not caching) >>>>>>>> >>>>>> uncomment* >>>>>>>> >>>>>> * # return( pass );* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>>> * return ( pass ); * >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if >>>>>>>> you do want to >>>>>>>> >>>>>> cache them* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>> >>>>>> * return ( pass ); * >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING* >>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>> ETC.* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>> {* >>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>> >>>>>> * return (pipe);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>> >>>>>> * return (pass);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>> FETCH TOO, >>>>>>>> >>>>>> EITHER* >>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>> >>>>>> * return( pass );* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>> WP-LOGIN* >>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>> >>>>>> * ){* >>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>> >>>>>> * return (pass);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * return (hash);* >>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>> >>>>>> *return (pass);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>>>>> {* >>>>>>>> >>>>>> *return (pass);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # purge;* >>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> * #* >>>>>>>> >>>>>> * # purge;* >>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> * return (fetch);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>> WANT* >>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>> OF * >>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>> !bereq.http.cookie ~ >>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> >>>>>>>> >>>>>> * return (deliver);* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>> >>>>>> *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>> * >>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> >>>>>> * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> * } else {* >>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>> >>>>>> * }* >>>>>>>> >>>>>> *}* >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> Thanks, >>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>> >>>>>> URL: >>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>> attachment-0001.html> >>>>>>>> >>>>>> >>>>>>>> >>>>>> ------------------------------ >>>>>>>> >>>>>> >>>>>>>> >>>>>> Message: 2 >>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>> >>>>>> To: varnish-misc >>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>> >>>>>> Message-ID: >>>>>>>> >>>>>> >>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>> >>>>>> >>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>> However, solutions >>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>>>> help? >>>>>>>> >>>>>> >>>>>>>> >>>>>> xf_session_admin >>>>>>>> >>>>>> xf_user >>>>>>>> >>>>>> xf_session >>>>>>>> >>>>>> >>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in * >>>>>>>> domain.com/forum >>>>>>>> >>>>>> * >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> >>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>> >>>>>> >>>>>>>> >>>>>> > Hi, >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>> settings for XenForo >>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. My >>>>>>>> current >>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>> >>>>>> > * * ****************************** >>>>>>>> ***************************/* >>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>> >>>>>> > *import std;* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *backend default {* >>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *acl purge {* >>>>>>>> >>>>>> > * "localhost";* >>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be used >>>>>>>> for various >>>>>>>> >>>>>> > checks* >>>>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>> "[, ].*$", >>>>>>>> >>>>>> > ""); * >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>> purge and ban* >>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>> >>>>>> > purge) {* >>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>> >>>>>> > purge) {* >>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (purge);* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>> allowed."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>> cookies.* >>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>> "^;\s*", "");* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish passing >>>>>>>> (not caching) >>>>>>>> >>>>>> > uncomment* >>>>>>>> >>>>>> > * # return( pass );* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>>>> you do want to >>>>>>>> >>>>>> > cache them* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>> ACCEPT-ENCODING* >>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>> ETC.* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>> {* >>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>> >>>>>> > * return (pipe);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>> >>>>>> > * return (pass);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>> IN FETCH TOO, >>>>>>>> >>>>>> > EITHER* >>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>> >>>>>> > * return( pass );* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>> WP-LOGIN* >>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>> >>>>>> > * ){* >>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>> >>>>>> > * return (pass);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * return (hash);* >>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>> >>>>>> > *return (pass);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org ") >>>>>>>> {* >>>>>>>> >>>>>> > *return (pass);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # purge;* >>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>> >>>>>> > * #* >>>>>>>> >>>>>> > * # purge;* >>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > * return (fetch);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>> W3TC * >>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>> WANT* >>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>> OF * >>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>> !bereq.http.cookie ~ >>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > * return (deliver);* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>> >>>>>> > *# ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>> TEXT * >>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> >>>>>> > * # ############################## >>>>>>>> ############################* >>>>>>>> >>>>>> > * } else {* >>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>> >>>>>> > * }* >>>>>>>> >>>>>> > *}* >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > >>>>>>>> >>>>>> > Thanks, >>>>>>>> >>>>>> > >>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>> >>>>>> URL: >>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>> attachment.html> >>>>>>>> >>>>>> >>>>>>>> >>>>>> ------------------------------ >>>>>>>> >>>>>> >>>>>>>> >>>>>> _______________________________________________ >>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>> >>>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>>>>> >>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>> >>>>>> ********************************************* >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> >>>>>>>> >>>>> _______________________________________________ >>>>>>>> >>>>> varnish-misc mailing list >>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> >>>>>>>> >>>> _______________________________________________ >>>>>>>> >>>> varnish-misc mailing list >>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>> -misc >>>>>>>> >>> >>>>>>>> >>> >>>>>>>> >> >>>>>>>> > >>>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Thu Aug 4 19:50:05 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Thu, 4 Aug 2016 14:50:05 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: This was what I was talking about when I said you may need additional logic to handle both. You will need to add the cookie check along with the path for forum to that pass block. So something like... if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') { return (pass); } On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz wrote: > Yes, i want /forum to be MISS, there is no problem. However, Wordpress > (homepage) shows MISS too. > > 2016-08-04 22:34 GMT+03:00 Lane, Richard : > >> If you PASS then your request will not be cached. Varnish marks these >> non-cached items as a MISS since they go to the backend each time and >> therefore a miss and not a hit on cache. >> >> What were you expecting? Is this still requests with the forum cookies? >> >> If you want to cache request from logged in users you will need to add >> the specific user cookies to the hash so each user served their cached copy. >> >> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> If i use the given settings MISS appears in the Header. >>> >>> Accept-Ranges bytes >>> Age 0 >>> Cache-control private, max-age=0 >>> Content-Encoding gzip >>> Content-Length 10075 >>> Content-Type text/html; charset=UTF-8 >>> Date Thu, 04 Aug 2016 18:30:52 GMT >>> Expires Thu, 19 Nov 1981 08:52:00 GMT >>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >>> Server Apache/2 >>> Vary Accept-Encoding >>> Via 1.1 varnish-v4 >>> X-Cache MISS >>> >>> What do you suggest me to do? >>> >>> >>> >>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz : >>> >>>> Finally! >>>> Login function is now working with the following settings but X-Cache >>>> shows MISS instead of HIT. >>>> >>>> #THE RECV FUNCTION >>>> # ########################################################## >>>> sub vcl_recv { >>>> if( req.http.Cookie ~ "xf_(session|user)") { >>>> return (pass); >>>> } >>>> >>>> # FETCH FUNCTION >>>> # ########################################################## >>>> sub vcl_backend_response { >>>> >>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>> # TO DO THIS >>>> # ########################################################## >>>> set beresp.http.Vary = "Accept-Encoding"; >>>> >>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>>> # ########################################################## >>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>>> { set beresp.uncacheable = true; >>>> set beresp.ttl = 1w; >>>> return (deliver); >>>> } >>>> >>>> if (beresp.ttl <= 0s || >>>> beresp.http.Set-Cookie || >>>> beresp.http.Vary == "*") { >>>> set beresp.ttl = 120 s; >>>> # set beresp.ttl = 120s; >>>> set beresp.uncacheable = true; >>>> return (deliver); >>>> } >>>> >>>> return (deliver); >>>> } >>>> >>>> # DELIVER FUNCTION >>>> # ########################################################## >>>> sub vcl_deliver { >>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>> # IN THE HEADER (GREAT FOR DEBUGGING) >>>> # ########################################################## >>>> if (obj.hits > 0) { >>>> set resp.http.X-Cache = "HIT"; >>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>> # ########################################################## >>>> } else { >>>> set resp.http.X-Cache = "MISS"; >>>> } >>>> } >>>> >>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz : >>>> >>>>> Finally! >>>>> Login function is now working with the following settings but X-Cache >>>>> shows MISS instead of HIT. >>>>> >>>>> >>>>> *#THE RECV FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_recv { * >>>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>>> * return (pass);* >>>>> * }* >>>>> >>>>> >>>>> *# FETCH FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_backend_response { * >>>>> >>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>> * # TO DO THIS* >>>>> * # ##########################################################* >>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>> >>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>> * # ##########################################################* >>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>>> *{ set beresp.uncacheable = true;* >>>>> * set beresp.ttl = 1w;* >>>>> * return (deliver);* >>>>> * }* >>>>> >>>>> * if (beresp.ttl <= 0s ||* >>>>> * beresp.http.Set-Cookie ||* >>>>> * beresp.http.Vary == "*") {* >>>>> * set beresp.ttl = 120 s;* >>>>> * # set beresp.ttl = 120s;* >>>>> * set beresp.uncacheable = true;* >>>>> * return (deliver);* >>>>> * }* >>>>> >>>>> * return (deliver);* >>>>> *}* >>>>> >>>>> *# DELIVER FUNCTION* >>>>> *# ##########################################################* >>>>> *sub vcl_deliver {* >>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>> * # ##########################################################* >>>>> * if (obj.hits > 0) {* >>>>> * set resp.http.X-Cache = "HIT";* >>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>> * # ##########################################################* >>>>> * } else {* >>>>> * set resp.http.X-Cache = "MISS";* >>>>> * }* >>>>> *}* >>>>> >>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>>> >>>>>> I agree that the order of execution may be getting you here. If you >>>>>> need the WordPress rules then you may need to put additional logic to >>>>>> ensure non-wordpress applications are not negatively affected. >>>>>> >>>>>> What happens if you change the order of these two blocks? Put your >>>>>> Set-Cookie check block before the wp-login check. >>>>>> >>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>> > # ########################################################## >>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>> "wordpress_logged_in" ) { >>>>>> > unset beresp.http.set-cookie; >>>>>> > set beresp.ttl = 52w; >>>>>> > # set beresp.grace =1w; >>>>>> > } >>>>>> > >>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>> > set beresp.uncacheable = true; >>>>>> > set beresp.ttl = 1w; >>>>>> > return (deliver); >>>>>> > } >>>>>> >>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>>> >>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>>>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>>>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>>>>> not wordpress related. Again, you should really audit your entire VCL, and >>>>>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>>>>> using it. >>>>>>> >>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>> >>>>>>>> Log message: >>>>>>>> >>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>> - VCL_call RECV >>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>> est_cookie=WP+Cookie+check >>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>> est_cookie=WP+Cookie+check >>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>> est_cookie=WP+Cookie+check >>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>>> 95.5.187.232 >>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>>> - VCL_Log PPPAASS >>>>>>>> - VCL_return pass >>>>>>>> - VCL_call HASH >>>>>>>> - VCL_return lookup >>>>>>>> - VCL_call PASS >>>>>>>> - VCL_return fetch >>>>>>>> - Link bereq 524435 pass >>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>>> - RespProtocol HTTP/1.1 >>>>>>>> - RespStatus 200 >>>>>>>> - RespReason OK >>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>>> - RespHeader Server: Apache/2 >>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>>> -- >>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>> - VCL_call RECV >>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>> est_cookie=WP+Cookie+check >>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>> pps_times_showed_100=1; >>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>> est_cookie=WP+Cookie+check >>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>> pps_show_100=Th >>>>>>>> >>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>>> >>>>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>>>>> >>>>>>>>> maybe add this log message right before returning >>>>>>>>> >>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>>> return (pass); >>>>>>>>> >>>>>>>>> } >>>>>>>>> >>>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>>> found >>>>>>>>> >>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>> >>>>>>>>> >>>>>>>>> Cheers, >>>>>>>>> Richard >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>> > >>>>>>>>> > First of all, thank you. However the problem continues. Can you >>>>>>>>> examine the codes? >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>>> > * *********************************************************/ >>>>>>>>> > vcl 4.0; >>>>>>>>> > import std; >>>>>>>>> > >>>>>>>>> > backend default { >>>>>>>>> > .host = "*******"; >>>>>>>>> > .port = "8080"; >>>>>>>>> > .connect_timeout = 600s; >>>>>>>>> > .first_byte_timeout = 600s; >>>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>>> > .max_connections = 800; >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>>> > # ########################################################## >>>>>>>>> > acl purge { >>>>>>>>> > "localhost"; >>>>>>>>> > "127.0.0.1"; >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > #THE RECV FUNCTION >>>>>>>>> > # ########################################################## >>>>>>>>> > sub vcl_recv { >>>>>>>>> > >>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>> > return (pass); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>>> various checks >>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, >>>>>>>>> ].*$", ""); >>>>>>>>> > >>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>> > if (req.restarts == 0) { >>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>> > } else { >>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>> > } >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # Purge request check sections for hash_always_miss, purge and >>>>>>>>> ban >>>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>>> > # ########################################################## >>>>>>>>> > >>>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>> > set req.hash_always_miss = true; >>>>>>>>> > } >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>>> > } >>>>>>>>> > return (purge); >>>>>>>>> > >>>>>>>>> > } >>>>>>>>> > if (req.method == "BAN") { >>>>>>>>> > # Same ACL check as above: >>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>>> > } >>>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>>> > " && req.url == " + req.url); >>>>>>>>> > >>>>>>>>> > # Throw a synthetic page so the >>>>>>>>> > # request won't go to the backend. >>>>>>>>> > return(synth(200, "Ban added")); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > # Unset cloudflare cookies >>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>>>>> > >>>>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>>>> caching) uncomment >>>>>>>>> > # return( pass ); >>>>>>>>> > >>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>> > if (req.restarts == 0) { >>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>> > } else { >>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>> > } >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>>> > return ( pass ); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>>>>> want to cache them >>>>>>>>> > >>>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>>> > return ( pass ); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>> ACCEPT-ENCODING >>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>>> > # ########################################################## >>>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>>>> > # No point in compressing these >>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>>> > } else { >>>>>>>>> > # unknown algorithm >>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>> > } >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>>> > # ########################################################## >>>>>>>>> > if (req.method != "GET" && >>>>>>>>> > req.method != "HEAD" && >>>>>>>>> > req.method != "PUT" && >>>>>>>>> > req.method != "POST" && >>>>>>>>> > req.method != "TRACE" && >>>>>>>>> > req.method != "OPTIONS" && >>>>>>>>> > req.method != "DELETE") { >>>>>>>>> > return (pipe); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>>> > # ########################################################## >>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>>> > return (pass); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH >>>>>>>>> TOO, EITHER >>>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>>> > # ########################################################## >>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>> > return( pass ); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>>> > # ########################################################## >>>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>>> > ){ >>>>>>>>> > unset req.http.cookie; >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>>> > # ########################################################## >>>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>>> > return (pass); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>>> > # ########################################################## >>>>>>>>> > return (hash); >>>>>>>>> > # This is for phpmyadmin >>>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>>> > return (pass); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>>> > return (pass); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # HIT FUNCTION >>>>>>>>> > # ########################################################## >>>>>>>>> > sub vcl_hit { >>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>>> > # ########################################################## >>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>> > # >>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>> > # >>>>>>>>> > # purge; >>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>> > } >>>>>>>>> > return (deliver); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # MISS FUNCTION >>>>>>>>> > # ########################################################## >>>>>>>>> > sub vcl_miss { >>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>> > # >>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>> > # >>>>>>>>> > # purge; >>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>> > } >>>>>>>>> > return (fetch); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # FETCH FUNCTION >>>>>>>>> > # ########################################################## >>>>>>>>> > sub vcl_backend_response { >>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>>> > # TO DO THIS >>>>>>>>> > # ########################################################## >>>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>>> > >>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>> > # ########################################################## >>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>>> "wordpress_logged_in" ) { >>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>> > # set beresp.grace =1w; >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>> > return (deliver); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>>> > beresp.http.Set-Cookie || >>>>>>>>> > beresp.http.Vary == "*") { >>>>>>>>> > set beresp.ttl = 120 s; >>>>>>>>> > # set beresp.ttl = 120s; >>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>> > return (deliver); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > return (deliver); >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > # DELIVER FUNCTION >>>>>>>>> > # ########################################################## >>>>>>>>> > sub vcl_deliver { >>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>>> > # ########################################################## >>>>>>>>> > if (obj.hits > 0) { >>>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>>> > # ########################################################## >>>>>>>>> > } else { >>>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>>> > } >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > >>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>>> >> >>>>>>>>> >> correction: >>>>>>>>> >> >>>>>>>>> >> sub vcl_recv { >>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>> >> return (pass); >>>>>>>>> >> } >>>>>>>>> >> } >>>>>>>>> >> >>>>>>>>> >> sub vcl_backend_response { >>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>> >> set beresp.uncacheable = true; >>>>>>>>> >> set beresp.ttl = 1w; >>>>>>>>> >> return (deliver); >>>>>>>>> >> } >>>>>>>>> >> } >>>>>>>>> >> >>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei >>>>>>>>> wrote: >>>>>>>>> >>> >>>>>>>>> >>> Hello, >>>>>>>>> >>> >>>>>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>>>>>> fix is: >>>>>>>>> >>> >>>>>>>>> >>> sub vcl_recv { >>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>> >>> return (pass); >>>>>>>>> >>> } >>>>>>>>> >>> } >>>>>>>>> >>> >>>>>>>>> >>> sub vcl_backend_response { >>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>>> >>> return (deliver); >>>>>>>>> >>> } >>>>>>>>> >>> } >>>>>>>>> >>> >>>>>>>>> >>> However, I suggest auditing your VCL, and only including rules >>>>>>>>> specific to the application(s) which you are running. >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>> >>>> >>>>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>>>> xf_session but how? >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>>>>>> >>>>> >>>>>>>>> >>>>> If you want Varnish to ignore request for a path you need to >>>>>>>>> tell it to pass. In your example you have a rule for the RSS feed. You can >>>>>>>>> do the same for /forum/ in your vcl_recv block. >>>>>>>>> >>>>> >>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>> >>>>> * return ( pass ); * >>>>>>>>> >>>>> *}* >>>>>>>>> >>>>> >>>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>>> >>>>> return ( pass ); >>>>>>>>> >>>>> } >>>>>>>>> >>>>> >>>>>>>>> >>>>> Cheers, >>>>>>>>> >>>>> Richard >>>>>>>>> >>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Message: 1 >>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>>> >>>>>> Message-ID: >>>>>>>>> >>>>>> >>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Hi, >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl settings >>>>>>>>> for XenForo >>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>>>>> current >>>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>> >>>>>> * * ****************************** >>>>>>>>> ***************************/* >>>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>>> >>>>>> *import std;* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *backend default {* >>>>>>>>> >>>>>> * .host = "*******";* >>>>>>>>> >>>>>> * .port = "8080";* >>>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *acl purge {* >>>>>>>>> >>>>>> * "localhost";* >>>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used >>>>>>>>> for various >>>>>>>>> >>>>>> checks* >>>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>> "[, ].