I need to do custom Varnish VCL configuration for cookie based by-pass objects.
So, Varnish keep serving my cached pages unless user logged in.
How can i prevent access to non-logged users? for specific pages or regex etc.
Using:
Varnish 3 on Nginx, Ubuntu 64. bit EC2 instance
That's the varnish default behaviour, excerpt from the default config [1]:
sub vcl_recv {
#...
if (req.http.Authorization || req.http.Cookie) {
/* Not cacheable by default */
return (pass);
}
#...
}
[1] https://www.varnish-cache.org/docs/3.0/reference/vcl.html#examples
Related
I see this used to be set with a conf value for play 2.1.0
how to set secure flag for cookies inplay 2.1.0
But in 2.4.x I see that this has been moved to using HttpConfiguration instead, what needs to be done now to put the secure flag on cookies now?
You have multiple options to set the secure flag depending on which type of cookie you are talking about:
For the session cookie add the following in your application.conf file:
play {
http {
session = {
secure = true
}
}
}
If you already configured the session cookie to be secure, all other cookies will be handled the same way unless you specify otherwise.
To change the configuration for regular cookies place the following in your application.conf file:
play.filters {
cookie {
secure = true
}
}
See Filter reference.conf and Play reference.conf for all configuration options that you have for cookies and the session.
I'm setting up a Varnish 5 instance connected to 2 backend servers (Magento 2 applications).
I'm using the new Varnish 5 feature of loading multiple VCL files. To keep things very simple for now, I'm going to use 1 backend server in my example.
So, I have a magento.vcl defined as follows:
vcl 4.0;
import std;
# The minimal Varnish version is 4.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'
backend default {
.host = "127.0.0.1";
.port = "8088";
}
include "/etc/varnish/common.vcl";
And a top.vcl
vcl 4.0;
import std;
backend default { .host = "127.0.0.1"; }
sub vcl_recv {
if (req.http.host == "magento2.dev") {
return (vcl(magento_vcl));
}
}
Then I run
service varnish restart
varnishadm
vcl.load magento /etc/varnish/conf.d/magento.vcl
vcl.label magento_vcl magento
vcl.load top /etc/varnish/top.vcl
vcl.use top
quit
When I browse to magento2.dev, I get a backend fetch error after some seconds. It's only when I go in magento.vcl and change the name of the backend and make a backend hint that it works. See below:
vcl 4.0;
import std;
# The minimal Varnish version is 4.0
# For SSL offloading, pass the following header in your proxy server or load balancer: 'X-Forwarded-Proto: https'
backend magento {
.host = "127.0.0.1";
.port = "8088";
}
sub vcl_recv {
set req.backend_hint = magento;
}
include "/etc/varnish/common.vcl";
Why should I be specifying a backend hint? Shouldn't Varnish be loading a different VCL according to the host specified in top.vcl? Or is there something wrong?
Thanks in advance,
It seems varnish does load the vcl that you specifed via the vcl(label). That .vcl should specify the backend_hint that's valid for the particular backend the .vcl is for. I don't think there's anything wrong.
I wish to deploy owncloud 9.x on two nodes behind a Varnish 3 server configured for round robin balancing.
By default my Varnish default.vcl cleans up all cookies except PHPSESSID.
I see that Owncloud session cookie name is not the usual PHPSESSID.
How can I change Varnish script accordingly?
or
How can I configure Owncloud to fallback to PHPSESSID?
Since my varnish serves multiple hosts the only solution I've found is
sub vcl_recv {
if( req.http.host ~ "owncloud" ) {
return(pass);
}
}
I'd like to know what can I put in my VCL to tell Varnish to not cache the requests and pass all the requests to the backend, because I would like to use Varnish as a reverse proxy to hide the actual IP of my backends.
I did some researches but I didn't find anything concrete.
I'm using Varnish 3 and my actual Varnish VCl is:
backend default {
.host = "127.0.0.1";
.port = "8080";
}
Thank you.
if you want varnish to do nothing with the request at all you should use pipe. This prevents varnish from rewriting the headers. The response is sent back from varnish directly.
sub vcl_recv {
return(pipe);
}
You'll need to overwrite the default handling to force a 'pass'
This in both vcl_recv and vcl_fetch
sub vcl_recv {
pass; }
sub vcl_fetch {
pass; }
How do I configure my VLC to let Varnish respect the 'Cache-Control max-age' request header?
I noticed that by default varnish delivers cached content, even when I press F5 in my browser (Hence request a 'fresh' copy').
in vcl_hit you can do the following:
if (req.http.Cache-Control ~ '\no-cache\b`) {
purge;
return (restart);
}
make sure you have imported the std vmod
import std;