@@ -0,0 +1,222 @@
/* SET THE HOST AND PORT OF WooCommerce
* *********************************************************/
backend default {
.host = "127.0.0.1" ;
.port = "8080" ;
}
# SET THE ALLOWED IP OF PURGE REQUESTS
# ##########################################################
acl purge {
"localhost" ;
"127.0.0.1" ;
"Web.Server.IP" ;
}
#THE RECV FUNCTION
# ##########################################################
sub vcl_recv {
#remove HTTPOXY CGI vulnerability
unset req.http.proxy ;
#remove extraneous host ports
set req.http.host = regsub (req.http.Host , ":[0-9]+" , "" );
# set realIP by trimming CloudFlare IP which will be used for various checks
set req.http.X-Actual-IP = regsub (req.http.X-Forwarded-For , "[, ].*$" , "" );
# Enable smart refreshing
if (req.http.Cache-Control ~ "no-cache" && client.ip ~ purge) {
set req.hash_always_miss = true ;
}
# Unset cloudflare cookies
# Remove has_js and CloudFlare/Google Analytics __* cookies.
set req.http.Cookie = regsuball (req.http.Cookie , "(^|;\s *)(_[_a-z]+|has_js)=[^;]*" , "" );
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub (req.http.Cookie , "^;\s *" , "" );
# For Testing: If you want to test with Varnish passing (not caching) uncomment
# return( pass );
# FORWARD THE IP OF THE REQUEST
if (req.restarts == 0 ) {
if (req.http.x-forwarded-for ) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip ;
} else {
set req.http.X-Forwarded-For = client.ip ;
}
}
# DO NOT CACHE RSS FEED
if (req.url ~ "/feed/" ) {
return ( pass );
}
## Do not cache search results, comment these 3 lines if you do want to cache them
if (req.url ~ "/\? s\= " ) {
return ( pass );
}
# CLEAN UP THE ENCODING HEADER.
# SET TO GZIP, DEFLATE, OR REMOVE ENTIRELY. WITH VARY ACCEPT-ENCODING
# VARNISH WILL CREATE SEPARATE CACHES FOR EACH
# DO NOT ACCEPT-ENCODING IMAGES, ZIPPED FILES, AUDIO, ETC.
# ##########################################################
if (req.http.Accept-Encoding ) {
if (req.url ~ "\. (jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$" ) {
# No point in compressing these
remove req.http.Accept-Encoding ;
} elsif (req.http.Accept-Encoding ~ "gzip" ) {
set req.http.Accept-Encoding = "gzip" ;
} elsif (req.http.Accept-Encoding ~ "deflate" ) {
set req.http.Accept-Encoding = "deflate" ;
} else {
# unknown algorithm
remove req.http.Accept-Encoding ;
}
}
# IF THIS IS A PURGE REQUEST, THEN CHECK THE IPS SET ABOVE
# BLOCK IF NOT ONE OF THOSE IPS
# ##########################################################
if (req.request == "PURGE" ) {
if ( ! client.ip ~ purge ) {
error 405 "Not allowed." ;
}
return (lookup );
}
# PIPE ALL NON-STANDARD REQUESTS
# ##########################################################
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE" ) {
return (pipe);
}
# ONLY CACHE GET AND HEAD REQUESTS
# ##########################################################
if (req.request != "GET" && req.request != "HEAD" ) {
return (pass );
}
# OPTIONAL: DO NOT CACHE LOGGED IN USERS and CARTS
# ##########################################################
if ( req.http.cookie ~ "wordpress_logged_in|resetpass" ) {
return ( pass );
}
if (req.url ~ "/wp-(login|admin|cron)|wc-api|cart|my-account|checkout|addons|administrator|resetpass|\? wc-ajax=get_refreshed_fragments" ) {
# Don't cache, pass to backend
return (pass );
}
if ( req.url ~ "\? add-to-cart=" ) {
return (pass );
}
#fixed non AJAX cart problem, may need to add wp_woocommerce_session_
if (req.http.cookie ~ "woocommerce_(cart|session)" ) {
return (lookup );
}
if (! req.url ~ "/wp-(login|admin|cron)|wc-api|cart|my-account|checkout|addons|administrator|resetpass" ) {
# Don't cache, pass to backend
unset req.http.cookie ;
}
# This is for phpmyadmin
if (req.http.Host == "pmadomain.com" ) {
return (pass );
}
# IF YOU GET HERE THEN THIS REQUEST SHOULD BE CACHED
# ##########################################################
return (lookup );
}
sub vcl_hash {
#this is to store cache based on PHPSESSID or woocommerce cookie so cart doesn't show 0
if (req.http.cookie ) {
hash_data(req.http.cookie );
}
#fix flexible ssl css
if (req.http.x-forwarded-proto ) {
hash_data(req.http.x-forwarded-proto );
}
}
# HIT FUNCTION
# ##########################################################
sub vcl_hit {
# IF THIS IS A PURGE REQUEST THEN DO THE PURGE
# ##########################################################
if (req.request == "PURGE" ) {
purge;
error 200 "Purged." ;
}
return (deliver );
}
# MISS FUNCTION
# ##########################################################
sub vcl_miss {
if (req.request == "PURGE" ) {
purge;
error 200 "Purged." ;
}
return (fetch );
}
# FETCH FUNCTION
# ##########################################################
sub vcl_fetch {
# I SET THE VARY TO ACCEPT-ENCODING, THIS OVERRIDES W3TC
# TENDANCY TO SET VARY USER-AGENT. YOU MAY OR MAY NOT WANT
# TO DO THIS
# ##########################################################
set beresp.http.Vary = "Accept-Encoding" ;
# You may need to add other locations like membership sites here, 302 is necessary if you use redirect to cart
# ##########################################################
if (! (req.url ~ "wp-(login|admin)|wc-api|resetpass|cart|checkout|my-account|\? wc-ajax=get_refreshed_fragments" ) &&
! req.http.cookie ~ "wordpress_logged_in|resetpass" &&
! beresp.status == 302 ) {
unset beresp.http.set-cookie ;
set beresp.ttl = 1w ;
set beresp.grace = 3d ;
}
if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*" ) {
set beresp.ttl = 120 s ;
return (hit_for_pass );
}
return (deliver );
}
# DELIVER FUNCTION #
##########################################################
sub vcl_deliver {
# IF THIS PAGE IS ALREADY CACHED THEN RETURN A 'HIT' TEXT
# IN THE HEADER (GREAT FOR DEBUGGING)
# ##########################################################
if (obj.hits > 0 ) {
set resp.http.X-Cache = "HIT" ;
# IF THIS IS A MISS RETURN THAT IN THE HEADER
# ##########################################################
} else {
set resp.http.X-Cache = "MISS" ;
}
}
lukecav revised this gist