*$", >>>>>>>>> >>>>>> ""); * >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>> >>>>>> * } else {* >>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, >>>>>>>>> purge and ban* >>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>> >>>>>> * if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>> "1.2.3.4") ~ >>>>>>>>> >>>>>> purge) {* >>>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>> >>>>>> purge) {* >>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * return (purge);* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>>> >>>>>> ~ purge) {* >>>>>>>>> >>>>>> * return(synth(403, "Not >>>>>>>>> allowed."));* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>> cookies.* >>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>> "^;\s*", "");* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>>>>> (not caching) >>>>>>>>> >>>>>> uncomment* >>>>>>>>> >>>>>> * # return( pass );* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>> >>>>>> * } else {* >>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if >>>>>>>>> you do want to >>>>>>>>> >>>>>> cache them* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>> ACCEPT-ENCODING* >>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>> ETC.* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>> {* >>>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>>> >>>>>> * } else {* >>>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>>> >>>>>> * return (pipe);* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>> >>>>>> * return (pass);* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>>> FETCH TOO, >>>>>>>>> >>>>>> EITHER* >>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>> >>>>>> * return( pass );* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>> WP-LOGIN* >>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>>> >>>>>> * ){* >>>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>> >>>>>> * return (pass);* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * return (hash);* >>>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>>> >>>>>> *return (pass);* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>>>>>> {* >>>>>>>>> >>>>>> *return (pass);* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>> >>>>>> * #* >>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>> >>>>>> * #* >>>>>>>>> >>>>>> * # purge;* >>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>> >>>>>> * #* >>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>> >>>>>> * #* >>>>>>>>> >>>>>> * # purge;* >>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> * return (fetch);* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>> * >>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>>> WANT* >>>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>>> OF * >>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>> !bereq.http.cookie ~ >>>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>>> >>>>>> *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>> TEXT * >>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>> >>>>>> * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> * } else {* >>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>> >>>>>> * }* >>>>>>>>> >>>>>> *}* >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Thanks, >>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>> >>>>>> URL: >>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>>> attachment-0001.html> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> ------------------------------ >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Message: 2 >>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>>> >>>>>> Message-ID: >>>>>>>>> >>>>>> >>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>>> However, solutions >>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>>>>> help? >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> xf_session_admin >>>>>>>>> >>>>>> xf_user >>>>>>>>> >>>>>> xf_session >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work in >>>>>>>>> *domain.com/forum >>>>>>>>> >>>>>> * >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> > Hi, >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>>> settings for XenForo >>>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. >>>>>>>>> My current >>>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>> >>>>>> > * * ****************************** >>>>>>>>> ***************************/* >>>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>>> >>>>>> > *import std;* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *backend default {* >>>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *acl purge {* >>>>>>>>> >>>>>> > * "localhost";* >>>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be >>>>>>>>> used for various >>>>>>>>> >>>>>> > checks* >>>>>>>>> >>>>>> > *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>> "[, ].*$", >>>>>>>>> >>>>>> > ""); * >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>> >>>>>> > * } else {* >>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>>> purge and ban* >>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>> >>>>>> > purge) {* >>>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>> >>>>>> > purge) {* >>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * return (purge);* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>>> allowed."));* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>> cookies.* >>>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>> "^;\s*", "");* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish >>>>>>>>> passing (not caching) >>>>>>>>> >>>>>> > uncomment* >>>>>>>>> >>>>>> > * # return( pass );* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>> >>>>>> > * } else {* >>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines if >>>>>>>>> you do want to >>>>>>>>> >>>>>> > cache them* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>> ACCEPT-ENCODING* >>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>> ETC.* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>> {* >>>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>>> >>>>>> > * } else {* >>>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>>> >>>>>> > * return (pipe);* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>>> IN FETCH TOO, >>>>>>>>> >>>>>> > EITHER* >>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>> >>>>>> > * return( pass );* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>> WP-LOGIN* >>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>>> >>>>>> > * ){* >>>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * return (hash);* >>>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org < >>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>> >>>>>> > * #* >>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>> >>>>>> > * #* >>>>>>>>> >>>>>> > * # purge;* >>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>> >>>>>> > * #* >>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>> >>>>>> > * #* >>>>>>>>> >>>>>> > * # purge;* >>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > * return (fetch);* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>> W3TC * >>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>>> WANT* >>>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>> AMOUNT OF * >>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>> !bereq.http.cookie ~ >>>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>>> >>>>>> > *# ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>> TEXT * >>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>> >>>>>> > * # ############################## >>>>>>>>> ############################* >>>>>>>>> >>>>>> > * } else {* >>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>>> >>>>>> > * }* >>>>>>>>> >>>>>> > *}* >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> > Thanks, >>>>>>>>> >>>>>> > >>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>> >>>>>> URL: >>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>>> attachment.html> >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> ------------------------------ >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> _______________________________________________ >>>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>>> >>>>>> https://www.varnish-cache.org/ >>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>> >>>>>> >>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>>> >>>>>> ********************************************* >>>>>>>>> >>>>> >>>>>>>>> >>>>> >>>>>>>>> >>>>> >>>>>>>>> >>>>> _______________________________________________ >>>>>>>>> >>>>> varnish-misc mailing list >>>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>>> >>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>>> -misc >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> >>>>>>>>> >>>> _______________________________________________ >>>>>>>>> >>>> varnish-misc mailing list >>>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>>> -misc >>>>>>>>> >>> >>>>>>>>> >>> >>>>>>>>> >> >>>>>>>>> > >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 4 20:54:50 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 4 Aug 2016 23:54:50 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: I added the code but it FAILED. In fact, i want to make people to be able to login and register to /forum. When i use these codes that works but MISS appears at the same time. # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * *{ set beresp.uncacheable = true;* * set beresp.ttl = 1w;* * return (deliver);* * }* if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } 2016-08-04 22:50 GMT+03:00 Lane, Richard : > This was what I was talking about when I said you may need additional > logic to handle both. > > You will need to add the cookie check along with the path for forum to > that pass block. So something like... > > if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') { > return (pass); > } > > On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz > wrote: > >> Yes, i want /forum to be MISS, there is no problem. However, Wordpress >> (homepage) shows MISS too. >> >> 2016-08-04 22:34 GMT+03:00 Lane, Richard : >> >>> If you PASS then your request will not be cached. Varnish marks these >>> non-cached items as a MISS since they go to the backend each time and >>> therefore a miss and not a hit on cache. >>> >>> What were you expecting? Is this still requests with the forum cookies? >>> >>> If you want to cache request from logged in users you will need to add >>> the specific user cookies to the hash so each user served their cached copy. >>> >>> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> If i use the given settings MISS appears in the Header. >>>> >>>> Accept-Ranges bytes >>>> Age 0 >>>> Cache-control private, max-age=0 >>>> Content-Encoding gzip >>>> Content-Length 10075 >>>> Content-Type text/html; charset=UTF-8 >>>> Date Thu, 04 Aug 2016 18:30:52 GMT >>>> Expires Thu, 19 Nov 1981 08:52:00 GMT >>>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >>>> Server Apache/2 >>>> Vary Accept-Encoding >>>> Via 1.1 varnish-v4 >>>> X-Cache MISS >>>> >>>> What do you suggest me to do? >>>> >>>> >>>> >>>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz : >>>> >>>>> Finally! >>>>> Login function is now working with the following settings but X-Cache >>>>> shows MISS instead of HIT. >>>>> >>>>> #THE RECV FUNCTION >>>>> # ########################################################## >>>>> sub vcl_recv { >>>>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>> return (pass); >>>>> } >>>>> >>>>> # FETCH FUNCTION >>>>> # ########################################################## >>>>> sub vcl_backend_response { >>>>> >>>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>> # TO DO THIS >>>>> # ########################################################## >>>>> set beresp.http.Vary = "Accept-Encoding"; >>>>> >>>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>> # ########################################################## >>>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>>>> { set beresp.uncacheable = true; >>>>> set beresp.ttl = 1w; >>>>> return (deliver); >>>>> } >>>>> >>>>> if (beresp.ttl <= 0s || >>>>> beresp.http.Set-Cookie || >>>>> beresp.http.Vary == "*") { >>>>> set beresp.ttl = 120 s; >>>>> # set beresp.ttl = 120s; >>>>> set beresp.uncacheable = true; >>>>> return (deliver); >>>>> } >>>>> >>>>> return (deliver); >>>>> } >>>>> >>>>> # DELIVER FUNCTION >>>>> # ########################################################## >>>>> sub vcl_deliver { >>>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>> # IN THE HEADER (GREAT FOR DEBUGGING) >>>>> # ########################################################## >>>>> if (obj.hits > 0) { >>>>> set resp.http.X-Cache = "HIT"; >>>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>> # ########################################################## >>>>> } else { >>>>> set resp.http.X-Cache = "MISS"; >>>>> } >>>>> } >>>>> >>>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz >>>>> : >>>>> >>>>>> Finally! >>>>>> Login function is now working with the following settings but >>>>>> X-Cache shows MISS instead of HIT. >>>>>> >>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_recv { * >>>>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>>>> * return (pass);* >>>>>> * }* >>>>>> >>>>>> >>>>>> *# FETCH FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_backend_response { * >>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>> * # TO DO THIS* >>>>>> * # ##########################################################* >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>> * # ##########################################################* >>>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>>>> *{ set beresp.uncacheable = true;* >>>>>> * set beresp.ttl = 1w;* >>>>>> * return (deliver);* >>>>>> * }* >>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>> * beresp.http.Set-Cookie ||* >>>>>> * beresp.http.Vary == "*") {* >>>>>> * set beresp.ttl = 120 s;* >>>>>> * # set beresp.ttl = 120s;* >>>>>> * set beresp.uncacheable = true;* >>>>>> * return (deliver);* >>>>>> * }* >>>>>> >>>>>> * return (deliver);* >>>>>> *}* >>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>> *# ##########################################################* >>>>>> *sub vcl_deliver {* >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>> * # ##########################################################* >>>>>> * if (obj.hits > 0) {* >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>> * # ##########################################################* >>>>>> * } else {* >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>> * }* >>>>>> *}* >>>>>> >>>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>>>> >>>>>>> I agree that the order of execution may be getting you here. If you >>>>>>> need the WordPress rules then you may need to put additional logic to >>>>>>> ensure non-wordpress applications are not negatively affected. >>>>>>> >>>>>>> What happens if you change the order of these two blocks? Put your >>>>>>> Set-Cookie check block before the wp-login check. >>>>>>> >>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>> > # ########################################################## >>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>> "wordpress_logged_in" ) { >>>>>>> > unset beresp.http.set-cookie; >>>>>>> > set beresp.ttl = 52w; >>>>>>> > # set beresp.grace =1w; >>>>>>> > } >>>>>>> > >>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>> > set beresp.uncacheable = true; >>>>>>> > set beresp.ttl = 1w; >>>>>>> > return (deliver); >>>>>>> > } >>>>>>> >>>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>>>> >>>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not the >>>>>>>> first thing to run as you pasted earlier. Also, looking a bit closer, your >>>>>>>> issue the fact that you unset the cookie in vcl_backend_response if it's >>>>>>>> not wordpress related. Again, you should really audit your entire VCL, and >>>>>>>> remove unneeded stuff, like all the WordPress related rules if you're not >>>>>>>> using it. >>>>>>>> >>>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>> >>>>>>>>> Log message: >>>>>>>>> >>>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>> - VCL_call RECV >>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>>>> 95.5.187.232 >>>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>>>> - VCL_Log PPPAASS >>>>>>>>> - VCL_return pass >>>>>>>>> - VCL_call HASH >>>>>>>>> - VCL_return lookup >>>>>>>>> - VCL_call PASS >>>>>>>>> - VCL_return fetch >>>>>>>>> - Link bereq 524435 pass >>>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>>>> - RespProtocol HTTP/1.1 >>>>>>>>> - RespStatus 200 >>>>>>>>> - RespReason OK >>>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>>>> - RespHeader Server: Apache/2 >>>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>>>> -- >>>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 GMT >>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>> - VCL_call RECV >>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>> pps_times_showed_100=1; >>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>> pps_show_100=Th >>>>>>>>> >>>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>>>> >>>>>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>>>>>> >>>>>>>>>> maybe add this log message right before returning >>>>>>>>>> >>>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>>>> return (pass); >>>>>>>>>> >>>>>>>>>> } >>>>>>>>>> >>>>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>>>> found >>>>>>>>>> >>>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Cheers, >>>>>>>>>> Richard >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>> > >>>>>>>>>> > First of all, thank you. However the problem continues. Can you >>>>>>>>>> examine the codes? >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>>>> > * *********************************************************/ >>>>>>>>>> > vcl 4.0; >>>>>>>>>> > import std; >>>>>>>>>> > >>>>>>>>>> > backend default { >>>>>>>>>> > .host = "*******"; >>>>>>>>>> > .port = "8080"; >>>>>>>>>> > .connect_timeout = 600s; >>>>>>>>>> > .first_byte_timeout = 600s; >>>>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>>>> > .max_connections = 800; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>>>> > # ########################################################## >>>>>>>>>> > acl purge { >>>>>>>>>> > "localhost"; >>>>>>>>>> > "127.0.0.1"; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > #THE RECV FUNCTION >>>>>>>>>> > # ########################################################## >>>>>>>>>> > sub vcl_recv { >>>>>>>>>> > >>>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>> > return (pass); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>>>> various checks >>>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>> "[, ].*$", ""); >>>>>>>>>> > >>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>> > } else { >>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>> > } >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # Purge request check sections for hash_always_miss, purge and >>>>>>>>>> ban >>>>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>>>> > # ########################################################## >>>>>>>>>> > >>>>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>> > set req.hash_always_miss = true; >>>>>>>>>> > } >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>>>> > } >>>>>>>>>> > return (purge); >>>>>>>>>> > >>>>>>>>>> > } >>>>>>>>>> > if (req.method == "BAN") { >>>>>>>>>> > # Same ACL check as above: >>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>>>> > } >>>>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>>>> > " && req.url == " + req.url); >>>>>>>>>> > >>>>>>>>>> > # Throw a synthetic page so the >>>>>>>>>> > # request won't go to the backend. >>>>>>>>>> > return(synth(200, "Ban added")); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > # Unset cloudflare cookies >>>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >>>>>>>>>> > >>>>>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>>>>> caching) uncomment >>>>>>>>>> > # return( pass ); >>>>>>>>>> > >>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>> > } else { >>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>> > } >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>>>> > return ( pass ); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > ## Do not cache search results, comment these 3 lines if you do >>>>>>>>>> want to cache them >>>>>>>>>> > >>>>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>>>> > return ( pass ); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>> ACCEPT-ENCODING >>>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>>>>> > # No point in compressing these >>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>>>> > } else { >>>>>>>>>> > # unknown algorithm >>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>> > } >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (req.method != "GET" && >>>>>>>>>> > req.method != "HEAD" && >>>>>>>>>> > req.method != "PUT" && >>>>>>>>>> > req.method != "POST" && >>>>>>>>>> > req.method != "TRACE" && >>>>>>>>>> > req.method != "OPTIONS" && >>>>>>>>>> > req.method != "DELETE") { >>>>>>>>>> > return (pipe); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>>>> > return (pass); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>>>> FETCH TOO, EITHER >>>>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>>> > return( pass ); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>>>> > ){ >>>>>>>>>> > unset req.http.cookie; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>>>> > return (pass); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>>>> > # ########################################################## >>>>>>>>>> > return (hash); >>>>>>>>>> > # This is for phpmyadmin >>>>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>>>> > return (pass); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>>>> > return (pass); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # HIT FUNCTION >>>>>>>>>> > # ########################################################## >>>>>>>>>> > sub vcl_hit { >>>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>> > # >>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>> > # >>>>>>>>>> > # purge; >>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>> > } >>>>>>>>>> > return (deliver); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # MISS FUNCTION >>>>>>>>>> > # ########################################################## >>>>>>>>>> > sub vcl_miss { >>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>> > # >>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>> > # >>>>>>>>>> > # purge; >>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>> > } >>>>>>>>>> > return (fetch); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # FETCH FUNCTION >>>>>>>>>> > # ########################################################## >>>>>>>>>> > sub vcl_backend_response { >>>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>>>> > # TO DO THIS >>>>>>>>>> > # ########################################################## >>>>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>>>> > >>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>>>> "wordpress_logged_in" ) { >>>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>>> > # set beresp.grace =1w; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>>> > return (deliver); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>>>> > beresp.http.Set-Cookie || >>>>>>>>>> > beresp.http.Vary == "*") { >>>>>>>>>> > set beresp.ttl = 120 s; >>>>>>>>>> > # set beresp.ttl = 120s; >>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>> > return (deliver); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > return (deliver); >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > # DELIVER FUNCTION >>>>>>>>>> > # ########################################################## >>>>>>>>>> > sub vcl_deliver { >>>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (obj.hits > 0) { >>>>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>>>> > # ########################################################## >>>>>>>>>> > } else { >>>>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>>>> > } >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > >>>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>>>> >> >>>>>>>>>> >> correction: >>>>>>>>>> >> >>>>>>>>>> >> sub vcl_recv { >>>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>> >> return (pass); >>>>>>>>>> >> } >>>>>>>>>> >> } >>>>>>>>>> >> >>>>>>>>>> >> sub vcl_backend_response { >>>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>> >> set beresp.uncacheable = true; >>>>>>>>>> >> set beresp.ttl = 1w; >>>>>>>>>> >> return (deliver); >>>>>>>>>> >> } >>>>>>>>>> >> } >>>>>>>>>> >> >>>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei >>>>>>>>>> wrote: >>>>>>>>>> >>> >>>>>>>>>> >>> Hello, >>>>>>>>>> >>> >>>>>>>>>> >>> Aside from the provided VCL being for WordPress, while you're >>>>>>>>>> running XenForo, the xf_ cookies are being dropped by your config. A quick >>>>>>>>>> fix is: >>>>>>>>>> >>> >>>>>>>>>> >>> sub vcl_recv { >>>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>> >>> return (pass); >>>>>>>>>> >>> } >>>>>>>>>> >>> } >>>>>>>>>> >>> >>>>>>>>>> >>> sub vcl_backend_response { >>>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>>>> >>> return (deliver); >>>>>>>>>> >>> } >>>>>>>>>> >>> } >>>>>>>>>> >>> >>>>>>>>>> >>> However, I suggest auditing your VCL, and only including >>>>>>>>>> rules specific to the application(s) which you are running. >>>>>>>>>> >>> >>>>>>>>>> >>> >>>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>> >>>> >>>>>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>>>>> xf_session but how? >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard : >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> If you want Varnish to ignore request for a path you need >>>>>>>>>> to tell it to pass. In your example you have a rule for the RSS feed. You >>>>>>>>>> can do the same for /forum/ in your vcl_recv block. >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>> >>>>> * return ( pass ); * >>>>>>>>>> >>>>> *}* >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>>>> >>>>> return ( pass ); >>>>>>>>>> >>>>> } >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> Cheers, >>>>>>>>>> >>>>> Richard >>>>>>>>>> >>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Message: 1 >>>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>> >>>>>> >>>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Hi, >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl >>>>>>>>>> settings for XenForo >>>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. My >>>>>>>>>> current >>>>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>> >>>>>> * * ****************************** >>>>>>>>>> ***************************/* >>>>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>>>> >>>>>> *import std;* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *backend default {* >>>>>>>>>> >>>>>> * .host = "*******";* >>>>>>>>>> >>>>>> * .port = "8080";* >>>>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *acl purge {* >>>>>>>>>> >>>>>> * "localhost";* >>>>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be used >>>>>>>>>> for various >>>>>>>>>> >>>>>> checks* >>>>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>> "[, ].*$", >>>>>>>>>> >>>>>> ""); * >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>> >>>>>> * } else {* >>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, >>>>>>>>>> purge and ban* >>>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>> >>>>>> * if (client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>> >>>>>> purge) {* >>>>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>> >>>>>> purge) {* >>>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * return (purge);* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>>>> >>>>>> ~ purge) {* >>>>>>>>>> >>>>>> * return(synth(403, "Not >>>>>>>>>> allowed."));* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>> cookies.* >>>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>> "^;\s*", "");* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish passing >>>>>>>>>> (not caching) >>>>>>>>>> >>>>>> uncomment* >>>>>>>>>> >>>>>> * # return( pass );* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>> >>>>>> * } else {* >>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if >>>>>>>>>> you do want to >>>>>>>>>> >>>>>> cache them* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>> ACCEPT-ENCODING* >>>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>>> ETC.* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>> {* >>>>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>> >>>>>> * } else {* >>>>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>>>> >>>>>> * return (pipe);* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>>>> IN FETCH TOO, >>>>>>>>>> >>>>>> EITHER* >>>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>> >>>>>> * return( pass );* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>> WP-LOGIN* >>>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>>>> >>>>>> * ){* >>>>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * return (hash);* >>>>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org ") >>>>>>>>>> {* >>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> * #* >>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>> >>>>>> * #* >>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> * #* >>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>> >>>>>> * #* >>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> * return (fetch);* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>> W3TC * >>>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>>>> WANT* >>>>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT >>>>>>>>>> OF * >>>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>> TEXT * >>>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> * } else {* >>>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>>> >>>>>> * }* >>>>>>>>>> >>>>>> *}* >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Thanks, >>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>> >>>>>> URL: >>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>>>> attachment-0001.html> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Message: 2 >>>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>> >>>>>> >>>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>>>> However, solutions >>>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you please >>>>>>>>>> help? >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> xf_session_admin >>>>>>>>>> >>>>>> xf_user >>>>>>>>>> >>>>>> xf_session >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work >>>>>>>>>> in *domain.com/forum >>>>>>>>>> >>>>>> * >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> > Hi, >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>>>> settings for XenForo >>>>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. >>>>>>>>>> My current >>>>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>> >>>>>> > * * ****************************** >>>>>>>>>> ***************************/* >>>>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>>>> >>>>>> > *import std;* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *backend default {* >>>>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *acl purge {* >>>>>>>>>> >>>>>> > * "localhost";* >>>>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>> used for various >>>>>>>>>> >>>>>> > checks* >>>>>>>>>> >>>>>> > *set req.http.X-Actual-IP = >>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>> >>>>>> > ""); * >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>>>> purge and ban* >>>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * return (purge);* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>>>> allowed."));* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>> cookies.* >>>>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>> "^;\s*", "");* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish >>>>>>>>>> passing (not caching) >>>>>>>>>> >>>>>> > uncomment* >>>>>>>>>> >>>>>> > * # return( pass );* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines >>>>>>>>>> if you do want to >>>>>>>>>> >>>>>> > cache them* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>>> ETC.* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>> {* >>>>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>>>> >>>>>> > * return (pipe);* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>>>> IN FETCH TOO, >>>>>>>>>> >>>>>> > EITHER* >>>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>> >>>>>> > * return( pass );* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>> WP-LOGIN* >>>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>>>> >>>>>> > * ){* >>>>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * return (hash);* >>>>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> > * #* >>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>> >>>>>> > * #* >>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>> >>>>>> > * #* >>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>> >>>>>> > * #* >>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > * return (fetch);* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>> W3TC * >>>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>> NOT WANT* >>>>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>> AMOUNT OF * >>>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>> TEXT * >>>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>> ############################* >>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>>>> >>>>>> > * }* >>>>>>>>>> >>>>>> > *}* >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> > Thanks, >>>>>>>>>> >>>>>> > >>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>> >>>>>> URL: >>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>>>> attachment.html> >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> _______________________________________________ >>>>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>>>> >>>>>> https://www.varnish-cache.org/ >>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>> >>>>>> >>>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>>>> >>>>>> ********************************************* >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> >>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>> >>>>> varnish-misc mailing list >>>>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>>>> >>>>> https://www.varnish-cache.org/ >>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> >>>>>>>>>> >>>> _______________________________________________ >>>>>>>>>> >>>> varnish-misc mailing list >>>>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>>>> >>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish >>>>>>>>>> -misc >>>>>>>>>> >>> >>>>>>>>>> >>> >>>>>>>>>> >> >>>>>>>>>> > >>>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Fri Aug 5 07:44:43 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Fri, 5 Aug 2016 10:44:43 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Hi again, I deleted all the Wordpress records and only added the following to xenForo. People can now login to forum but Varnish shows MISS once again. What kind of setting should i use? /* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "*****'' .port = "8080"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 800; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # Unset cloudflare cookies # Remove has_js and CloudFlare/Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "ki1.org") { return (pass); } if (req.http.Host == "mysql.ki1.org") { return (pass); } } # HIT FUNCTION # ########################################################## sub vcl_hit { # IF THIS IS A PURGE REQUEST THEN DO THE PURGE # ########################################################## if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { if (beresp.http.Set-Cookie ~ "xf_(session|user)") { set beresp.uncacheable = true; set beresp.ttl = 1w; return (deliver); } # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } *Wordpress: * Accept-Ranges bytes Age 0 Cache-Control max-age=3600, public Connection keep-alive Content-Encoding gzip Content-Type text/html Date Fri, 05 Aug 2016 07:34:11 GMT Etag 9090a91bf774ce89d892f8dd7fedd527 Expires Fri, 05 Aug 2016 08:34:11 GMT Last-Modified Thu, 01 Jan 1970 00:00:00 GMT Pragma public Server Apache/2 Transfer-Encoding chunked Vary Accept-Encoding Via 1.1 varnish-v4 X-Cache MISS X-Powered-By W3 Total Cache/0.9.4.1 X-Varnish 3048080 *xenForo* Accept-Ranges bytes Age 0 Cache-control private, max-age=0 Connection keep-alive Content-Encoding gzip Content-Length 11721 Content-Type text/html; charset=UTF-8 Date Fri, 05 Aug 2016 07:35:03 GMT Expires Thu, 19 Nov 1981 08:52:00 GMT Last-Modified Fri, 05 Aug 2016 07:35:03 GMT Server Apache/2 Vary Accept-Encoding Via 1.1 varnish-v4 X-Cache MISS X-Frame-Options SAMEORIGIN X-Powered-By PHP/5.5.34 X-Varnish 3277302 2016-08-04 23:54 GMT+03:00 Ayberk Kimsesiz : > I added the code but it FAILED. In fact, i want to make people to be able > to login and register to /forum. > When i use these codes that works but MISS appears at the same time. > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * > *{ set beresp.uncacheable = true;* > * set beresp.ttl = 1w;* > * return (deliver);* > * }* > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > 2016-08-04 22:50 GMT+03:00 Lane, Richard : > >> This was what I was talking about when I said you may need additional >> logic to handle both. >> >> You will need to add the cookie check along with the path for forum to >> that pass block. So something like... >> >> if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') { >> return (pass); >> } >> >> On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz < >> ayberk.kimsesiz at gmail.com> wrote: >> >>> Yes, i want /forum to be MISS, there is no problem. However, Wordpress >>> (homepage) shows MISS too. >>> >>> 2016-08-04 22:34 GMT+03:00 Lane, Richard : >>> >>>> If you PASS then your request will not be cached. Varnish marks these >>>> non-cached items as a MISS since they go to the backend each time and >>>> therefore a miss and not a hit on cache. >>>> >>>> What were you expecting? Is this still requests with the forum cookies? >>>> >>>> If you want to cache request from logged in users you will need to add >>>> the specific user cookies to the hash so each user served their cached copy. >>>> >>>> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>>> If i use the given settings MISS appears in the Header. >>>>> >>>>> Accept-Ranges bytes >>>>> Age 0 >>>>> Cache-control private, max-age=0 >>>>> Content-Encoding gzip >>>>> Content-Length 10075 >>>>> Content-Type text/html; charset=UTF-8 >>>>> Date Thu, 04 Aug 2016 18:30:52 GMT >>>>> Expires Thu, 19 Nov 1981 08:52:00 GMT >>>>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >>>>> Server Apache/2 >>>>> Vary Accept-Encoding >>>>> Via 1.1 varnish-v4 >>>>> X-Cache MISS >>>>> >>>>> What do you suggest me to do? >>>>> >>>>> >>>>> >>>>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz >>>>> : >>>>> >>>>>> Finally! >>>>>> Login function is now working with the following settings but >>>>>> X-Cache shows MISS instead of HIT. >>>>>> >>>>>> #THE RECV FUNCTION >>>>>> # ########################################################## >>>>>> sub vcl_recv { >>>>>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>> return (pass); >>>>>> } >>>>>> >>>>>> # FETCH FUNCTION >>>>>> # ########################################################## >>>>>> sub vcl_backend_response { >>>>>> >>>>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>> # TO DO THIS >>>>>> # ########################################################## >>>>>> set beresp.http.Vary = "Accept-Encoding"; >>>>>> >>>>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>> # ########################################################## >>>>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>>>>> { set beresp.uncacheable = true; >>>>>> set beresp.ttl = 1w; >>>>>> return (deliver); >>>>>> } >>>>>> >>>>>> if (beresp.ttl <= 0s || >>>>>> beresp.http.Set-Cookie || >>>>>> beresp.http.Vary == "*") { >>>>>> set beresp.ttl = 120 s; >>>>>> # set beresp.ttl = 120s; >>>>>> set beresp.uncacheable = true; >>>>>> return (deliver); >>>>>> } >>>>>> >>>>>> return (deliver); >>>>>> } >>>>>> >>>>>> # DELIVER FUNCTION >>>>>> # ########################################################## >>>>>> sub vcl_deliver { >>>>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>> # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>> # ########################################################## >>>>>> if (obj.hits > 0) { >>>>>> set resp.http.X-Cache = "HIT"; >>>>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>> # ########################################################## >>>>>> } else { >>>>>> set resp.http.X-Cache = "MISS"; >>>>>> } >>>>>> } >>>>>> >>>>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz >>>>> >: >>>>>> >>>>>>> Finally! >>>>>>> Login function is now working with the following settings but >>>>>>> X-Cache shows MISS instead of HIT. >>>>>>> >>>>>>> >>>>>>> *#THE RECV FUNCTION* >>>>>>> *# ##########################################################* >>>>>>> *sub vcl_recv { * >>>>>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>>>>> * return (pass);* >>>>>>> * }* >>>>>>> >>>>>>> >>>>>>> *# FETCH FUNCTION* >>>>>>> *# ##########################################################* >>>>>>> *sub vcl_backend_response { * >>>>>>> >>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>>> * # TO DO THIS* >>>>>>> * # ##########################################################* >>>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>> >>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>> * # ##########################################################* >>>>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>>>>> *{ set beresp.uncacheable = true;* >>>>>>> * set beresp.ttl = 1w;* >>>>>>> * return (deliver);* >>>>>>> * }* >>>>>>> >>>>>>> * if (beresp.ttl <= 0s ||* >>>>>>> * beresp.http.Set-Cookie ||* >>>>>>> * beresp.http.Vary == "*") {* >>>>>>> * set beresp.ttl = 120 s;* >>>>>>> * # set beresp.ttl = 120s;* >>>>>>> * set beresp.uncacheable = true;* >>>>>>> * return (deliver);* >>>>>>> * }* >>>>>>> >>>>>>> * return (deliver);* >>>>>>> *}* >>>>>>> >>>>>>> *# DELIVER FUNCTION* >>>>>>> *# ##########################################################* >>>>>>> *sub vcl_deliver {* >>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>> * # ##########################################################* >>>>>>> * if (obj.hits > 0) {* >>>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>> * # ##########################################################* >>>>>>> * } else {* >>>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>> * }* >>>>>>> *}* >>>>>>> >>>>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>>>>> >>>>>>>> I agree that the order of execution may be getting you here. If you >>>>>>>> need the WordPress rules then you may need to put additional logic to >>>>>>>> ensure non-wordpress applications are not negatively affected. >>>>>>>> >>>>>>>> What happens if you change the order of these two blocks? Put your >>>>>>>> Set-Cookie check block before the wp-login check. >>>>>>>> >>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>> > # ########################################################## >>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>> "wordpress_logged_in" ) { >>>>>>>> > unset beresp.http.set-cookie; >>>>>>>> > set beresp.ttl = 52w; >>>>>>>> > # set beresp.grace =1w; >>>>>>>> > } >>>>>>>> > >>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>> > set beresp.uncacheable = true; >>>>>>>> > set beresp.ttl = 1w; >>>>>>>> > return (deliver); >>>>>>>> > } >>>>>>>> >>>>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>>>>> >>>>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not >>>>>>>>> the first thing to run as you pasted earlier. Also, looking a bit closer, >>>>>>>>> your issue the fact that you unset the cookie in vcl_backend_response if >>>>>>>>> it's not wordpress related. Again, you should really audit your entire VCL, >>>>>>>>> and remove unneeded stuff, like all the WordPress related rules if you're >>>>>>>>> not using it. >>>>>>>>> >>>>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>> >>>>>>>>>> Log message: >>>>>>>>>> >>>>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 >>>>>>>>>> GMT >>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>> - VCL_call RECV >>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>>>>> 95.5.187.232 >>>>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>>>>> - VCL_Log PPPAASS >>>>>>>>>> - VCL_return pass >>>>>>>>>> - VCL_call HASH >>>>>>>>>> - VCL_return lookup >>>>>>>>>> - VCL_call PASS >>>>>>>>>> - VCL_return fetch >>>>>>>>>> - Link bereq 524435 pass >>>>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>>>>> - RespProtocol HTTP/1.1 >>>>>>>>>> - RespStatus 200 >>>>>>>>>> - RespReason OK >>>>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>>>>> - RespHeader Server: Apache/2 >>>>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>>>>> -- >>>>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 >>>>>>>>>> GMT >>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>> - VCL_call RECV >>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>> pps_show_100=Th >>>>>>>>>> >>>>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>>>>> >>>>>>>>>>> I assume you reloaded/restarted Varnish after these changes were >>>>>>>>>>> made. If so, can you verify that you do have the cookies set on the request? >>>>>>>>>>> >>>>>>>>>>> maybe add this log message right before returning >>>>>>>>>>> >>>>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>>>>> return (pass); >>>>>>>>>>> >>>>>>>>>>> } >>>>>>>>>>> >>>>>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>>>>> found >>>>>>>>>>> >>>>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Cheers, >>>>>>>>>>> Richard >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>> > >>>>>>>>>>> > First of all, thank you. However the problem continues. Can >>>>>>>>>>> you examine the codes? >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>>>>> > * *********************************************************/ >>>>>>>>>>> > vcl 4.0; >>>>>>>>>>> > import std; >>>>>>>>>>> > >>>>>>>>>>> > backend default { >>>>>>>>>>> > .host = "*******"; >>>>>>>>>>> > .port = "8080"; >>>>>>>>>>> > .connect_timeout = 600s; >>>>>>>>>>> > .first_byte_timeout = 600s; >>>>>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>>>>> > .max_connections = 800; >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > acl purge { >>>>>>>>>>> > "localhost"; >>>>>>>>>>> > "127.0.0.1"; >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > #THE RECV FUNCTION >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > sub vcl_recv { >>>>>>>>>>> > >>>>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>> > return (pass); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>>>>> various checks >>>>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>>> "[, ].*$", ""); >>>>>>>>>>> > >>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>> > } else { >>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>> > } >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # Purge request check sections for hash_always_miss, purge >>>>>>>>>>> and ban >>>>>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > >>>>>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>> > set req.hash_always_miss = true; >>>>>>>>>>> > } >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>>>>> > } >>>>>>>>>>> > return (purge); >>>>>>>>>>> > >>>>>>>>>>> > } >>>>>>>>>>> > if (req.method == "BAN") { >>>>>>>>>>> > # Same ACL check as above: >>>>>>>>>>> > if (!client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { >>>>>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>>>>> > } >>>>>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>>>>> > " && req.url == " + req.url); >>>>>>>>>>> > >>>>>>>>>>> > # Throw a synthetic page so the >>>>>>>>>>> > # request won't go to the backend. >>>>>>>>>>> > return(synth(200, "Ban added")); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > # Unset cloudflare cookies >>>>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>>>>>> ""); >>>>>>>>>>> > >>>>>>>>>>> > # For Testing: If you want to test with Varnish passing (not >>>>>>>>>>> caching) uncomment >>>>>>>>>>> > # return( pass ); >>>>>>>>>>> > >>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>> > } else { >>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>> > } >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>>>>> > return ( pass ); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > ## Do not cache search results, comment these 3 lines if you >>>>>>>>>>> do want to cache them >>>>>>>>>>> > >>>>>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>>>>> > return ( pass ); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>>> ACCEPT-ENCODING >>>>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >>>>>>>>>>> > # No point in compressing these >>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>>>>> > } else { >>>>>>>>>>> > # unknown algorithm >>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>> > } >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (req.method != "GET" && >>>>>>>>>>> > req.method != "HEAD" && >>>>>>>>>>> > req.method != "PUT" && >>>>>>>>>>> > req.method != "POST" && >>>>>>>>>>> > req.method != "TRACE" && >>>>>>>>>>> > req.method != "OPTIONS" && >>>>>>>>>>> > req.method != "DELETE") { >>>>>>>>>>> > return (pipe); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>>>>> > return (pass); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>>>>> FETCH TOO, EITHER >>>>>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>>>> > return( pass ); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>>>>> > ){ >>>>>>>>>>> > unset req.http.cookie; >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>>>>> > return (pass); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > return (hash); >>>>>>>>>>> > # This is for phpmyadmin >>>>>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>>>>> > return (pass); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>>>>> > return (pass); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # HIT FUNCTION >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > sub vcl_hit { >>>>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>> > # >>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>> > # >>>>>>>>>>> > # purge; >>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>> > } >>>>>>>>>>> > return (deliver); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # MISS FUNCTION >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > sub vcl_miss { >>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>> > # >>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>> > # >>>>>>>>>>> > # purge; >>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>> > } >>>>>>>>>>> > return (fetch); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # FETCH FUNCTION >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > sub vcl_backend_response { >>>>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>>>>> > # TO DO THIS >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>>>>> > >>>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie >>>>>>>>>>> ~ "wordpress_logged_in" ) { >>>>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>>>> > # set beresp.grace =1w; >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>>>> > return (deliver); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>>>>> > beresp.http.Set-Cookie || >>>>>>>>>>> > beresp.http.Vary == "*") { >>>>>>>>>>> > set beresp.ttl = 120 s; >>>>>>>>>>> > # set beresp.ttl = 120s; >>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>> > return (deliver); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > return (deliver); >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > # DELIVER FUNCTION >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > sub vcl_deliver { >>>>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > if (obj.hits > 0) { >>>>>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>>>>> > # ########################################################## >>>>>>>>>>> > } else { >>>>>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>>>>> > } >>>>>>>>>>> > } >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > >>>>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>>>>> >> >>>>>>>>>>> >> correction: >>>>>>>>>>> >> >>>>>>>>>>> >> sub vcl_recv { >>>>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>> >> return (pass); >>>>>>>>>>> >> } >>>>>>>>>>> >> } >>>>>>>>>>> >> >>>>>>>>>>> >> sub vcl_backend_response { >>>>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>> >> set beresp.uncacheable = true; >>>>>>>>>>> >> set beresp.ttl = 1w; >>>>>>>>>>> >> return (deliver); >>>>>>>>>>> >> } >>>>>>>>>>> >> } >>>>>>>>>>> >> >>>>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei >>>>>>>>>>> wrote: >>>>>>>>>>> >>> >>>>>>>>>>> >>> Hello, >>>>>>>>>>> >>> >>>>>>>>>>> >>> Aside from the provided VCL being for WordPress, while >>>>>>>>>>> you're running XenForo, the xf_ cookies are being dropped by your config. A >>>>>>>>>>> quick fix is: >>>>>>>>>>> >>> >>>>>>>>>>> >>> sub vcl_recv { >>>>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>> >>> return (pass); >>>>>>>>>>> >>> } >>>>>>>>>>> >>> } >>>>>>>>>>> >>> >>>>>>>>>>> >>> sub vcl_backend_response { >>>>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>>>>> >>> return (deliver); >>>>>>>>>>> >>> } >>>>>>>>>>> >>> } >>>>>>>>>>> >>> >>>>>>>>>>> >>> However, I suggest auditing your VCL, and only including >>>>>>>>>>> rules specific to the application(s) which you are running. >>>>>>>>>>> >>> >>>>>>>>>>> >>> >>>>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> Users can't login or register to domain.com/forum with the >>>>>>>>>>> current settings. So we need to make a change related to xf_user and >>>>>>>>>>> xf_session but how? >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard >>>>>>>>>> >: >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> If you want Varnish to ignore request for a path you need >>>>>>>>>>> to tell it to pass. In your example you have a rule for the RSS feed. You >>>>>>>>>>> can do the same for /forum/ in your vcl_recv block. >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>> >>>>> * return ( pass ); * >>>>>>>>>>> >>>>> *}* >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>>>>> >>>>> return ( pass ); >>>>>>>>>>> >>>>> } >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> Cheers, >>>>>>>>>>> >>>>> Richard >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Message: 1 >>>>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>> >>>>>> >>>>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Hi, >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl >>>>>>>>>>> settings for XenForo >>>>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. >>>>>>>>>>> My current >>>>>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>> >>>>>> * * ****************************** >>>>>>>>>>> ***************************/* >>>>>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>>>>> >>>>>> *import std;* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *backend default {* >>>>>>>>>>> >>>>>> * .host = "*******";* >>>>>>>>>>> >>>>>> * .port = "8080";* >>>>>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *acl purge {* >>>>>>>>>>> >>>>>> * "localhost";* >>>>>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>> used for various >>>>>>>>>>> >>>>>> checks* >>>>>>>>>>> >>>>>> *set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>>> "[, ].*$", >>>>>>>>>>> >>>>>> ""); * >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, >>>>>>>>>>> purge and ban* >>>>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>> >>>>>> * if (client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * return (purge);* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>>>>> >>>>>> ~ purge) {* >>>>>>>>>>> >>>>>> * return(synth(403, "Not >>>>>>>>>>> allowed."));* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>> cookies.* >>>>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish >>>>>>>>>>> passing (not caching) >>>>>>>>>>> >>>>>> uncomment* >>>>>>>>>>> >>>>>> * # return( pass );* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines if >>>>>>>>>>> you do want to >>>>>>>>>>> >>>>>> cache them* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>>> ACCEPT-ENCODING* >>>>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>>>> ETC.* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>> {* >>>>>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>>>>> >>>>>> * return (pipe);* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>>>>> IN FETCH TOO, >>>>>>>>>>> >>>>>> EITHER* >>>>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>> >>>>>> * return( pass );* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>> WP-LOGIN* >>>>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>> >>>>>> * ){* >>>>>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * return (hash);* >>>>>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> * #* >>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>> >>>>>> * #* >>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> * #* >>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>> >>>>>> * #* >>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> * return (fetch);* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>>> W3TC * >>>>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT >>>>>>>>>>> WANT* >>>>>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>> AMOUNT OF * >>>>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>>> TEXT * >>>>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>>>> >>>>>> * }* >>>>>>>>>>> >>>>>> *}* >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Thanks, >>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>> >>>>>> URL: >>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>>>>> attachment-0001.html> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Message: 2 >>>>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>> >>>>>> >>>>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>>>>> However, solutions >>>>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you >>>>>>>>>>> please help? >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> xf_session_admin >>>>>>>>>>> >>>>>> xf_user >>>>>>>>>>> >>>>>> xf_session >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work >>>>>>>>>>> in *domain.com/forum >>>>>>>>>>> >>>>>> * >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> > Hi, >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>>>>> settings for XenForo >>>>>>>>>>> >>>>>> > Forums? No one can register to the forum at the moment. >>>>>>>>>>> My current >>>>>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>> >>>>>> > * * ****************************** >>>>>>>>>>> ***************************/* >>>>>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>>>>> >>>>>> > *import std;* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *backend default {* >>>>>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *acl purge {* >>>>>>>>>>> >>>>>> > * "localhost";* >>>>>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>> used for various >>>>>>>>>>> >>>>>> > checks* >>>>>>>>>>> >>>>>> > *set req.http.X-Actual-IP = >>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>>> >>>>>> > ""); * >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>>>>> purge and ban* >>>>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * return (purge);* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>>>>> allowed."));* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>> cookies.* >>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish >>>>>>>>>>> passing (not caching) >>>>>>>>>>> >>>>>> > uncomment* >>>>>>>>>>> >>>>>> > * # return( pass );* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines >>>>>>>>>>> if you do want to >>>>>>>>>>> >>>>>> > cache them* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, >>>>>>>>>>> AUDIO, ETC.* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>> {* >>>>>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>>>>> >>>>>> > * return (pipe);* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS >>>>>>>>>>> OCCURS IN FETCH TOO, >>>>>>>>>>> >>>>>> > EITHER* >>>>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>> >>>>>> > * return( pass );* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>> WP-LOGIN* >>>>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>> >>>>>> > * ){* >>>>>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * return (hash);* >>>>>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > * return (fetch);* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>>> W3TC * >>>>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>>> NOT WANT* >>>>>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>> AMOUNT OF * >>>>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>>> TEXT * >>>>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>> ############################* >>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> > Thanks, >>>>>>>>>>> >>>>>> > >>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>> >>>>>> URL: >>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>>>>> attachment.html> >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> _______________________________________________ >>>>>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>>>>> >>>>>> https://www.varnish-cache.org/ >>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>> >>>>>> >>>>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>>>>> >>>>>> ********************************************* >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> >>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>> >>>>> varnish-misc mailing list >>>>>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>>>>> >>>>> https://www.varnish-cache.org/ >>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> >>>>>>>>>>> >>>> _______________________________________________ >>>>>>>>>>> >>>> varnish-misc mailing list >>>>>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>>>>> >>>> https://www.varnish-cache.org/ >>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>> >>> >>>>>>>>>>> >>> >>>>>>>>>>> >> >>>>>>>>>>> > >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From rlane at ahbelo.com Fri Aug 5 12:36:58 2016 From: rlane at ahbelo.com (Lane, Richard) Date: Fri, 5 Aug 2016 07:36:58 -0500 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: Can you send more of the log that shows a full /request response of a MISS? This line right here is going to cause most request to be a MISS because it is only checking the existence of Cookie and not a specific cookie. # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } On Fri, Aug 5, 2016 at 2:44 AM, Ayberk Kimsesiz wrote: > Hi again, > > I deleted all the Wordpress records and only added the following to > xenForo. People can now login to forum but Varnish shows MISS once again. > What kind of setting should i use? > > /* SET THE HOST AND PORT OF WORDPRESS > * *********************************************************/ > vcl 4.0; > import std; > > backend default { > .host = "*****'' > .port = "8080"; > .connect_timeout = 600s; > .first_byte_timeout = 600s; > .between_bytes_timeout = 600s; > .max_connections = 800; > } > > # SET THE ALLOWED IP OF PURGE REQUESTS > # ########################################################## > acl purge { > "localhost"; > "127.0.0.1"; > } > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > > # set realIP by trimming CloudFlare IP which will be used for various > checks > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", > ""); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # Purge request check sections for hash_always_miss, purge and ban > # BLOCK IF NOT IP is not in purge acl > # ########################################################## > > # Enable smart refreshing using hash_always_miss > if (req.http.Cache-Control ~ "no-cache") { > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > set req.hash_always_miss = true; > } > } > > if (req.method == "PURGE") { > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > return(synth(405,"Not allowed.")); > } > return (purge); > > } > if (req.method == "BAN") { > # Same ACL check as above: > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ purge) { > return(synth(403, "Not allowed.")); > } > ban("req.http.host == " + req.http.host + > " && req.url == " + req.url); > > # Throw a synthetic page so the > # request won't go to the backend. > return(synth(200, "Ban added")); > } > > # Unset cloudflare cookies > # Remove has_js and CloudFlare/Google Analytics __* cookies. > set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > # Remove a ";" prefix, if present. > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > # For Testing: If you want to test with Varnish passing (not caching) > uncomment > # return( pass ); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # DO NOT CACHE RSS FEED > if (req.url ~ "/feed(/)?") { > return ( pass ); > } > > ## Do not cache search results, comment these 3 lines if you do want to > cache them > > if (req.url ~ "/\?s\=") { > return ( pass ); > } > > # CLEAN UP THE ENCODING HEADER. > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > # ########################################################## > if (req.http.Accept-Encoding) { > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > # No point in compressing these > unset req.http.Accept-Encoding; > } elsif (req.http.Accept-Encoding ~ "gzip") { > set req.http.Accept-Encoding = "gzip"; > } elsif (req.http.Accept-Encoding ~ "deflate") { > set req.http.Accept-Encoding = "deflate"; > } else { > # unknown algorithm > unset req.http.Accept-Encoding; > } > } > > # PIPE ALL NON-STANDARD REQUESTS > # ########################################################## > if (req.method != "GET" && > req.method != "HEAD" && > req.method != "PUT" && > req.method != "POST" && > req.method != "TRACE" && > req.method != "OPTIONS" && > req.method != "DELETE") { > return (pipe); > } > > # ONLY CACHE GET AND HEAD REQUESTS > # ########################################################## > if (req.method != "GET" && req.method != "HEAD") { > return (pass); > } > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER > # COMMENT OR UNCOMMENT BOTH > # ########################################################## > > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > # THEN UNSET THE COOKIES > # ########################################################## > > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > # ########################################################## > return (hash); > # This is for phpmyadmin > if (req.http.Host == "ki1.org") { > return (pass); > } > > if (req.http.Host == "mysql.ki1.org") { > return (pass); > } > > } > > # HIT FUNCTION > # ########################################################## > sub vcl_hit { > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > # ########################################################## > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (deliver); > } > > # MISS FUNCTION > # ########################################################## > sub vcl_miss { > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (fetch); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { > set beresp.uncacheable = true; > set beresp.ttl = 1w; > return (deliver); > } > > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > > *Wordpress: * > > Accept-Ranges bytes > Age 0 > Cache-Control max-age=3600, public > Connection keep-alive > Content-Encoding gzip > Content-Type text/html > Date Fri, 05 Aug 2016 07:34:11 GMT > Etag 9090a91bf774ce89d892f8dd7fedd527 > Expires Fri, 05 Aug 2016 08:34:11 GMT > Last-Modified Thu, 01 Jan 1970 00:00:00 GMT > Pragma public > Server Apache/2 > Transfer-Encoding chunked > Vary Accept-Encoding > Via 1.1 varnish-v4 > X-Cache MISS > X-Powered-By W3 Total Cache/0.9.4.1 > X-Varnish 3048080 > > *xenForo* > > Accept-Ranges bytes > Age 0 > Cache-control private, max-age=0 > Connection keep-alive > Content-Encoding gzip > Content-Length 11721 > Content-Type text/html; charset=UTF-8 > Date Fri, 05 Aug 2016 07:35:03 GMT > Expires Thu, 19 Nov 1981 08:52:00 GMT > Last-Modified Fri, 05 Aug 2016 07:35:03 GMT > Server Apache/2 > Vary Accept-Encoding > Via 1.1 varnish-v4 > X-Cache MISS > X-Frame-Options SAMEORIGIN > X-Powered-By PHP/5.5.34 > X-Varnish 3277302 > > > > > > > > 2016-08-04 23:54 GMT+03:00 Ayberk Kimsesiz : > >> I added the code but it FAILED. In fact, i want to make people to be able >> to login and register to /forum. >> When i use these codes that works but MISS appears at the same time. >> >> # FETCH FUNCTION >> # ########################################################## >> sub vcl_backend_response { >> >> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >> # TO DO THIS >> # ########################################################## >> set beresp.http.Vary = "Accept-Encoding"; >> >> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >> # TIME THIS PAGE WILL STAY CACHED (TTL) >> # ########################################################## >> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >> *{ set beresp.uncacheable = true;* >> * set beresp.ttl = 1w;* >> * return (deliver);* >> * }* >> >> if (beresp.ttl <= 0s || >> beresp.http.Set-Cookie || >> beresp.http.Vary == "*") { >> set beresp.ttl = 120 s; >> # set beresp.ttl = 120s; >> set beresp.uncacheable = true; >> return (deliver); >> } >> >> return (deliver); >> } >> >> # DELIVER FUNCTION >> # ########################################################## >> sub vcl_deliver { >> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >> # IN THE HEADER (GREAT FOR DEBUGGING) >> # ########################################################## >> if (obj.hits > 0) { >> set resp.http.X-Cache = "HIT"; >> # IF THIS IS A MISS RETURN THAT IN THE HEADER >> # ########################################################## >> } else { >> set resp.http.X-Cache = "MISS"; >> } >> } >> >> 2016-08-04 22:50 GMT+03:00 Lane, Richard : >> >>> This was what I was talking about when I said you may need additional >>> logic to handle both. >>> >>> You will need to add the cookie check along with the path for forum to >>> that pass block. So something like... >>> >>> if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') { >>> return (pass); >>> } >>> >>> On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz < >>> ayberk.kimsesiz at gmail.com> wrote: >>> >>>> Yes, i want /forum to be MISS, there is no problem. However, Wordpress >>>> (homepage) shows MISS too. >>>> >>>> 2016-08-04 22:34 GMT+03:00 Lane, Richard : >>>> >>>>> If you PASS then your request will not be cached. Varnish marks these >>>>> non-cached items as a MISS since they go to the backend each time and >>>>> therefore a miss and not a hit on cache. >>>>> >>>>> What were you expecting? Is this still requests with the forum cookies? >>>>> >>>>> If you want to cache request from logged in users you will need to add >>>>> the specific user cookies to the hash so each user served their cached copy. >>>>> >>>>> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz < >>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>> >>>>>> If i use the given settings MISS appears in the Header. >>>>>> >>>>>> Accept-Ranges bytes >>>>>> Age 0 >>>>>> Cache-control private, max-age=0 >>>>>> Content-Encoding gzip >>>>>> Content-Length 10075 >>>>>> Content-Type text/html; charset=UTF-8 >>>>>> Date Thu, 04 Aug 2016 18:30:52 GMT >>>>>> Expires Thu, 19 Nov 1981 08:52:00 GMT >>>>>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >>>>>> Server Apache/2 >>>>>> Vary Accept-Encoding >>>>>> Via 1.1 varnish-v4 >>>>>> X-Cache MISS >>>>>> >>>>>> What do you suggest me to do? >>>>>> >>>>>> >>>>>> >>>>>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz >>>>> >: >>>>>> >>>>>>> Finally! >>>>>>> Login function is now working with the following settings but >>>>>>> X-Cache shows MISS instead of HIT. >>>>>>> >>>>>>> #THE RECV FUNCTION >>>>>>> # ########################################################## >>>>>>> sub vcl_recv { >>>>>>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>> return (pass); >>>>>>> } >>>>>>> >>>>>>> # FETCH FUNCTION >>>>>>> # ########################################################## >>>>>>> sub vcl_backend_response { >>>>>>> >>>>>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>> # TO DO THIS >>>>>>> # ########################################################## >>>>>>> set beresp.http.Vary = "Accept-Encoding"; >>>>>>> >>>>>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>> # ########################################################## >>>>>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>>>>>> { set beresp.uncacheable = true; >>>>>>> set beresp.ttl = 1w; >>>>>>> return (deliver); >>>>>>> } >>>>>>> >>>>>>> if (beresp.ttl <= 0s || >>>>>>> beresp.http.Set-Cookie || >>>>>>> beresp.http.Vary == "*") { >>>>>>> set beresp.ttl = 120 s; >>>>>>> # set beresp.ttl = 120s; >>>>>>> set beresp.uncacheable = true; >>>>>>> return (deliver); >>>>>>> } >>>>>>> >>>>>>> return (deliver); >>>>>>> } >>>>>>> >>>>>>> # DELIVER FUNCTION >>>>>>> # ########################################################## >>>>>>> sub vcl_deliver { >>>>>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>> # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>> # ########################################################## >>>>>>> if (obj.hits > 0) { >>>>>>> set resp.http.X-Cache = "HIT"; >>>>>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>> # ########################################################## >>>>>>> } else { >>>>>>> set resp.http.X-Cache = "MISS"; >>>>>>> } >>>>>>> } >>>>>>> >>>>>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>> >>>>>>>> Finally! >>>>>>>> Login function is now working with the following settings but >>>>>>>> X-Cache shows MISS instead of HIT. >>>>>>>> >>>>>>>> >>>>>>>> *#THE RECV FUNCTION* >>>>>>>> *# ##########################################################* >>>>>>>> *sub vcl_recv { * >>>>>>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>>>>>> * return (pass);* >>>>>>>> * }* >>>>>>>> >>>>>>>> >>>>>>>> *# FETCH FUNCTION* >>>>>>>> *# ##########################################################* >>>>>>>> *sub vcl_backend_response { * >>>>>>>> >>>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>>>> * # TO DO THIS* >>>>>>>> * # ##########################################################* >>>>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>> >>>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>> * # ##########################################################* >>>>>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>>>>>> *{ set beresp.uncacheable = true;* >>>>>>>> * set beresp.ttl = 1w;* >>>>>>>> * return (deliver);* >>>>>>>> * }* >>>>>>>> >>>>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>> * beresp.http.Set-Cookie ||* >>>>>>>> * beresp.http.Vary == "*") {* >>>>>>>> * set beresp.ttl = 120 s;* >>>>>>>> * # set beresp.ttl = 120s;* >>>>>>>> * set beresp.uncacheable = true;* >>>>>>>> * return (deliver);* >>>>>>>> * }* >>>>>>>> >>>>>>>> * return (deliver);* >>>>>>>> *}* >>>>>>>> >>>>>>>> *# DELIVER FUNCTION* >>>>>>>> *# ##########################################################* >>>>>>>> *sub vcl_deliver {* >>>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>> * # ##########################################################* >>>>>>>> * if (obj.hits > 0) {* >>>>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>> * # ##########################################################* >>>>>>>> * } else {* >>>>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>> * }* >>>>>>>> *}* >>>>>>>> >>>>>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>>>>>> >>>>>>>>> I agree that the order of execution may be getting you here. If >>>>>>>>> you need the WordPress rules then you may need to put additional logic to >>>>>>>>> ensure non-wordpress applications are not negatively affected. >>>>>>>>> >>>>>>>>> What happens if you change the order of these two blocks? Put your >>>>>>>>> Set-Cookie check block before the wp-login check. >>>>>>>>> >>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>> > # ########################################################## >>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>>> "wordpress_logged_in" ) { >>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>> > # set beresp.grace =1w; >>>>>>>>> > } >>>>>>>>> > >>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>> > return (deliver); >>>>>>>>> > } >>>>>>>>> >>>>>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>>>>>> >>>>>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not >>>>>>>>>> the first thing to run as you pasted earlier. Also, looking a bit closer, >>>>>>>>>> your issue the fact that you unset the cookie in vcl_backend_response if >>>>>>>>>> it's not wordpress related. Again, you should really audit your entire VCL, >>>>>>>>>> and remove unneeded stuff, like all the WordPress related rules if you're >>>>>>>>>> not using it. >>>>>>>>>> >>>>>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Log message: >>>>>>>>>>> >>>>>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 >>>>>>>>>>> GMT >>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>>> - VCL_call RECV >>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>>>>>> 95.5.187.232 >>>>>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>>>>>> - VCL_Log PPPAASS >>>>>>>>>>> - VCL_return pass >>>>>>>>>>> - VCL_call HASH >>>>>>>>>>> - VCL_return lookup >>>>>>>>>>> - VCL_call PASS >>>>>>>>>>> - VCL_return fetch >>>>>>>>>>> - Link bereq 524435 pass >>>>>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>>>>>> - RespProtocol HTTP/1.1 >>>>>>>>>>> - RespStatus 200 >>>>>>>>>>> - RespReason OK >>>>>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>>>>>> - RespHeader Server: Apache/2 >>>>>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>>>>>> -- >>>>>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 >>>>>>>>>>> GMT >>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>>> - VCL_call RECV >>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>> pps_show_100=Th >>>>>>>>>>> >>>>>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>>>>>> >>>>>>>>>>>> I assume you reloaded/restarted Varnish after these changes >>>>>>>>>>>> were made. If so, can you verify that you do have the cookies set on the >>>>>>>>>>>> request? >>>>>>>>>>>> >>>>>>>>>>>> maybe add this log message right before returning >>>>>>>>>>>> >>>>>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>>>>>> return (pass); >>>>>>>>>>>> >>>>>>>>>>>> } >>>>>>>>>>>> >>>>>>>>>>>> Then you can use varnishlog command (below) to verify cookie is >>>>>>>>>>>> found >>>>>>>>>>>> >>>>>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Cheers, >>>>>>>>>>>> Richard >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>>> > >>>>>>>>>>>> > First of all, thank you. However the problem continues. Can >>>>>>>>>>>> you examine the codes? >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>>>>>> > * *********************************************************/ >>>>>>>>>>>> > vcl 4.0; >>>>>>>>>>>> > import std; >>>>>>>>>>>> > >>>>>>>>>>>> > backend default { >>>>>>>>>>>> > .host = "*******"; >>>>>>>>>>>> > .port = "8080"; >>>>>>>>>>>> > .connect_timeout = 600s; >>>>>>>>>>>> > .first_byte_timeout = 600s; >>>>>>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>>>>>> > .max_connections = 800; >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > acl purge { >>>>>>>>>>>> > "localhost"; >>>>>>>>>>>> > "127.0.0.1"; >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > #THE RECV FUNCTION >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > sub vcl_recv { >>>>>>>>>>>> > >>>>>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> > return (pass); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used for >>>>>>>>>>>> various checks >>>>>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>>>> "[, ].*$", ""); >>>>>>>>>>>> > >>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>>> > } else { >>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>>> > } >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # Purge request check sections for hash_always_miss, purge >>>>>>>>>>>> and ban >>>>>>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > >>>>>>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>>> > set req.hash_always_miss = true; >>>>>>>>>>>> > } >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>>>>>> > } >>>>>>>>>>>> > return (purge); >>>>>>>>>>>> > >>>>>>>>>>>> > } >>>>>>>>>>>> > if (req.method == "BAN") { >>>>>>>>>>>> > # Same ACL check as above: >>>>>>>>>>>> > if (!client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { >>>>>>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>>>>>> > } >>>>>>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>>>>>> > " && req.url == " + req.url); >>>>>>>>>>>> > >>>>>>>>>>>> > # Throw a synthetic page so the >>>>>>>>>>>> > # request won't go to the backend. >>>>>>>>>>>> > return(synth(200, "Ban added")); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > # Unset cloudflare cookies >>>>>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>>>>>>> ""); >>>>>>>>>>>> > >>>>>>>>>>>> > # For Testing: If you want to test with Varnish passing >>>>>>>>>>>> (not caching) uncomment >>>>>>>>>>>> > # return( pass ); >>>>>>>>>>>> > >>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>>> > } else { >>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>>> > } >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>>>>>> > return ( pass ); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > ## Do not cache search results, comment these 3 lines if you >>>>>>>>>>>> do want to cache them >>>>>>>>>>>> > >>>>>>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>>>>>> > return ( pass ); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>>>> ACCEPT-ENCODING >>>>>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>> { >>>>>>>>>>>> > # No point in compressing these >>>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>>>>>> > } else { >>>>>>>>>>>> > # unknown algorithm >>>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>>> > } >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (req.method != "GET" && >>>>>>>>>>>> > req.method != "HEAD" && >>>>>>>>>>>> > req.method != "PUT" && >>>>>>>>>>>> > req.method != "POST" && >>>>>>>>>>>> > req.method != "TRACE" && >>>>>>>>>>>> > req.method != "OPTIONS" && >>>>>>>>>>>> > req.method != "DELETE") { >>>>>>>>>>>> > return (pipe); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>>>>>> > return (pass); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>>>>>> FETCH TOO, EITHER >>>>>>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>>>>> > return( pass ); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>>>>>> > ){ >>>>>>>>>>>> > unset req.http.cookie; >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>>>>>> > return (pass); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > return (hash); >>>>>>>>>>>> > # This is for phpmyadmin >>>>>>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>>>>>> > return (pass); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>>>>>> > return (pass); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # HIT FUNCTION >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > sub vcl_hit { >>>>>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>> > # >>>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>>> > # >>>>>>>>>>>> > # purge; >>>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>>> > } >>>>>>>>>>>> > return (deliver); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # MISS FUNCTION >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > sub vcl_miss { >>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>> > # >>>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>>> > # >>>>>>>>>>>> > # purge; >>>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>>> > } >>>>>>>>>>>> > return (fetch); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # FETCH FUNCTION >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > sub vcl_backend_response { >>>>>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>>>>>> > # TO DO THIS >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>>>>>> > >>>>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie >>>>>>>>>>>> ~ "wordpress_logged_in" ) { >>>>>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>>>>> > # set beresp.grace =1w; >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>>>>> > return (deliver); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>>>>>> > beresp.http.Set-Cookie || >>>>>>>>>>>> > beresp.http.Vary == "*") { >>>>>>>>>>>> > set beresp.ttl = 120 s; >>>>>>>>>>>> > # set beresp.ttl = 120s; >>>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>>> > return (deliver); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > return (deliver); >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > # DELIVER FUNCTION >>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>> > sub vcl_deliver { >>>>>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > if (obj.hits > 0) { >>>>>>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>>>>>> > # ############################## >>>>>>>>>>>> ############################ >>>>>>>>>>>> > } else { >>>>>>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>>>>>> > } >>>>>>>>>>>> > } >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > >>>>>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>>>>>> >> >>>>>>>>>>>> >> correction: >>>>>>>>>>>> >> >>>>>>>>>>>> >> sub vcl_recv { >>>>>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> >> return (pass); >>>>>>>>>>>> >> } >>>>>>>>>>>> >> } >>>>>>>>>>>> >> >>>>>>>>>>>> >> sub vcl_backend_response { >>>>>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> >> set beresp.uncacheable = true; >>>>>>>>>>>> >> set beresp.ttl = 1w; >>>>>>>>>>>> >> return (deliver); >>>>>>>>>>>> >> } >>>>>>>>>>>> >> } >>>>>>>>>>>> >> >>>>>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei >>>>>>>>>>>> wrote: >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> Hello, >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> Aside from the provided VCL being for WordPress, while >>>>>>>>>>>> you're running XenForo, the xf_ cookies are being dropped by your config. A >>>>>>>>>>>> quick fix is: >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> sub vcl_recv { >>>>>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> >>> return (pass); >>>>>>>>>>>> >>> } >>>>>>>>>>>> >>> } >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> sub vcl_backend_response { >>>>>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>>>>>> >>> return (deliver); >>>>>>>>>>>> >>> } >>>>>>>>>>>> >>> } >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> However, I suggest auditing your VCL, and only including >>>>>>>>>>>> rules specific to the application(s) which you are running. >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> Users can't login or register to domain.com/forum with >>>>>>>>>>>> the current settings. So we need to make a change related to xf_user and >>>>>>>>>>>> xf_session but how? >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard >>>>>>>>>>> >: >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> If you want Varnish to ignore request for a path you need >>>>>>>>>>>> to tell it to pass. In your example you have a rule for the RSS feed. You >>>>>>>>>>>> can do the same for /forum/ in your vcl_recv block. >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>> >>>>> * return ( pass ); * >>>>>>>>>>>> >>>>> *}* >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>>>>>> >>>>> return ( pass ); >>>>>>>>>>>> >>>>> } >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> Cheers, >>>>>>>>>>>> >>>>> Richard >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Message: 1 >>>>>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>>> >>>>>> >>>>>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Hi, >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl >>>>>>>>>>>> settings for XenForo >>>>>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. >>>>>>>>>>>> My current >>>>>>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>>> >>>>>> * * ****************************** >>>>>>>>>>>> ***************************/* >>>>>>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>>>>>> >>>>>> *import std;* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *backend default {* >>>>>>>>>>>> >>>>>> * .host = "*******";* >>>>>>>>>>>> >>>>>> * .port = "8080";* >>>>>>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *acl purge {* >>>>>>>>>>>> >>>>>> * "localhost";* >>>>>>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>>> used for various >>>>>>>>>>>> >>>>>> checks* >>>>>>>>>>>> >>>>>> *set req.http.X-Actual-IP = >>>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>>>> >>>>>> ""); * >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, >>>>>>>>>>>> purge and ban* >>>>>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>>> >>>>>> * if (client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * return (purge);* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>>>>>> >>>>>> ~ purge) {* >>>>>>>>>>>> >>>>>> * return(synth(403, "Not >>>>>>>>>>>> allowed."));* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>>> cookies.* >>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish >>>>>>>>>>>> passing (not caching) >>>>>>>>>>>> >>>>>> uncomment* >>>>>>>>>>>> >>>>>> * # return( pass );* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines >>>>>>>>>>>> if you do want to >>>>>>>>>>>> >>>>>> cache them* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, >>>>>>>>>>>> ETC.* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>> {* >>>>>>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>>>>>> >>>>>> * return (pipe);* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS >>>>>>>>>>>> IN FETCH TOO, >>>>>>>>>>>> >>>>>> EITHER* >>>>>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>>> >>>>>> * return( pass );* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>>> WP-LOGIN* >>>>>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>>> >>>>>> * ){* >>>>>>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * return (hash);* >>>>>>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> * return (fetch);* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>>>> W3TC * >>>>>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>>>> NOT WANT* >>>>>>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>>> AMOUNT OF * >>>>>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>>>> TEXT * >>>>>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Thanks, >>>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>>> >>>>>> URL: >>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>>>>>> attachment-0001.html> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Message: 2 >>>>>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>>> >>>>>> >>>>>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> I need to add the followings to default.vcl for Xenforo. >>>>>>>>>>>> However, solutions >>>>>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you >>>>>>>>>>>> please help? >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> xf_session_admin >>>>>>>>>>>> >>>>>> xf_user >>>>>>>>>>>> >>>>>> xf_session >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't work >>>>>>>>>>>> in *domain.com/forum >>>>>>>>>>>> >>>>>> * >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> > Hi, >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>>>>>> settings for XenForo >>>>>>>>>>>> >>>>>> > Forums? No one can register to the forum at the >>>>>>>>>>>> moment. My current >>>>>>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>>> >>>>>> > * * ****************************** >>>>>>>>>>>> ***************************/* >>>>>>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>>>>>> >>>>>> > *import std;* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *backend default {* >>>>>>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *acl purge {* >>>>>>>>>>>> >>>>>> > * "localhost";* >>>>>>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>>> used for various >>>>>>>>>>>> >>>>>> > checks* >>>>>>>>>>>> >>>>>> > *set req.http.X-Actual-IP = >>>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>>>> >>>>>> > ""); * >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # Purge request check sections for hash_always_miss, >>>>>>>>>>>> purge and ban* >>>>>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * return (purge);* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>>>>>> allowed."));* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>>> cookies.* >>>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish >>>>>>>>>>>> passing (not caching) >>>>>>>>>>>> >>>>>> > uncomment* >>>>>>>>>>>> >>>>>> > * # return( pass );* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 lines >>>>>>>>>>>> if you do want to >>>>>>>>>>>> >>>>>> > cache them* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, >>>>>>>>>>>> AUDIO, ETC.* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>> {* >>>>>>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>>>>>> >>>>>> > * return (pipe);* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS >>>>>>>>>>>> OCCURS IN FETCH TOO, >>>>>>>>>>>> >>>>>> > EITHER* >>>>>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>>> >>>>>> > * return( pass );* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>>> WP-LOGIN* >>>>>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>>> >>>>>> > * ){* >>>>>>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE >>>>>>>>>>>> CACHED* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * return (hash);* >>>>>>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > * return (fetch);* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>>>> W3TC * >>>>>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>>>> NOT WANT* >>>>>>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>>> AMOUNT OF * >>>>>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A >>>>>>>>>>>> 'HIT' TEXT * >>>>>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>> ############################* >>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> > Thanks, >>>>>>>>>>>> >>>>>> > >>>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>>> >>>>>> URL: >>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>>>>>> attachment.html> >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> _______________________________________________ >>>>>>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>>>>>> >>>>>> https://www.varnish-cache.org/ >>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>> >>>>>> >>>>>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>>>>>> >>>>>> ********************************************* >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> >>>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>>> >>>>> varnish-misc mailing list >>>>>>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>>>>>> >>>>> https://www.varnish-cache.org/ >>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> >>>>>>>>>>>> >>>> _______________________________________________ >>>>>>>>>>>> >>>> varnish-misc mailing list >>>>>>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>>>>>> >>>> https://www.varnish-cache.org/ >>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>> >>> >>>>>>>>>>>> >>> >>>>>>>>>>>> >> >>>>>>>>>>>> > >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Fri Aug 5 19:01:07 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Fri, 5 Aug 2016 22:01:07 +0300 Subject: XenForo default.vcl settings In-Reply-To: References: Message-ID: This issue really wore me out :) What i want is the ability to login XenForo while Varnish continuing to work, so no MISS. Solutions here prevent Varnish from working. In fact, a very simple matter so again i want your help. To ensure Wordpress leaves cookie control to XenForo will be sufficient. *XenForo's login and register links:* /forum/login.php /forum/register.php *XenForo's cookie control:* xf_session *Wordpress login and register links:* wp-admin wp-login *Wordpress' cookie control:* wordpress_logged_in *1- if ( req.http.cookie ~ "wordpress_logged_in" ) {* * return( pass );* * }* *2- if (!(req.url ~ "wp-(login|admin)") * * && !(req.url ~ "&preview=true" ) * * ){* * unset req.http.cookie;* * }* *3- sub vcl_backend_response {* * if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ "wordpress_logged_in" ) {* * unset beresp.http.set-cookie;* * set beresp.ttl = 52w;* * }* 2016-08-05 15:36 GMT+03:00 Lane, Richard : > Can you send more of the log that shows a full /request response of a MISS? > > This line right here is going to cause most request to be a MISS because > it is only checking the existence of Cookie and not a specific cookie. > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > On Fri, Aug 5, 2016 at 2:44 AM, Ayberk Kimsesiz > wrote: > >> Hi again, >> >> I deleted all the Wordpress records and only added the following to >> xenForo. People can now login to forum but Varnish shows MISS once again. >> What kind of setting should i use? >> >> /* SET THE HOST AND PORT OF WORDPRESS >> * *********************************************************/ >> vcl 4.0; >> import std; >> >> backend default { >> .host = "*****'' >> .port = "8080"; >> .connect_timeout = 600s; >> .first_byte_timeout = 600s; >> .between_bytes_timeout = 600s; >> .max_connections = 800; >> } >> >> # SET THE ALLOWED IP OF PURGE REQUESTS >> # ########################################################## >> acl purge { >> "localhost"; >> "127.0.0.1"; >> } >> >> #THE RECV FUNCTION >> # ########################################################## >> sub vcl_recv { >> >> # set realIP by trimming CloudFlare IP which will be used for various >> checks >> set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", >> ""); >> >> # FORWARD THE IP OF THE REQUEST >> if (req.restarts == 0) { >> if (req.http.x-forwarded-for) { >> set req.http.X-Forwarded-For = >> req.http.X-Forwarded-For + ", " + client.ip; >> } else { >> set req.http.X-Forwarded-For = client.ip; >> } >> } >> >> # Purge request check sections for hash_always_miss, purge and ban >> # BLOCK IF NOT IP is not in purge acl >> # ########################################################## >> >> # Enable smart refreshing using hash_always_miss >> if (req.http.Cache-Control ~ "no-cache") { >> if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) { >> set req.hash_always_miss = true; >> } >> } >> >> if (req.method == "PURGE") { >> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >> purge) { >> return(synth(405,"Not allowed.")); >> } >> return (purge); >> >> } >> if (req.method == "BAN") { >> # Same ACL check as above: >> if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >> "1.2.3.4") ~ purge) { >> return(synth(403, "Not allowed.")); >> } >> ban("req.http.host == " + req.http.host + >> " && req.url == " + req.url); >> >> # Throw a synthetic page so the >> # request won't go to the backend. >> return(synth(200, "Ban added")); >> } >> >> # Unset cloudflare cookies >> # Remove has_js and CloudFlare/Google Analytics __* cookies. >> set req.http.Cookie = regsuball(req.http.Cookie, >> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >> # Remove a ";" prefix, if present. >> set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); >> >> # For Testing: If you want to test with Varnish passing (not caching) >> uncomment >> # return( pass ); >> >> # FORWARD THE IP OF THE REQUEST >> if (req.restarts == 0) { >> if (req.http.x-forwarded-for) { >> set req.http.X-Forwarded-For = >> req.http.X-Forwarded-For + ", " + client.ip; >> } else { >> set req.http.X-Forwarded-For = client.ip; >> } >> } >> >> # DO NOT CACHE RSS FEED >> if (req.url ~ "/feed(/)?") { >> return ( pass ); >> } >> >> ## Do not cache search results, comment these 3 lines if you do want to >> cache them >> >> if (req.url ~ "/\?s\=") { >> return ( pass ); >> } >> >> # CLEAN UP THE ENCODING HEADER. >> # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING >> # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >> # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >> # ########################################################## >> if (req.http.Accept-Encoding) { >> if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { >> # No point in compressing these >> unset req.http.Accept-Encoding; >> } elsif (req.http.Accept-Encoding ~ "gzip") { >> set req.http.Accept-Encoding = "gzip"; >> } elsif (req.http.Accept-Encoding ~ "deflate") { >> set req.http.Accept-Encoding = "deflate"; >> } else { >> # unknown algorithm >> unset req.http.Accept-Encoding; >> } >> } >> >> # PIPE ALL NON-STANDARD REQUESTS >> # ########################################################## >> if (req.method != "GET" && >> req.method != "HEAD" && >> req.method != "PUT" && >> req.method != "POST" && >> req.method != "TRACE" && >> req.method != "OPTIONS" && >> req.method != "DELETE") { >> return (pipe); >> } >> >> # ONLY CACHE GET AND HEAD REQUESTS >> # ########################################################## >> if (req.method != "GET" && req.method != "HEAD") { >> return (pass); >> } >> >> # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, >> EITHER >> # COMMENT OR UNCOMMENT BOTH >> # ########################################################## >> >> >> # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >> # THEN UNSET THE COOKIES >> # ########################################################## >> >> >> # IF BASIC AUTH IS ON THEN DO NOT CACHE >> # ########################################################## >> if (req.http.Authorization || req.http.Cookie) { >> return (pass); >> } >> >> # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >> # ########################################################## >> return (hash); >> # This is for phpmyadmin >> if (req.http.Host == "ki1.org") { >> return (pass); >> } >> >> if (req.http.Host == "mysql.ki1.org") { >> return (pass); >> } >> >> } >> >> # HIT FUNCTION >> # ########################################################## >> sub vcl_hit { >> # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >> # ########################################################## >> if (req.method == "PURGE") { >> # >> # This is now handled in vcl_recv. >> # >> # purge; >> return (synth(200, "Purged.")); >> } >> return (deliver); >> } >> >> # MISS FUNCTION >> # ########################################################## >> sub vcl_miss { >> if (req.method == "PURGE") { >> # >> # This is now handled in vcl_recv. >> # >> # purge; >> return (synth(200, "Purged.")); >> } >> return (fetch); >> } >> >> # FETCH FUNCTION >> # ########################################################## >> sub vcl_backend_response { >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >> set beresp.uncacheable = true; >> set beresp.ttl = 1w; >> return (deliver); >> } >> >> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >> # TO DO THIS >> # ########################################################## >> set beresp.http.Vary = "Accept-Encoding"; >> >> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >> # TIME THIS PAGE WILL STAY CACHED (TTL) >> # ########################################################## >> >> >> if (beresp.ttl <= 0s || >> beresp.http.Set-Cookie || >> beresp.http.Vary == "*") { >> set beresp.ttl = 120 s; >> # set beresp.ttl = 120s; >> set beresp.uncacheable = true; >> return (deliver); >> } >> >> return (deliver); >> } >> >> # DELIVER FUNCTION >> # ########################################################## >> sub vcl_deliver { >> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >> # IN THE HEADER (GREAT FOR DEBUGGING) >> # ########################################################## >> if (obj.hits > 0) { >> set resp.http.X-Cache = "HIT"; >> # IF THIS IS A MISS RETURN THAT IN THE HEADER >> # ########################################################## >> } else { >> set resp.http.X-Cache = "MISS"; >> } >> } >> >> >> *Wordpress: * >> >> Accept-Ranges bytes >> Age 0 >> Cache-Control max-age=3600, public >> Connection keep-alive >> Content-Encoding gzip >> Content-Type text/html >> Date Fri, 05 Aug 2016 07:34:11 GMT >> Etag 9090a91bf774ce89d892f8dd7fedd527 >> Expires Fri, 05 Aug 2016 08:34:11 GMT >> Last-Modified Thu, 01 Jan 1970 00:00:00 GMT >> Pragma public >> Server Apache/2 >> Transfer-Encoding chunked >> Vary Accept-Encoding >> Via 1.1 varnish-v4 >> X-Cache MISS >> X-Powered-By W3 Total Cache/0.9.4.1 >> X-Varnish 3048080 >> >> *xenForo* >> >> Accept-Ranges bytes >> Age 0 >> Cache-control private, max-age=0 >> Connection keep-alive >> Content-Encoding gzip >> Content-Length 11721 >> Content-Type text/html; charset=UTF-8 >> Date Fri, 05 Aug 2016 07:35:03 GMT >> Expires Thu, 19 Nov 1981 08:52:00 GMT >> Last-Modified Fri, 05 Aug 2016 07:35:03 GMT >> Server Apache/2 >> Vary Accept-Encoding >> Via 1.1 varnish-v4 >> X-Cache MISS >> X-Frame-Options SAMEORIGIN >> X-Powered-By PHP/5.5.34 >> X-Varnish 3277302 >> >> >> >> >> >> >> >> 2016-08-04 23:54 GMT+03:00 Ayberk Kimsesiz : >> >>> I added the code but it FAILED. In fact, i want to make people to be >>> able to login and register to /forum. >>> When i use these codes that works but MISS appears at the same time. >>> >>> # FETCH FUNCTION >>> # ########################################################## >>> sub vcl_backend_response { >>> >>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>> # TO DO THIS >>> # ########################################################## >>> set beresp.http.Vary = "Accept-Encoding"; >>> >>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>> # ########################################################## >>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>> *{ set beresp.uncacheable = true;* >>> * set beresp.ttl = 1w;* >>> * return (deliver);* >>> * }* >>> >>> if (beresp.ttl <= 0s || >>> beresp.http.Set-Cookie || >>> beresp.http.Vary == "*") { >>> set beresp.ttl = 120 s; >>> # set beresp.ttl = 120s; >>> set beresp.uncacheable = true; >>> return (deliver); >>> } >>> >>> return (deliver); >>> } >>> >>> # DELIVER FUNCTION >>> # ########################################################## >>> sub vcl_deliver { >>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>> # IN THE HEADER (GREAT FOR DEBUGGING) >>> # ########################################################## >>> if (obj.hits > 0) { >>> set resp.http.X-Cache = "HIT"; >>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>> # ########################################################## >>> } else { >>> set resp.http.X-Cache = "MISS"; >>> } >>> } >>> >>> 2016-08-04 22:50 GMT+03:00 Lane, Richard : >>> >>>> This was what I was talking about when I said you may need additional >>>> logic to handle both. >>>> >>>> You will need to add the cookie check along with the path for forum to >>>> that pass block. So something like... >>>> >>>> if( req.http.Cookie ~ "xf_(session|user)" && req.url ~ '^/forum.*') { >>>> return (pass); >>>> } >>>> >>>> On Thu, Aug 4, 2016 at 2:44 PM, Ayberk Kimsesiz < >>>> ayberk.kimsesiz at gmail.com> wrote: >>>> >>>>> Yes, i want /forum to be MISS, there is no problem. However, Wordpress >>>>> (homepage) shows MISS too. >>>>> >>>>> 2016-08-04 22:34 GMT+03:00 Lane, Richard : >>>>> >>>>>> If you PASS then your request will not be cached. Varnish marks these >>>>>> non-cached items as a MISS since they go to the backend each time and >>>>>> therefore a miss and not a hit on cache. >>>>>> >>>>>> What were you expecting? Is this still requests with the forum >>>>>> cookies? >>>>>> >>>>>> If you want to cache request from logged in users you will need to >>>>>> add the specific user cookies to the hash so each user served their cached >>>>>> copy. >>>>>> >>>>>> On Thu, Aug 4, 2016 at 2:16 PM, Ayberk Kimsesiz < >>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>> >>>>>>> If i use the given settings MISS appears in the Header. >>>>>>> >>>>>>> Accept-Ranges bytes >>>>>>> Age 0 >>>>>>> Cache-control private, max-age=0 >>>>>>> Content-Encoding gzip >>>>>>> Content-Length 10075 >>>>>>> Content-Type text/html; charset=UTF-8 >>>>>>> Date Thu, 04 Aug 2016 18:30:52 GMT >>>>>>> Expires Thu, 19 Nov 1981 08:52:00 GMT >>>>>>> Last-Modified Thu, 04 Aug 2016 18:30:52 GMT >>>>>>> Server Apache/2 >>>>>>> Vary Accept-Encoding >>>>>>> Via 1.1 varnish-v4 >>>>>>> X-Cache MISS >>>>>>> >>>>>>> What do you suggest me to do? >>>>>>> >>>>>>> >>>>>>> >>>>>>> 2016-08-04 19:07 GMT+03:00 Ayberk Kimsesiz < >>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>> >>>>>>>> Finally! >>>>>>>> Login function is now working with the following settings but >>>>>>>> X-Cache shows MISS instead of HIT. >>>>>>>> >>>>>>>> #THE RECV FUNCTION >>>>>>>> # ########################################################## >>>>>>>> sub vcl_recv { >>>>>>>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>> return (pass); >>>>>>>> } >>>>>>>> >>>>>>>> # FETCH FUNCTION >>>>>>>> # ########################################################## >>>>>>>> sub vcl_backend_response { >>>>>>>> >>>>>>>> # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>> # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>> # TO DO THIS >>>>>>>> # ########################################################## >>>>>>>> set beresp.http.Vary = "Accept-Encoding"; >>>>>>>> >>>>>>>> # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>> # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>> # ########################################################## >>>>>>>> if (beresp.http.Set-Cookie ~ "xf_(session|user)") >>>>>>>> { set beresp.uncacheable = true; >>>>>>>> set beresp.ttl = 1w; >>>>>>>> return (deliver); >>>>>>>> } >>>>>>>> >>>>>>>> if (beresp.ttl <= 0s || >>>>>>>> beresp.http.Set-Cookie || >>>>>>>> beresp.http.Vary == "*") { >>>>>>>> set beresp.ttl = 120 s; >>>>>>>> # set beresp.ttl = 120s; >>>>>>>> set beresp.uncacheable = true; >>>>>>>> return (deliver); >>>>>>>> } >>>>>>>> >>>>>>>> return (deliver); >>>>>>>> } >>>>>>>> >>>>>>>> # DELIVER FUNCTION >>>>>>>> # ########################################################## >>>>>>>> sub vcl_deliver { >>>>>>>> # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>> # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>> # ########################################################## >>>>>>>> if (obj.hits > 0) { >>>>>>>> set resp.http.X-Cache = "HIT"; >>>>>>>> # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>> # ########################################################## >>>>>>>> } else { >>>>>>>> set resp.http.X-Cache = "MISS"; >>>>>>>> } >>>>>>>> } >>>>>>>> >>>>>>>> 2016-08-04 18:47 GMT+03:00 Ayberk Kimsesiz < >>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>> >>>>>>>>> Finally! >>>>>>>>> Login function is now working with the following settings but >>>>>>>>> X-Cache shows MISS instead of HIT. >>>>>>>>> >>>>>>>>> >>>>>>>>> *#THE RECV FUNCTION* >>>>>>>>> *# ##########################################################* >>>>>>>>> *sub vcl_recv { * >>>>>>>>> * if( req.http.Cookie ~ "xf_(session|user)") {* >>>>>>>>> * return (pass);* >>>>>>>>> * }* >>>>>>>>> >>>>>>>>> >>>>>>>>> *# FETCH FUNCTION* >>>>>>>>> *# ##########################################################* >>>>>>>>> *sub vcl_backend_response { * >>>>>>>>> >>>>>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC * >>>>>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT* >>>>>>>>> * # TO DO THIS* >>>>>>>>> * # ##########################################################* >>>>>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>> >>>>>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF * >>>>>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>> * # ##########################################################* >>>>>>>>> *if (beresp.http.Set-Cookie ~ "xf_(session|user)") * >>>>>>>>> *{ set beresp.uncacheable = true;* >>>>>>>>> * set beresp.ttl = 1w;* >>>>>>>>> * return (deliver);* >>>>>>>>> * }* >>>>>>>>> >>>>>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>> * beresp.http.Vary == "*") {* >>>>>>>>> * set beresp.ttl = 120 s;* >>>>>>>>> * # set beresp.ttl = 120s;* >>>>>>>>> * set beresp.uncacheable = true;* >>>>>>>>> * return (deliver);* >>>>>>>>> * }* >>>>>>>>> >>>>>>>>> * return (deliver);* >>>>>>>>> *}* >>>>>>>>> >>>>>>>>> *# DELIVER FUNCTION* >>>>>>>>> *# ##########################################################* >>>>>>>>> *sub vcl_deliver {* >>>>>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT * >>>>>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>> * # ##########################################################* >>>>>>>>> * if (obj.hits > 0) {* >>>>>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>> * # ##########################################################* >>>>>>>>> * } else {* >>>>>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>> * }* >>>>>>>>> *}* >>>>>>>>> >>>>>>>>> 2016-08-04 18:02 GMT+03:00 Lane, Richard : >>>>>>>>> >>>>>>>>>> I agree that the order of execution may be getting you here. If >>>>>>>>>> you need the WordPress rules then you may need to put additional logic to >>>>>>>>>> ensure non-wordpress applications are not negatively affected. >>>>>>>>>> >>>>>>>>>> What happens if you change the order of these two blocks? Put >>>>>>>>>> your Set-Cookie check block before the wp-login check. >>>>>>>>>> >>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>>> > # ########################################################## >>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && !bereq.http.cookie ~ >>>>>>>>>> "wordpress_logged_in" ) { >>>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>>> > # set beresp.grace =1w; >>>>>>>>>> > } >>>>>>>>>> > >>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>>> > return (deliver); >>>>>>>>>> > } >>>>>>>>>> >>>>>>>>>> On Thu, Aug 4, 2016 at 9:50 AM, Andrei wrote: >>>>>>>>>> >>>>>>>>>>> The log output suggests the xf_ cookie check in vcl_recv is not >>>>>>>>>>> the first thing to run as you pasted earlier. Also, looking a bit closer, >>>>>>>>>>> your issue the fact that you unset the cookie in vcl_backend_response if >>>>>>>>>>> it's not wordpress related. Again, you should really audit your entire VCL, >>>>>>>>>>> and remove unneeded stuff, like all the WordPress related rules if you're >>>>>>>>>>> not using it. >>>>>>>>>>> >>>>>>>>>>> On Thu, Aug 4, 2016 at 9:43 AM, Ayberk Kimsesiz < >>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Log message: >>>>>>>>>>>> >>>>>>>>>>>> [root at ns1 ~]# varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>>>> - ReqHeader If-None-Match: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>>>> - ReqHeader If-Modified-Since: Wed, 03 Aug 2016 16:53:18 >>>>>>>>>>>> GMT >>>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>>>> - VCL_call RECV >>>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232, >>>>>>>>>>>> 95.5.187.232 >>>>>>>>>>>> - ReqUnset Accept-Encoding: gzip, deflate, sdch >>>>>>>>>>>> - ReqHeader Accept-Encoding: gzip >>>>>>>>>>>> - VCL_Log PPPAASS >>>>>>>>>>>> - VCL_return pass >>>>>>>>>>>> - VCL_call HASH >>>>>>>>>>>> - VCL_return lookup >>>>>>>>>>>> - VCL_call PASS >>>>>>>>>>>> - VCL_return fetch >>>>>>>>>>>> - Link bereq 524435 pass >>>>>>>>>>>> - Timestamp Fetch: 1470321283.617655 0.005758 0.005758 >>>>>>>>>>>> - RespProtocol HTTP/1.1 >>>>>>>>>>>> - RespStatus 200 >>>>>>>>>>>> - RespReason OK >>>>>>>>>>>> - RespHeader Date: Thu, 04 Aug 2016 14:34:43 GMT >>>>>>>>>>>> - RespHeader Server: Apache/2 >>>>>>>>>>>> - RespHeader Last-Modified: Wed, 03 Aug 2016 16:53:18 GMT >>>>>>>>>>>> - RespHeader ETag: "1787d-5392dab8f2b4e-gzip" >>>>>>>>>>>> - RespHeader Accept-Ranges: bytes >>>>>>>>>>>> -- >>>>>>>>>>>> - ReqHeader If-Modified-Since: Thu, 04 Aug 2016 09:32:51 >>>>>>>>>>>> GMT >>>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232 >>>>>>>>>>>> - VCL_call RECV >>>>>>>>>>>> - ReqHeader X-Actual-IP: 95.5.187.232 >>>>>>>>>>>> - ReqUnset X-Forwarded-For: 95.5.187.232 >>>>>>>>>>>> - ReqHeader X-Forwarded-For: 95.5.187.232, 95.5.187.232 >>>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> __gads=ID=83a3a88cd0381f62:T=1470300206:S=ALNI_MawbfRUla >>>>>>>>>>>> wFoW2XT0IpqCIsH5v7bQ; xf_session= >>>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>>> - ReqUnset Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> u%20Aug%2004%202016%2010%3A05%3A38%20GMT+0300%20%28Turkey%20Daylight%20Time%29; >>>>>>>>>>>> pps_times_showed_100=1; >>>>>>>>>>>> xf_session=87bea6639553d44d72f0d612924b52ac; wordpress_t >>>>>>>>>>>> est_cookie=WP+Cookie+check >>>>>>>>>>>> - ReqHeader Cookie: PHPSESSID=mvdt2ok0h7qpje8aej6s7hdd73; >>>>>>>>>>>> pps_show_100=Th >>>>>>>>>>>> >>>>>>>>>>>> 2016-08-04 17:24 GMT+03:00 Lane, Richard : >>>>>>>>>>>> >>>>>>>>>>>>> I assume you reloaded/restarted Varnish after these changes >>>>>>>>>>>>> were made. If so, can you verify that you do have the cookies set on the >>>>>>>>>>>>> request? >>>>>>>>>>>>> >>>>>>>>>>>>> maybe add this log message right before returning >>>>>>>>>>>>> >>>>>>>>>>>>> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> std.log( "PPPAASS Cookie set for forum"); >>>>>>>>>>>>> return (pass); >>>>>>>>>>>>> >>>>>>>>>>>>> } >>>>>>>>>>>>> >>>>>>>>>>>>> Then you can use varnishlog command (below) to verify cookie >>>>>>>>>>>>> is found >>>>>>>>>>>>> >>>>>>>>>>>>> varnishlog | grep -A15 -B15 "PPPAASS" >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> Cheers, >>>>>>>>>>>>> Richard >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Thu, Aug 4, 2016 at 9:06 AM, Ayberk Kimsesiz < >>>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>>>> > >>>>>>>>>>>>> > First of all, thank you. However the problem continues. Can >>>>>>>>>>>>> you examine the codes? >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > /* SET THE HOST AND PORT OF WORDPRESS >>>>>>>>>>>>> > * ****************************** >>>>>>>>>>>>> ***************************/ >>>>>>>>>>>>> > vcl 4.0; >>>>>>>>>>>>> > import std; >>>>>>>>>>>>> > >>>>>>>>>>>>> > backend default { >>>>>>>>>>>>> > .host = "*******"; >>>>>>>>>>>>> > .port = "8080"; >>>>>>>>>>>>> > .connect_timeout = 600s; >>>>>>>>>>>>> > .first_byte_timeout = 600s; >>>>>>>>>>>>> > .between_bytes_timeout = 600s; >>>>>>>>>>>>> > .max_connections = 800; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # SET THE ALLOWED IP OF PURGE REQUESTS >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > acl purge { >>>>>>>>>>>>> > "localhost"; >>>>>>>>>>>>> > "127.0.0.1"; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > #THE RECV FUNCTION >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > sub vcl_recv { >>>>>>>>>>>>> > >>>>>>>>>>>>> > if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> > return (pass); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # set realIP by trimming CloudFlare IP which will be used >>>>>>>>>>>>> for various checks >>>>>>>>>>>>> > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, >>>>>>>>>>>>> "[, ].*$", ""); >>>>>>>>>>>>> > >>>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>>>> > } else { >>>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # Purge request check sections for hash_always_miss, purge >>>>>>>>>>>>> and ban >>>>>>>>>>>>> > # BLOCK IF NOT IP is not in purge acl >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > >>>>>>>>>>>>> > # Enable smart refreshing using hash_always_miss >>>>>>>>>>>>> > if (req.http.Cache-Control ~ "no-cache") { >>>>>>>>>>>>> > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>>>> > set req.hash_always_miss = true; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>>> > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>>> "1.2.3.4") ~ purge) { >>>>>>>>>>>>> > return(synth(405,"Not allowed.")); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > return (purge); >>>>>>>>>>>>> > >>>>>>>>>>>>> > } >>>>>>>>>>>>> > if (req.method == "BAN") { >>>>>>>>>>>>> > # Same ACL check as above: >>>>>>>>>>>>> > if (!client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { >>>>>>>>>>>>> > return(synth(403, "Not allowed.")); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > ban("req.http.host == " + req.http.host + >>>>>>>>>>>>> > " && req.url == " + req.url); >>>>>>>>>>>>> > >>>>>>>>>>>>> > # Throw a synthetic page so the >>>>>>>>>>>>> > # request won't go to the backend. >>>>>>>>>>>>> > return(synth(200, "Ban added")); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > # Unset cloudflare cookies >>>>>>>>>>>>> > # Remove has_js and CloudFlare/Google Analytics __* cookies. >>>>>>>>>>>>> > set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); >>>>>>>>>>>>> > # Remove a ";" prefix, if present. >>>>>>>>>>>>> > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", >>>>>>>>>>>>> ""); >>>>>>>>>>>>> > >>>>>>>>>>>>> > # For Testing: If you want to test with Varnish passing >>>>>>>>>>>>> (not caching) uncomment >>>>>>>>>>>>> > # return( pass ); >>>>>>>>>>>>> > >>>>>>>>>>>>> > # FORWARD THE IP OF THE REQUEST >>>>>>>>>>>>> > if (req.restarts == 0) { >>>>>>>>>>>>> > if (req.http.x-forwarded-for) { >>>>>>>>>>>>> > set req.http.X-Forwarded-For = >>>>>>>>>>>>> > req.http.X-Forwarded-For + ", " + client.ip; >>>>>>>>>>>>> > } else { >>>>>>>>>>>>> > set req.http.X-Forwarded-For = client.ip; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # DO NOT CACHE RSS FEED >>>>>>>>>>>>> > if (req.url ~ "/feed(/)?") { >>>>>>>>>>>>> > return ( pass ); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > ## Do not cache search results, comment these 3 lines if you >>>>>>>>>>>>> do want to cache them >>>>>>>>>>>>> > >>>>>>>>>>>>> > if (req.url ~ "/\?s\=") { >>>>>>>>>>>>> > return ( pass ); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # CLEAN UP THE ENCODING HEADER. >>>>>>>>>>>>> > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY >>>>>>>>>>>>> ACCEPT-ENCODING >>>>>>>>>>>>> > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH >>>>>>>>>>>>> > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (req.http.Accept-Encoding) { >>>>>>>>>>>>> > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>>> { >>>>>>>>>>>>> > # No point in compressing these >>>>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "gzip") { >>>>>>>>>>>>> > set req.http.Accept-Encoding = "gzip"; >>>>>>>>>>>>> > } elsif (req.http.Accept-Encoding ~ "deflate") { >>>>>>>>>>>>> > set req.http.Accept-Encoding = "deflate"; >>>>>>>>>>>>> > } else { >>>>>>>>>>>>> > # unknown algorithm >>>>>>>>>>>>> > unset req.http.Accept-Encoding; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # PIPE ALL NON-STANDARD REQUESTS >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (req.method != "GET" && >>>>>>>>>>>>> > req.method != "HEAD" && >>>>>>>>>>>>> > req.method != "PUT" && >>>>>>>>>>>>> > req.method != "POST" && >>>>>>>>>>>>> > req.method != "TRACE" && >>>>>>>>>>>>> > req.method != "OPTIONS" && >>>>>>>>>>>>> > req.method != "DELETE") { >>>>>>>>>>>>> > return (pipe); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # ONLY CACHE GET AND HEAD REQUESTS >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (req.method != "GET" && req.method != "HEAD") { >>>>>>>>>>>>> > return (pass); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN >>>>>>>>>>>>> FETCH TOO, EITHER >>>>>>>>>>>>> > # COMMENT OR UNCOMMENT BOTH >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if ( req.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>>>>>> > return( pass ); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN >>>>>>>>>>>>> > # THEN UNSET THE COOKIES >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (!(req.url ~ "wp-(login|admin)") >>>>>>>>>>>>> > && !(req.url ~ "&preview=true" ) >>>>>>>>>>>>> > ){ >>>>>>>>>>>>> > unset req.http.cookie; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # IF BASIC AUTH IS ON THEN DO NOT CACHE >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (req.http.Authorization || req.http.Cookie) { >>>>>>>>>>>>> > return (pass); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > return (hash); >>>>>>>>>>>>> > # This is for phpmyadmin >>>>>>>>>>>>> > if (req.http.Host == "ki1.org") { >>>>>>>>>>>>> > return (pass); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > if (req.http.Host == "mysql.ki1.org") { >>>>>>>>>>>>> > return (pass); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # HIT FUNCTION >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > sub vcl_hit { >>>>>>>>>>>>> > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>>> > # >>>>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>>>> > # >>>>>>>>>>>>> > # purge; >>>>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > return (deliver); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # MISS FUNCTION >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > sub vcl_miss { >>>>>>>>>>>>> > if (req.method == "PURGE") { >>>>>>>>>>>>> > # >>>>>>>>>>>>> > # This is now handled in vcl_recv. >>>>>>>>>>>>> > # >>>>>>>>>>>>> > # purge; >>>>>>>>>>>>> > return (synth(200, "Purged.")); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > return (fetch); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # FETCH FUNCTION >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > sub vcl_backend_response { >>>>>>>>>>>>> > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC >>>>>>>>>>>>> > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT >>>>>>>>>>>>> > # TO DO THIS >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > set beresp.http.Vary = "Accept-Encoding"; >>>>>>>>>>>>> > >>>>>>>>>>>>> > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF >>>>>>>>>>>>> > # TIME THIS PAGE WILL STAY CACHED (TTL) >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>>>> !bereq.http.cookie ~ "wordpress_logged_in" ) { >>>>>>>>>>>>> > unset beresp.http.set-cookie; >>>>>>>>>>>>> > set beresp.ttl = 52w; >>>>>>>>>>>>> > # set beresp.grace =1w; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>>>> > set beresp.ttl = 1w; >>>>>>>>>>>>> > return (deliver); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > if (beresp.ttl <= 0s || >>>>>>>>>>>>> > beresp.http.Set-Cookie || >>>>>>>>>>>>> > beresp.http.Vary == "*") { >>>>>>>>>>>>> > set beresp.ttl = 120 s; >>>>>>>>>>>>> > # set beresp.ttl = 120s; >>>>>>>>>>>>> > set beresp.uncacheable = true; >>>>>>>>>>>>> > return (deliver); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > return (deliver); >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > # DELIVER FUNCTION >>>>>>>>>>>>> > # ########################################################## >>>>>>>>>>>>> > sub vcl_deliver { >>>>>>>>>>>>> > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT >>>>>>>>>>>>> > # IN THE HEADER (GREAT FOR DEBUGGING) >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > if (obj.hits > 0) { >>>>>>>>>>>>> > set resp.http.X-Cache = "HIT"; >>>>>>>>>>>>> > # IF THIS IS A MISS RETURN THAT IN THE HEADER >>>>>>>>>>>>> > # ############################## >>>>>>>>>>>>> ############################ >>>>>>>>>>>>> > } else { >>>>>>>>>>>>> > set resp.http.X-Cache = "MISS"; >>>>>>>>>>>>> > } >>>>>>>>>>>>> > } >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > >>>>>>>>>>>>> > 2016-08-04 16:36 GMT+03:00 Andrei : >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> correction: >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> sub vcl_recv { >>>>>>>>>>>>> >> if(req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> >> return (pass); >>>>>>>>>>>>> >> } >>>>>>>>>>>>> >> } >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> sub vcl_backend_response { >>>>>>>>>>>>> >> if (beresp.http.Set-Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> >> set beresp.uncacheable = true; >>>>>>>>>>>>> >> set beresp.ttl = 1w; >>>>>>>>>>>>> >> return (deliver); >>>>>>>>>>>>> >> } >>>>>>>>>>>>> >> } >>>>>>>>>>>>> >> >>>>>>>>>>>>> >> On Thu, Aug 4, 2016 at 8:34 AM, Andrei >>>>>>>>>>>>> wrote: >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> Hello, >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> Aside from the provided VCL being for WordPress, while >>>>>>>>>>>>> you're running XenForo, the xf_ cookies are being dropped by your config. A >>>>>>>>>>>>> quick fix is: >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> sub vcl_recv { >>>>>>>>>>>>> >>> if( req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> >>> return (pass); >>>>>>>>>>>>> >>> } >>>>>>>>>>>>> >>> } >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> sub vcl_backend_response { >>>>>>>>>>>>> >>> if (req.http.Cookie ~ "xf_(session|user)") { >>>>>>>>>>>>> >>> set beresp.uncacheable = true; >>>>>>>>>>>>> >>> set beresp.ttl = 1w; >>>>>>>>>>>>> >>> return (deliver); >>>>>>>>>>>>> >>> } >>>>>>>>>>>>> >>> } >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> However, I suggest auditing your VCL, and only including >>>>>>>>>>>>> rules specific to the application(s) which you are running. >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> On Thu, Aug 4, 2016 at 8:09 AM, Ayberk Kimsesiz < >>>>>>>>>>>>> ayberk.kimsesiz at gmail.com> wrote: >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> Users can't login or register to domain.com/forum with >>>>>>>>>>>>> the current settings. So we need to make a change related to xf_user and >>>>>>>>>>>>> xf_session but how? >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> 2016-08-04 15:26 GMT+03:00 Lane, Richard < >>>>>>>>>>>>> rlane at ahbelo.com>: >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> If you want Varnish to ignore request for a path you >>>>>>>>>>>>> need to tell it to pass. In your example you have a rule for the RSS feed. >>>>>>>>>>>>> You can do the same for /forum/ in your vcl_recv block. >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>>>> >>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>>> >>>>> * return ( pass ); * >>>>>>>>>>>>> >>>>> *}* >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> *# DO NOT CACHE FORUM* >>>>>>>>>>>>> >>>>> if (req.url ~ "/forum(/)?") { >>>>>>>>>>>>> >>>>> return ( pass ); >>>>>>>>>>>>> >>>>> } >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> Cheers, >>>>>>>>>>>>> >>>>> Richard >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Message: 1 >>>>>>>>>>>>> >>>>>> Date: Wed, 3 Aug 2016 23:34:40 +0300 >>>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>>>> >>>>>> Subject: XenForo default.vcl settings >>>>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>> u-AwNJUaDrHm_w-5BXmA_Q at mail.gmail.com> >>>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Hi, >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Could you please share the appropriate Default.vcl >>>>>>>>>>>>> settings for XenForo >>>>>>>>>>>>> >>>>>> Forums? No one can register to the forum at the moment. >>>>>>>>>>>>> My current >>>>>>>>>>>>> >>>>>> Default.vcl settings are as follows. >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Forum address: domain.com/forum >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>>>> >>>>>> * * ****************************** >>>>>>>>>>>>> ***************************/* >>>>>>>>>>>>> >>>>>> *vcl 4.0;* >>>>>>>>>>>>> >>>>>> *import std;* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *backend default {* >>>>>>>>>>>>> >>>>>> * .host = "*******";* >>>>>>>>>>>>> >>>>>> * .port = "8080";* >>>>>>>>>>>>> >>>>>> * .connect_timeout = 600s;* >>>>>>>>>>>>> >>>>>> * .first_byte_timeout = 600s;* >>>>>>>>>>>>> >>>>>> * .between_bytes_timeout = 600s;* >>>>>>>>>>>>> >>>>>> * .max_connections = 800;* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *acl purge {* >>>>>>>>>>>>> >>>>>> * "localhost";* >>>>>>>>>>>>> >>>>>> * "127.0.0.1";* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *#THE RECV FUNCTION* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *sub vcl_recv {* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>>>> used for various >>>>>>>>>>>>> >>>>>> checks* >>>>>>>>>>>>> >>>>>> *set req.http.X-Actual-IP = >>>>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>>>>> >>>>>> ""); * >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # Purge request check sections for hash_always_miss, >>>>>>>>>>>>> purge and ban* >>>>>>>>>>>>> >>>>>> * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>>>> >>>>>> *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>>>> >>>>>> * if (client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>>>> >>>>>> * set req.hash_always_miss = true;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>>> >>>>>> purge) {* >>>>>>>>>>>>> >>>>>> * return(synth(405,"Not allowed."));* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * return (purge);* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> *if (req.method == "BAN") {* >>>>>>>>>>>>> >>>>>> * # Same ACL check as above:* >>>>>>>>>>>>> >>>>>> * if (!client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") >>>>>>>>>>>>> >>>>>> ~ purge) {* >>>>>>>>>>>>> >>>>>> * return(synth(403, "Not >>>>>>>>>>>>> allowed."));* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * ban("req.http.host == " + req.http.host +* >>>>>>>>>>>>> >>>>>> * " && req.url == " + req.url);* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # Throw a synthetic page so the* >>>>>>>>>>>>> >>>>>> * # request won't go to the backend.* >>>>>>>>>>>>> >>>>>> * return(synth(200, "Ban added"));* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# Unset cloudflare cookies* >>>>>>>>>>>>> >>>>>> *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>>>> cookies.* >>>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsuball(req.http.Cookie, >>>>>>>>>>>>> >>>>>> "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>>>> >>>>>> * # Remove a ";" prefix, if present.* >>>>>>>>>>>>> >>>>>> * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # For Testing: If you want to test with Varnish >>>>>>>>>>>>> passing (not caching) >>>>>>>>>>>>> >>>>>> uncomment* >>>>>>>>>>>>> >>>>>> * # return( pass );* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>>> >>>>>> * if (req.restarts == 0) {* >>>>>>>>>>>>> >>>>>> * if (req.http.x-forwarded-for) {* >>>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For =* >>>>>>>>>>>>> >>>>>> * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>>> >>>>>> * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# DO NOT CACHE RSS FEED* >>>>>>>>>>>>> >>>>>> * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *## Do not cache search results, comment these 3 lines >>>>>>>>>>>>> if you do want to >>>>>>>>>>>>> >>>>>> cache them* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *if (req.url ~ "/\?s\=") {* >>>>>>>>>>>>> >>>>>> * return ( pass ); * >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>>>> >>>>>> * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>>>>> >>>>>> * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>>>> >>>>>> * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, >>>>>>>>>>>>> AUDIO, ETC.* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (req.http.Accept-Encoding) {* >>>>>>>>>>>>> >>>>>> * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>>> {* >>>>>>>>>>>>> >>>>>> * # No point in compressing these* >>>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>>>> >>>>>> * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>>>> >>>>>> * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>>> >>>>>> * # unknown algorithm* >>>>>>>>>>>>> >>>>>> * unset req.http.Accept-Encoding;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (req.method != "GET" &&* >>>>>>>>>>>>> >>>>>> * req.method != "HEAD" &&* >>>>>>>>>>>>> >>>>>> * req.method != "PUT" && * >>>>>>>>>>>>> >>>>>> * req.method != "POST" &&* >>>>>>>>>>>>> >>>>>> * req.method != "TRACE" &&* >>>>>>>>>>>>> >>>>>> * req.method != "OPTIONS" &&* >>>>>>>>>>>>> >>>>>> * req.method != "DELETE") {* >>>>>>>>>>>>> >>>>>> * return (pipe);* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS >>>>>>>>>>>>> OCCURS IN FETCH TOO, >>>>>>>>>>>>> >>>>>> EITHER* >>>>>>>>>>>>> >>>>>> * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>>>> >>>>>> * return( pass );* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>>>> WP-LOGIN* >>>>>>>>>>>>> >>>>>> * # THEN UNSET THE COOKIES* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>>>> >>>>>> * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>>>> >>>>>> * ){* >>>>>>>>>>>>> >>>>>> * unset req.http.cookie;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>>>> >>>>>> * return (pass);* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * return (hash);* >>>>>>>>>>>>> >>>>>> * # This is for phpmyadmin* >>>>>>>>>>>>> >>>>>> *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>>>> >>>>>> *return (pass);* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# HIT FUNCTION* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *sub vcl_hit {* >>>>>>>>>>>>> >>>>>> * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# MISS FUNCTION* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *sub vcl_miss {* >>>>>>>>>>>>> >>>>>> * if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>>> >>>>>> * # This is now handled in vcl_recv.* >>>>>>>>>>>>> >>>>>> * #* >>>>>>>>>>>>> >>>>>> * # purge;* >>>>>>>>>>>>> >>>>>> * return (synth(200, "Purged."));* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> * return (fetch);* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# FETCH FUNCTION* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *sub vcl_backend_response {* >>>>>>>>>>>>> >>>>>> * # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES >>>>>>>>>>>>> W3TC * >>>>>>>>>>>>> >>>>>> * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>>>>> NOT WANT* >>>>>>>>>>>>> >>>>>> * # TO DO THIS* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>>>> AMOUNT OF * >>>>>>>>>>>>> >>>>>> * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>>>> >>>>>> "wordpress_logged_in" ) {* >>>>>>>>>>>>> >>>>>> * unset beresp.http.set-cookie;* >>>>>>>>>>>>> >>>>>> * set beresp.ttl = 52w;* >>>>>>>>>>>>> >>>>>> *# set beresp.grace =1w;* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * if (beresp.ttl <= 0s ||* >>>>>>>>>>>>> >>>>>> * beresp.http.Set-Cookie ||* >>>>>>>>>>>>> >>>>>> * beresp.http.Vary == "*") {* >>>>>>>>>>>>> >>>>>> * set beresp.ttl = 120 s;* >>>>>>>>>>>>> >>>>>> * # set beresp.ttl = 120s;* >>>>>>>>>>>>> >>>>>> * set beresp.uncacheable = true;* >>>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> * return (deliver);* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> *# DELIVER FUNCTION* >>>>>>>>>>>>> >>>>>> *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> *sub vcl_deliver {* >>>>>>>>>>>>> >>>>>> * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' >>>>>>>>>>>>> TEXT * >>>>>>>>>>>>> >>>>>> * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * if (obj.hits > 0) {* >>>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "HIT";* >>>>>>>>>>>>> >>>>>> * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>>>> >>>>>> * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> * } else {* >>>>>>>>>>>>> >>>>>> * set resp.http.X-Cache = "MISS";* >>>>>>>>>>>>> >>>>>> * }* >>>>>>>>>>>>> >>>>>> *}* >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Thanks, >>>>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>>>> >>>>>> URL: >>>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160803/d572e4b2/ >>>>>>>>>>>>> attachment-0001.html> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Message: 2 >>>>>>>>>>>>> >>>>>> Date: Thu, 4 Aug 2016 12:14:36 +0300 >>>>>>>>>>>>> >>>>>> From: Ayberk Kimsesiz >>>>>>>>>>>>> >>>>>> To: varnish-misc >>>>>>>>>>>>> >>>>>> Subject: Re: XenForo default.vcl settings >>>>>>>>>>>>> >>>>>> Message-ID: >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>> CvQmNP5k771DPi4O3i1ofA at mail.gmail.com> >>>>>>>>>>>>> >>>>>> Content-Type: text/plain; charset="utf-8" >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> I need to add the followings to default.vcl for >>>>>>>>>>>>> Xenforo. However, solutions >>>>>>>>>>>>> >>>>>> in the Xenforo forums for this didn't work. Can you >>>>>>>>>>>>> please help? >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> xf_session_admin >>>>>>>>>>>>> >>>>>> xf_user >>>>>>>>>>>>> >>>>>> xf_session >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> Or how can i block Varnish in a way that it doesn't >>>>>>>>>>>>> work in *domain.com/forum >>>>>>>>>>>>> >>>>>> * >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> 2016-08-03 23:34 GMT+03:00 Ayberk Kimsesiz < >>>>>>>>>>>>> ayberk.kimsesiz at gmail.com>: >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> > Hi, >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > Could you please share the appropriate Default.vcl >>>>>>>>>>>>> settings for XenForo >>>>>>>>>>>>> >>>>>> > Forums? No one can register to the forum at the >>>>>>>>>>>>> moment. My current >>>>>>>>>>>>> >>>>>> > Default.vcl settings are as follows. >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > Forum address: domain.com/forum >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > */* SET THE HOST AND PORT OF WORDPRESS* >>>>>>>>>>>>> >>>>>> > * * ****************************** >>>>>>>>>>>>> ***************************/* >>>>>>>>>>>>> >>>>>> > *vcl 4.0;* >>>>>>>>>>>>> >>>>>> > *import std;* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *backend default {* >>>>>>>>>>>>> >>>>>> > * .host = "*******";* >>>>>>>>>>>>> >>>>>> > * .port = "8080";* >>>>>>>>>>>>> >>>>>> > * .connect_timeout = 600s;* >>>>>>>>>>>>> >>>>>> > * .first_byte_timeout = 600s;* >>>>>>>>>>>>> >>>>>> > * .between_bytes_timeout = 600s;* >>>>>>>>>>>>> >>>>>> > * .max_connections = 800;* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# SET THE ALLOWED IP OF PURGE REQUESTS* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *acl purge {* >>>>>>>>>>>>> >>>>>> > * "localhost";* >>>>>>>>>>>>> >>>>>> > * "127.0.0.1";* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *#THE RECV FUNCTION* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *sub vcl_recv {* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# set realIP by trimming CloudFlare IP which will be >>>>>>>>>>>>> used for various >>>>>>>>>>>>> >>>>>> > checks* >>>>>>>>>>>>> >>>>>> > *set req.http.X-Actual-IP = >>>>>>>>>>>>> regsub(req.http.X-Forwarded-For, "[, ].*$", >>>>>>>>>>>>> >>>>>> > ""); * >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # Purge request check sections for >>>>>>>>>>>>> hash_always_miss, purge and ban* >>>>>>>>>>>>> >>>>>> > * # BLOCK IF NOT IP is not in purge acl* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # Enable smart refreshing using hash_always_miss* >>>>>>>>>>>>> >>>>>> > *if (req.http.Cache-Control ~ "no-cache") {* >>>>>>>>>>>>> >>>>>> > * if (client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>>>> >>>>>> > * set req.hash_always_miss = true;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ >>>>>>>>>>>>> >>>>>> > purge) {* >>>>>>>>>>>>> >>>>>> > * return(synth(405,"Not allowed."));* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * return (purge);* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > *if (req.method == "BAN") {* >>>>>>>>>>>>> >>>>>> > * # Same ACL check as above:* >>>>>>>>>>>>> >>>>>> > * if (!client.ip ~ purge || >>>>>>>>>>>>> !std.ip(req.http.X-Actual-IP, >>>>>>>>>>>>> >>>>>> > "1.2.3.4") ~ purge) {* >>>>>>>>>>>>> >>>>>> > * return(synth(403, "Not >>>>>>>>>>>>> allowed."));* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * ban("req.http.host == " + req.http.host +* >>>>>>>>>>>>> >>>>>> > * " && req.url == " + req.url);* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # Throw a synthetic page so the* >>>>>>>>>>>>> >>>>>> > * # request won't go to the backend.* >>>>>>>>>>>>> >>>>>> > * return(synth(200, "Ban added"));* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# Unset cloudflare cookies* >>>>>>>>>>>>> >>>>>> > *# Remove has_js and CloudFlare/Google Analytics __* >>>>>>>>>>>>> cookies.* >>>>>>>>>>>>> >>>>>> > * set req.http.Cookie = >>>>>>>>>>>>> regsuball(req.http.Cookie, >>>>>>>>>>>>> >>>>>> > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");* >>>>>>>>>>>>> >>>>>> > * # Remove a ";" prefix, if present.* >>>>>>>>>>>>> >>>>>> > * set req.http.Cookie = regsub(req.http.Cookie, >>>>>>>>>>>>> "^;\s*", "");* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # For Testing: If you want to test with Varnish >>>>>>>>>>>>> passing (not caching) >>>>>>>>>>>>> >>>>>> > uncomment* >>>>>>>>>>>>> >>>>>> > * # return( pass );* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # FORWARD THE IP OF THE REQUEST* >>>>>>>>>>>>> >>>>>> > * if (req.restarts == 0) {* >>>>>>>>>>>>> >>>>>> > * if (req.http.x-forwarded-for) {* >>>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For =* >>>>>>>>>>>>> >>>>>> > * req.http.X-Forwarded-For + ", " + client.ip;* >>>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>>> >>>>>> > * set req.http.X-Forwarded-For = client.ip;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# DO NOT CACHE RSS FEED* >>>>>>>>>>>>> >>>>>> > * if (req.url ~ "/feed(/)?") {* >>>>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *## Do not cache search results, comment these 3 >>>>>>>>>>>>> lines if you do want to >>>>>>>>>>>>> >>>>>> > cache them* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *if (req.url ~ "/\?s\=") {* >>>>>>>>>>>>> >>>>>> > * return ( pass ); * >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# CLEAN UP THE ENCODING HEADER.* >>>>>>>>>>>>> >>>>>> > * # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH >>>>>>>>>>>>> VARY ACCEPT-ENCODING* >>>>>>>>>>>>> >>>>>> > * # VARNISH WILL CREATE SEPARATE CACHES FOR EACH* >>>>>>>>>>>>> >>>>>> > * # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, >>>>>>>>>>>>> AUDIO, ETC.* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (req.http.Accept-Encoding) {* >>>>>>>>>>>>> >>>>>> > * if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") >>>>>>>>>>>>> {* >>>>>>>>>>>>> >>>>>> > * # No point in compressing these* >>>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "gzip") {* >>>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "gzip";* >>>>>>>>>>>>> >>>>>> > * } elsif (req.http.Accept-Encoding ~ "deflate") {* >>>>>>>>>>>>> >>>>>> > * set req.http.Accept-Encoding = "deflate";* >>>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>>> >>>>>> > * # unknown algorithm* >>>>>>>>>>>>> >>>>>> > * unset req.http.Accept-Encoding;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # PIPE ALL NON-STANDARD REQUESTS* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (req.method != "GET" &&* >>>>>>>>>>>>> >>>>>> > * req.method != "HEAD" &&* >>>>>>>>>>>>> >>>>>> > * req.method != "PUT" && * >>>>>>>>>>>>> >>>>>> > * req.method != "POST" &&* >>>>>>>>>>>>> >>>>>> > * req.method != "TRACE" &&* >>>>>>>>>>>>> >>>>>> > * req.method != "OPTIONS" &&* >>>>>>>>>>>>> >>>>>> > * req.method != "DELETE") {* >>>>>>>>>>>>> >>>>>> > * return (pipe);* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # ONLY CACHE GET AND HEAD REQUESTS* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (req.method != "GET" && req.method != "HEAD") {* >>>>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS >>>>>>>>>>>>> OCCURS IN FETCH TOO, >>>>>>>>>>>>> >>>>>> > EITHER* >>>>>>>>>>>>> >>>>>> > * # COMMENT OR UNCOMMENT BOTH* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if ( req.http.cookie ~ "wordpress_logged_in" ) {* >>>>>>>>>>>>> >>>>>> > * return( pass );* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR >>>>>>>>>>>>> WP-LOGIN* >>>>>>>>>>>>> >>>>>> > * # THEN UNSET THE COOKIES* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (!(req.url ~ "wp-(login|admin)") * >>>>>>>>>>>>> >>>>>> > * && !(req.url ~ "&preview=true" ) * >>>>>>>>>>>>> >>>>>> > * ){* >>>>>>>>>>>>> >>>>>> > * unset req.http.cookie;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # IF BASIC AUTH IS ON THEN DO NOT CACHE* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (req.http.Authorization || req.http.Cookie) {* >>>>>>>>>>>>> >>>>>> > * return (pass);* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # IF YOU GET HERE THEN THIS REQUEST SHOULD BE >>>>>>>>>>>>> CACHED* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * return (hash);* >>>>>>>>>>>>> >>>>>> > * # This is for phpmyadmin* >>>>>>>>>>>>> >>>>>> > *if (req.http.Host == "ki1.org ") {* >>>>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *if (req.http.Host == "mysql.ki1.org < >>>>>>>>>>>>> http://mysql.ki1.org>") {* >>>>>>>>>>>>> >>>>>> > *return (pass);* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# HIT FUNCTION* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *sub vcl_hit {* >>>>>>>>>>>>> >>>>>> > * # IF THIS IS A PURGE REQUEST THEN DO THE PURGE* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# MISS FUNCTION* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *sub vcl_miss {* >>>>>>>>>>>>> >>>>>> > * if (req.method == "PURGE") {* >>>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>>> >>>>>> > * # This is now handled in vcl_recv.* >>>>>>>>>>>>> >>>>>> > * #* >>>>>>>>>>>>> >>>>>> > * # purge;* >>>>>>>>>>>>> >>>>>> > * return (synth(200, "Purged."));* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > * return (fetch);* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# FETCH FUNCTION* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *sub vcl_backend_response {* >>>>>>>>>>>>> >>>>>> > * # I SET THE VARY TO ACCEPT-ENCODING, THIS >>>>>>>>>>>>> OVERRIDES W3TC * >>>>>>>>>>>>> >>>>>> > * # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY >>>>>>>>>>>>> NOT WANT* >>>>>>>>>>>>> >>>>>> > * # TO DO THIS* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * set beresp.http.Vary = "Accept-Encoding";* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE >>>>>>>>>>>>> AMOUNT OF * >>>>>>>>>>>>> >>>>>> > * # TIME THIS PAGE WILL STAY CACHED (TTL)* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (!(bereq.url ~ "wp-(login|admin)") && >>>>>>>>>>>>> !bereq.http.cookie ~ >>>>>>>>>>>>> >>>>>> > "wordpress_logged_in" ) {* >>>>>>>>>>>>> >>>>>> > * unset beresp.http.set-cookie;* >>>>>>>>>>>>> >>>>>> > * set beresp.ttl = 52w;* >>>>>>>>>>>>> >>>>>> > *# set beresp.grace =1w;* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * if (beresp.ttl <= 0s ||* >>>>>>>>>>>>> >>>>>> > * beresp.http.Set-Cookie ||* >>>>>>>>>>>>> >>>>>> > * beresp.http.Vary == "*") {* >>>>>>>>>>>>> >>>>>> > * set beresp.ttl = 120 s;* >>>>>>>>>>>>> >>>>>> > * # set beresp.ttl = 120s;* >>>>>>>>>>>>> >>>>>> > * set beresp.uncacheable = true;* >>>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > * return (deliver);* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > *# DELIVER FUNCTION* >>>>>>>>>>>>> >>>>>> > *# ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > *sub vcl_deliver {* >>>>>>>>>>>>> >>>>>> > * # IF THIS PAGE IS ALREADY CACHED THEN RETURN A >>>>>>>>>>>>> 'HIT' TEXT * >>>>>>>>>>>>> >>>>>> > * # IN THE HEADER (GREAT FOR DEBUGGING)* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * if (obj.hits > 0) {* >>>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "HIT";* >>>>>>>>>>>>> >>>>>> > * # IF THIS IS A MISS RETURN THAT IN THE HEADER* >>>>>>>>>>>>> >>>>>> > * # ############################## >>>>>>>>>>>>> ############################* >>>>>>>>>>>>> >>>>>> > * } else {* >>>>>>>>>>>>> >>>>>> > * set resp.http.X-Cache = "MISS";* >>>>>>>>>>>>> >>>>>> > * }* >>>>>>>>>>>>> >>>>>> > *}* >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> > Thanks, >>>>>>>>>>>>> >>>>>> > >>>>>>>>>>>>> >>>>>> -------------- next part -------------- >>>>>>>>>>>>> >>>>>> An HTML attachment was scrubbed... >>>>>>>>>>>>> >>>>>> URL: >>>>>>>>>>>> /lists/pipermail/varnish-misc/attachments/20160804/4e3f064a/ >>>>>>>>>>>>> attachment.html> >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> ------------------------------ >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> _______________________________________________ >>>>>>>>>>>>> >>>>>> varnish-misc mailing list >>>>>>>>>>>>> >>>>>> varnish-misc at varnish-cache.org >>>>>>>>>>>>> >>>>>> https://www.varnish-cache.org/ >>>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>>> >>>>>> >>>>>>>>>>>>> >>>>>> End of varnish-misc Digest, Vol 125, Issue 14 >>>>>>>>>>>>> >>>>>> ********************************************* >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> >>>>>>>>>>>>> >>>>> _______________________________________________ >>>>>>>>>>>>> >>>>> varnish-misc mailing list >>>>>>>>>>>>> >>>>> varnish-misc at varnish-cache.org >>>>>>>>>>>>> >>>>> https://www.varnish-cache.org/ >>>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> >>>>>>>>>>>>> >>>> _______________________________________________ >>>>>>>>>>>>> >>>> varnish-misc mailing list >>>>>>>>>>>>> >>>> varnish-misc at varnish-cache.org >>>>>>>>>>>>> >>>> https://www.varnish-cache.org/ >>>>>>>>>>>>> lists/mailman/listinfo/varnish-misc >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >>> >>>>>>>>>>>>> >> >>>>>>>>>>>>> > >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mic at strg.at Wed Aug 10 14:23:54 2016 From: mic at strg.at (Michael Dosser) Date: Wed, 10 Aug 2016 16:23:54 +0200 Subject: Varnish threads growing until no response In-Reply-To: <7C164087-1CB2-438A-9A7F-1FAF0995C22E@strg.at> References: <90B82C21-4A94-4AAE-95BB-CF9623DD78F8@strg.at> <441BC562-AF7B-4103-81C3-82325B1B8E49@strg.at> <7C164087-1CB2-438A-9A7F-1FAF0995C22E@strg.at> Message-ID: Hi, just an update - since we made those changes our Varnish instance is still up and running. I did some other changes: - Removed ?set beresp.ttl = 0s;? in vcl_backend_response and added default_ttl=0 in Varnish startup - Removed the whole inline C-Code - replaced with Varnish own s-maxage handling I?ll keep you informed if this solved our problems ? Michael Dosser > Am 29.07.2016 um 14:44 schrieb Michael Dosser : > > Hi, > >> Am 29.07.2016 um 14:20 schrieb Guillaume Quintard : >> >> Silly question, but have you tried having more threads? And at the same time, thread_pool should be set to 2, unless you have a very valid reason to do otherwise. > > thanks for your help. I?ll try these new settings! I didn?t think about changing the startup logic and always thought our problem is coming from our quite complex VCL. > > Michael Dosser > > PS: I changed the startup to: > > varnishd -f /etc/varnish/fuf.vcl \ > -h critbit \ > -a 127.0.0.1:6081 \ > -T 127.0.0.1:6082 \ > -t 120 \ > -S /etc/varnish/secret \ > -s malloc,12G \ > -p thread_pool_min=500 \ > -p thread_pool_max=3000 \ > -p thread_pools=2 \ > -p thread_pool_add_delay=0 \ > -p vcc_allow_inline_c=on \ > -p feature=+esi_disable_xml_check \ > -p feature=+esi_ignore_other_elements \ > -p feature=+esi_ignore_https" > > -- > strg.at gmbh michael.dosser at strg.at > gumpendorferstrasse 132, top 9, 1060 wien > tel +43 (1) 526 56 29 mobile +43 699 1 7777 164 > > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc -- strg.at gmbh michael.dosser at strg.at gumpendorferstrasse 132, top 9, 1060 wien tel +43 (1) 526 56 29 mobile +43 699 1 7777 164 From allan_wind at lifeintegrity.com Wed Aug 10 19:18:19 2016 From: allan_wind at lifeintegrity.com (Allan Wind) Date: Wed, 10 Aug 2016 15:18:19 -0400 Subject: github: update issues template Message-ID: <20160810191819.GC28290@lifeintegrity.com> Hi, It would be lovely if someone could update the github issues template to mention in the beginning that enhancements should go here. Currently, that comment is buried at the end of the expected behavior section (which was unexpected, phun intended) of what is a wall of text. /Allan -- Allan Wind From allan_wind at lifeintegrity.com Wed Aug 10 19:25:50 2016 From: allan_wind at lifeintegrity.com (Allan Wind) Date: Wed, 10 Aug 2016 15:25:50 -0400 Subject: varnishlog: decode timestamps Message-ID: <20160810192550.GD28290@lifeintegrity.com> Would it be possible to enhance varnishlog to decode timestamps? Fractional seconds after epoch is not particular human readable: Timestamp Start: 1470804759.626229 0.000000 0.000000 .. TTL RFC 2592000 10 -1 1470831256 1470831256 1470831255 1473423255 2592000 You need to decode these manually to cross referencing other logs, i.e.: date -d '@1470804759.626229' --iso-8601=ns I suggest the ISO 8601 format, but pretty much anything is better to me than the current format. Make sure, however, to figure out the timezone from the TZ environment variable is consulted so you can get either locatime and UTC (if not set). /Allan -- Allan Wind From ayberk.kimsesiz at gmail.com Thu Aug 11 15:22:49 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 11 Aug 2016 18:22:49 +0300 Subject: Visitor IP Message-ID: Hi, Everyone who visits our website has an IP address that seems as the Server IP. This is fixed by canceling the Varnish Cache. What settings we need to do to resolve this issue? http://imgur.com/a/Kh8sP Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Thu Aug 11 15:39:28 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Thu, 11 Aug 2016 17:39:28 +0200 Subject: Visitor IP In-Reply-To: References: Message-ID: Have the website look at the X-forwarded-for header? Next varnish version will support the proxy protocol on the backend site, IIUC, so you won't even need the header trick. -- Guillaume Quintard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Thu Aug 11 15:43:27 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Thu, 11 Aug 2016 18:43:27 +0300 Subject: Visitor IP In-Reply-To: References: Message-ID: Hi, # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } 2016-08-11 18:39 GMT+03:00 Guillaume Quintard < guillaume at varnish-software.com>: > Have the website look at the X-forwarded-for header? > > Next varnish version will support the proxy protocol on the backend site, > IIUC, so you won't even need the header trick. > > -- > Guillaume Quintard > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Thu Aug 11 15:45:44 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Thu, 11 Aug 2016 17:45:44 +0200 Subject: Visitor IP In-Reply-To: References: Message-ID: Don't worry about it in vcl, it should already be done automatically by Varnish in the lastest versions. -- Guillaume Quintard -------------- next part -------------- An HTML attachment was scrubbed... URL: From zxcvbn4038 at gmail.com Thu Aug 11 16:38:34 2016 From: zxcvbn4038 at gmail.com (CJ Ess) Date: Thu, 11 Aug 2016 12:38:34 -0400 Subject: Visitor IP In-Reply-To: References: Message-ID: The X-Forwarded-For header is the one you want - you read it right to left, and the first address you don't recognize as yours is the user's IP. Anything further left then the first value you assume is spoofed and disregard. Your request may have multiple X-Forwarded-For headers - you read them last to first in addition to right to left. PHP has problems with the multiple X-Forwarded-For headers, as a workaround we use the real-ip module in Nginx to process the X-Forwarded-For header(s) and provide a PHP friendly value for application use. On Thu, Aug 11, 2016 at 11:22 AM, Ayberk Kimsesiz wrote: > Hi, > > Everyone who visits our website has an IP address that seems as the Server > IP. This is fixed by canceling the Varnish Cache. What settings we need to > do to resolve this issue? > > http://imgur.com/a/Kh8sP > > Thanks > > _______________________________________________ > varnish-misc mailing list > varnish-misc at varnish-cache.org > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Mon Aug 15 10:18:18 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Mon, 15 Aug 2016 13:18:18 +0300 Subject: Varnish Cache & Ad Impressions Message-ID: Hi, There's something i've been wondering. Does Varnish Cache negatively affect to ad impressions? Or is it only us? Because there is also a decrease in our Buy Rate. Sample Code:
Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Mon Aug 15 20:25:30 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Mon, 15 Aug 2016 22:25:30 +0200 Subject: Varnish Cache & Ad Impressions In-Reply-To: References: Message-ID: I'd say no. But maybe you are caching more than you should and screwing up js calls. -- Guillaume Quintard -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Tue Aug 16 08:48:11 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Tue, 16 Aug 2016 11:48:11 +0300 Subject: Varnish Cache & Ad Impressions In-Reply-To: References: Message-ID: This is the only setting related to JS. Do you think it affects the banner performance? set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); 2016-08-15 23:25 GMT+03:00 Guillaume Quintard < guillaume at varnish-software.com>: > I'd say no. But maybe you are caching more than you should and screwing up > js calls. > > -- > Guillaume Quintard > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guillaume at varnish-software.com Tue Aug 16 16:42:10 2016 From: guillaume at varnish-software.com (Guillaume Quintard) Date: Tue, 16 Aug 2016 18:42:10 +0200 Subject: Varnish Cache & Ad Impressions In-Reply-To: References: Message-ID: Maybe, what is it supposed to do, why is it there and is any of your ad frameworks affected by this? -------------- next part -------------- An HTML attachment was scrubbed... URL: From miguel_3_gonzalez at yahoo.es Wed Aug 17 15:43:17 2016 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Wed, 17 Aug 2016 17:43:17 +0200 Subject: varnish statistics Message-ID: <0ed47e7e-cda8-e624-b883-04fc9c301468@yahoo.es> Hi! I have a WHM/Cpanel server behind Varnish. I would like to know which are the websites that use up the most of the Varnish cache (I?m thinking of even creating different storages for the most used websites). I took a look into Munin and Pandora, but maybe you guys know simpler or better tools? I don?t mind if they are GUIs or command line tools. Regards, Miguel From sujithnss at gmail.com Thu Aug 18 10:10:18 2016 From: sujithnss at gmail.com (sujith pv) Date: Thu, 18 Aug 2016 15:40:18 +0530 Subject: Varnish TTL Message-ID: Hi Team I'm very newbie to VARNISH. Currently I have few doubts around the same - I have Varnish 4.0 version running at my end with TTL being 2 hrs - Im using malloc storage - But here I have a strange problem after I use Varnish during a load test o an hour time , the memory shoots to 80% . Then I assumed after the TTL of 2 hrs , the memory to come down. But still after many hours still the memory is holding up at 80% - So here few doubts , after TTL do Varnish releases the consumed memory. Correct me if I'm wrong. Or do we need to explicitly purge it?? - Is VARNISH will hold up some memory with out releasing it for its operations ? Best Regards Sujith P V -------------- next part -------------- An HTML attachment was scrubbed... URL: From miguel_3_gonzalez at yahoo.es Thu Aug 18 10:22:14 2016 From: miguel_3_gonzalez at yahoo.es (=?UTF-8?Q?Miguel_Gonz=c3=a1lez?=) Date: Thu, 18 Aug 2016 12:22:14 +0200 Subject: varnish statistics Message-ID: Hi! I have a WHM/Cpanel server behind Varnish. I would like to know which are the websites that use up the most of the Varnish cache (I?m thinking of even creating different storages for the most used websites). I took a look into Munin and Pandora, but maybe you guys know simpler or better tools? I don?t mind if they are GUIs or command line tools. Regards, Miguel From sujithnss at gmail.com Fri Aug 19 01:56:34 2016 From: sujithnss at gmail.com (sujith pv) Date: Fri, 19 Aug 2016 07:26:34 +0530 Subject: Varnish TTL In-Reply-To: References: Message-ID: Hi Guys any help please.... On Thu, Aug 18, 2016 at 3:40 PM, sujith pv wrote: > Hi Team > > I'm very newbie to VARNISH. Currently I have few doubts around the same > > - I have Varnish 4.0 version running at my end with TTL being 2 hrs > - Im using malloc storage > - But here I have a strange problem after I use Varnish during a load > test o an hour time , the memory shoots to 80% . Then I assumed after the > TTL of 2 hrs , the memory to come down. But still after many hours still > the memory is holding up at 80% > - So here few doubts , after TTL do Varnish releases the consumed > memory. Correct me if I'm wrong. Or do we need to explicitly purge it?? > - Is VARNISH will hold up some memory with out releasing it for its > operations ? > > > Best Regards > Sujith P V > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mattias at nucleus.be Fri Aug 19 07:05:45 2016 From: mattias at nucleus.be (Mattias Geniar) Date: Fri, 19 Aug 2016 07:05:45 +0000 Subject: Varnish TTL In-Reply-To: References: Message-ID: <0E9AE14A-6106-466C-92CE-FD299997F25D@nucleus.be> > Then I assumed after the TTL of 2 hrs , the memory to come down. But still after many hours still the memory is holding up at 80% That's not how Varnish handles memory. For instance, grace mode can be enabled which allows objects to live on beyond their TTL. At the same time - if I recall correctly - Varnish won't actively remove objects from cache when the TTL has expired. It will however use that space in memory for new objects to store, evicting the expired objects at that time. So in short: if you tell Varnish to use 1GB of cache (malloc), it will use 1GB of cache. It won't fall back to 15MB just because all objects are expired. > after TTL do Varnish releases the consumed memory. Correct me if I'm wrong. Or do we need to explicitly purge it?? See above. This also applies to banning: a "ban" in Varnish will mark an object (or set of objects) for deletion from the cache, but it won't actively delete them. As soon as a new request is made for that object, Varnish will check the ban list and *then* remove the object. The rationale is that it's more efficient this way instead of wasting CPU cycles removing/purging content that wouldn't benefit the application. Mattias From ayberk.kimsesiz at gmail.com Mon Aug 22 11:10:47 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Mon, 22 Aug 2016 14:10:47 +0300 Subject: Varnish Cache & Ad Impressions In-Reply-To: References: Message-ID: Hi, We are using the default.vcl file as follows. Our website is getting higher traffic each day but there is a decline in ads' impression values. We are using .js in ad codes. Do you think the following settings might be the problem? /* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "********"; .port = "8080"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 800; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { if (req.http.Host == "****.com/forum" || req.url ~ "forum") { return (pass); } # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # Unset cloudflare cookies # Remove has_js and CloudFlare/Google Analytics __* cookies. set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); # Remove a ";" prefix, if present. set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## if ( req.http.cookie ~ "wordpress_logged_in" ) { return( pass ); } # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## if (!(req.url ~ "wp-(login|admin)") && !(req.url ~ "&preview=true" ) ){ unset req.http.cookie; } # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "ki1.org") { return (pass); } if (req.http.Host == "mysql.ki1.org") { return (pass); } } # HIT FUNCTION # ########################################################## sub vcl_hit { # IF THIS IS A PURGE REQUEST THEN DO THE PURGE # ########################################################## if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (!(bereq.url ~ "wp-(login|admin)|forum") && !bereq.http.cookie ~ "wordpress_logged_in" && !bereq.http.host == "******.com/forum" ) { unset beresp.http.set-cookie; set beresp.ttl = 52w; # set beresp.grace =1w; } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } 2016-08-16 19:42 GMT+03:00 Guillaume Quintard < guillaume at varnish-software.com>: > Maybe, what is it supposed to do, why is it there and is any of your ad > frameworks affected by this? > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Wed Aug 31 15:13:32 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Wed, 31 Aug 2016 18:13:32 +0300 Subject: Varnish + Banner Impression Problem Message-ID: Hi, There is something we need to know about Varnish. Do you think the following Wordpress settings might have a negative affect on ad impressions (which contain Javascript)? We suspect if there is an error in the AdServer service but with the installation of Varnish, our impressions are incredibly diminished. Would Varnish have an impact on this matter? *Example of the ad code: * *Default.vcl* /* SET THE HOST AND PORT OF WORDPRESS * *********************************************************/ vcl 4.0; import std; backend default { .host = "MY SERVER IP"; .port = "8080"; .connect_timeout = 600s; .first_byte_timeout = 600s; .between_bytes_timeout = 600s; .max_connections = 800; } # SET THE ALLOWED IP OF PURGE REQUESTS # ########################################################## acl purge { "localhost"; "127.0.0.1"; } #THE RECV FUNCTION # ########################################################## sub vcl_recv { if (req.http.Host == ".com/forum" || req.url ~ "forum") { return (pass); } # set realIP by trimming CloudFlare IP which will be used for various checks set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, ].*$", ""); unset req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; } # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # Purge request check sections for hash_always_miss, purge and ban # BLOCK IF NOT IP is not in purge acl # ########################################################## # Enable smart refreshing using hash_always_miss if (req.http.Cache-Control ~ "no-cache") { if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { set req.hash_always_miss = true; } } if (req.method == "PURGE") { if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(405,"Not allowed.")); } return (purge); } if (req.method == "BAN") { # Same ACL check as above: if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ purge) { return(synth(403, "Not allowed.")); } ban("req.http.host == " + req.http.host + " && req.url == " + req.url); # Throw a synthetic page so the # request won't go to the backend. return(synth(200, "Ban added")); } # For Testing: If you want to test with Varnish passing (not caching) uncomment # return( pass ); # FORWARD THE IP OF THE REQUEST if (req.restarts == 0) { if (req.http.x-forwarded-for) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } } # DO NOT CACHE RSS FEED if (req.url ~ "/feed(/)?") { return ( pass ); } ## Do not cache search results, comment these 3 lines if you do want to cache them if (req.url ~ "/\?s\=") { return ( pass ); } # CLEAN UP THE ENCODING HEADER. # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING # VARNISH WILL CREATE SEPARATE CACHES FOR EACH # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. # ########################################################## if (req.http.Accept-Encoding) { if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { # No point in compressing these unset req.http.Accept-Encoding; } elsif (req.http.Accept-Encoding ~ "gzip") { set req.http.Accept-Encoding = "gzip"; } elsif (req.http.Accept-Encoding ~ "deflate") { set req.http.Accept-Encoding = "deflate"; } else { # unknown algorithm unset req.http.Accept-Encoding; } } # PIPE ALL NON-STANDARD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD" && req.method != "PUT" && req.method != "POST" && req.method != "TRACE" && req.method != "OPTIONS" && req.method != "DELETE") { return (pipe); } # ONLY CACHE GET AND HEAD REQUESTS # ########################################################## if (req.method != "GET" && req.method != "HEAD") { return (pass); } # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, EITHER # COMMENT OR UNCOMMENT BOTH # ########################################################## if ( req.http.cookie ~ "wordpress_logged_in" ) { return( pass ); } # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN # THEN UNSET THE COOKIES # ########################################################## if (!(req.url ~ "wp-(login|admin)") && !(req.url ~ "&preview=true" ) ){ unset req.http.cookie; } # IF BASIC AUTH IS ON THEN DO NOT CACHE # ########################################################## if (req.http.Authorization || req.http.Cookie) { return (pass); } # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED # ########################################################## return (hash); # This is for phpmyadmin if (req.http.Host == "ki1.org") { return (pass); } if (req.http.Host == "mysql.ki1.org") { return (pass); } } # HIT FUNCTION # ########################################################## sub vcl_hit { # IF THIS IS A PURGE REQUEST THEN DO THE PURGE # ########################################################## if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (deliver); } # MISS FUNCTION # ########################################################## sub vcl_miss { if (req.method == "PURGE") { # # This is now handled in vcl_recv. # # purge; return (synth(200, "Purged.")); } return (fetch); } # FETCH FUNCTION # ########################################################## sub vcl_backend_response { # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT # TO DO THIS # ########################################################## set beresp.http.Vary = "Accept-Encoding"; # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF # TIME THIS PAGE WILL STAY CACHED (TTL) # ########################################################## if (!(bereq.url ~ "wp-(login|admin)|forum") && !bereq.http.cookie ~ "wordpress_logged_in" && !bereq.http.host == ".com/forum" ) { unset beresp.http.set-cookie; set beresp.ttl = 52w; # set beresp.grace =1w; } if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") { set beresp.ttl = 120 s; # set beresp.ttl = 120s; set beresp.uncacheable = true; return (deliver); } return (deliver); } # DELIVER FUNCTION # ########################################################## sub vcl_deliver { # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT # IN THE HEADER (GREAT FOR DEBUGGING) # ########################################################## if (obj.hits > 0) { set resp.http.X-Cache = "HIT"; # IF THIS IS A MISS RETURN THAT IN THE HEADER # ########################################################## } else { set resp.http.X-Cache = "MISS"; } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From ayberk.kimsesiz at gmail.com Wed Aug 31 19:42:19 2016 From: ayberk.kimsesiz at gmail.com (Ayberk Kimsesiz) Date: Wed, 31 Aug 2016 22:42:19 +0300 Subject: Varnish Cache & Ad Impressions In-Reply-To: References: Message-ID: Hi Guillaume, Varnish truly has a serious affect on impressions of banners. This month was a substantial lost. What is your advise on this? We are very pleased with Varnish but also experiencing a loss of income. Ad code: Thanks, Ayberk 2016-08-22 14:10 GMT+03:00 Ayberk Kimsesiz : > Hi, > > We are using the default.vcl file as follows. Our website is getting > higher traffic each day but there is a decline in ads' impression values. > We are using .js in ad codes. Do you think the following settings might be > the problem? > > /* SET THE HOST AND PORT OF WORDPRESS > * *********************************************************/ > vcl 4.0; > import std; > > backend default { > .host = "********"; > .port = "8080"; > .connect_timeout = 600s; > .first_byte_timeout = 600s; > .between_bytes_timeout = 600s; > .max_connections = 800; > } > > # SET THE ALLOWED IP OF PURGE REQUESTS > # ########################################################## > acl purge { > "localhost"; > "127.0.0.1"; > } > > #THE RECV FUNCTION > # ########################################################## > sub vcl_recv { > if (req.http.Host == "****.com/forum" || req.url ~ "forum") { > return (pass); > } > > # set realIP by trimming CloudFlare IP which will be used for various > checks > set req.http.X-Actual-IP = regsub(req.http.X-Forwarded-For, "[, > ].*$", ""); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # Purge request check sections for hash_always_miss, purge and ban > # BLOCK IF NOT IP is not in purge acl > # ########################################################## > > # Enable smart refreshing using hash_always_miss > if (req.http.Cache-Control ~ "no-cache") { > if (client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > set req.hash_always_miss = true; > } > } > > if (req.method == "PURGE") { > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") ~ > purge) { > return(synth(405,"Not allowed.")); > } > return (purge); > > } > if (req.method == "BAN") { > # Same ACL check as above: > if (!client.ip ~ purge || !std.ip(req.http.X-Actual-IP, "1.2.3.4") > ~ purge) { > return(synth(403, "Not allowed.")); > } > ban("req.http.host == " + req.http.host + > " && req.url == " + req.url); > > # Throw a synthetic page so the > # request won't go to the backend. > return(synth(200, "Ban added")); > } > > > # Unset cloudflare cookies > # Remove has_js and CloudFlare/Google Analytics __* cookies. > set req.http.Cookie = regsuball(req.http.Cookie, > "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", ""); > # Remove a ";" prefix, if present. > set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", ""); > > # For Testing: If you want to test with Varnish passing (not caching) > uncomment > # return( pass ); > > # FORWARD THE IP OF THE REQUEST > if (req.restarts == 0) { > if (req.http.x-forwarded-for) { > set req.http.X-Forwarded-For = > req.http.X-Forwarded-For + ", " + client.ip; > } else { > set req.http.X-Forwarded-For = client.ip; > } > } > > # DO NOT CACHE RSS FEED > if (req.url ~ "/feed(/)?") { > return ( pass ); > } > > ## Do not cache search results, comment these 3 lines if you do want > to cache them > > if (req.url ~ "/\?s\=") { > return ( pass ); > } > > # CLEAN UP THE ENCODING HEADER. > # SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING > # VARNISH WILL CREATE SEPARATE CACHES FOR EACH > # DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC. > # ########################################################## > if (req.http.Accept-Encoding) { > if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") { > # No point in compressing these > unset req.http.Accept-Encoding; > } elsif (req.http.Accept-Encoding ~ "gzip") { > set req.http.Accept-Encoding = "gzip"; > } elsif (req.http.Accept-Encoding ~ "deflate") { > set req.http.Accept-Encoding = "deflate"; > } else { > # unknown algorithm > unset req.http.Accept-Encoding; > } > } > > # PIPE ALL NON-STANDARD REQUESTS > # ########################################################## > if (req.method != "GET" && > req.method != "HEAD" && > req.method != "PUT" && > req.method != "POST" && > req.method != "TRACE" && > req.method != "OPTIONS" && > req.method != "DELETE") { > return (pipe); > } > > # ONLY CACHE GET AND HEAD REQUESTS > # ########################################################## > if (req.method != "GET" && req.method != "HEAD") { > return (pass); > } > > # OPTIONAL: DO NOT CACHE LOGGED IN USERS (THIS OCCURS IN FETCH TOO, > EITHER > # COMMENT OR UNCOMMENT BOTH > # ########################################################## > if ( req.http.cookie ~ "wordpress_logged_in" ) { > return( pass ); > } > > # IF THE REQUEST IS NOT FOR A PREVIEW, WP-ADMIN OR WP-LOGIN > # THEN UNSET THE COOKIES > # ########################################################## > if (!(req.url ~ "wp-(login|admin)") > && !(req.url ~ "&preview=true" ) > ){ > unset req.http.cookie; > } > > # IF BASIC AUTH IS ON THEN DO NOT CACHE > # ########################################################## > if (req.http.Authorization || req.http.Cookie) { > return (pass); > } > > # IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED > # ########################################################## > return (hash); > # This is for phpmyadmin > if (req.http.Host == "ki1.org") { > return (pass); > } > > if (req.http.Host == "mysql.ki1.org") { > return (pass); > } > > } > > # HIT FUNCTION > # ########################################################## > sub vcl_hit { > # IF THIS IS A PURGE REQUEST THEN DO THE PURGE > # ########################################################## > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (deliver); > } > > # MISS FUNCTION > # ########################################################## > sub vcl_miss { > if (req.method == "PURGE") { > # > # This is now handled in vcl_recv. > # > # purge; > return (synth(200, "Purged.")); > } > return (fetch); > } > > # FETCH FUNCTION > # ########################################################## > sub vcl_backend_response { > # I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC > # TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT > # TO DO THIS > # ########################################################## > set beresp.http.Vary = "Accept-Encoding"; > > # IF NOT WP-ADMIN THEN UNSET COOKIES AND SET THE AMOUNT OF > # TIME THIS PAGE WILL STAY CACHED (TTL) > # ########################################################## > if (!(bereq.url ~ "wp-(login|admin)|forum") && !bereq.http.cookie ~ > "wordpress_logged_in" && !bereq.http.host == "******.com/forum" ) { > unset beresp.http.set-cookie; > set beresp.ttl = 52w; > # set beresp.grace =1w; > } > > > > if (beresp.ttl <= 0s || > beresp.http.Set-Cookie || > beresp.http.Vary == "*") { > set beresp.ttl = 120 s; > # set beresp.ttl = 120s; > set beresp.uncacheable = true; > return (deliver); > } > > return (deliver); > } > > # DELIVER FUNCTION > # ########################################################## > sub vcl_deliver { > # IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT > # IN THE HEADER (GREAT FOR DEBUGGING) > # ########################################################## > if (obj.hits > 0) { > set resp.http.X-Cache = "HIT"; > # IF THIS IS A MISS RETURN THAT IN THE HEADER > # ########################################################## > } else { > set resp.http.X-Cache = "MISS"; > } > } > > > 2016-08-16 19:42 GMT+03:00 Guillaume Quintard com>: > >> Maybe, what is it supposed to do, why is it there and is any of your ad >> frameworks affected by this? >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: