coresh · October 21, 2024 07:23 · Sep 30, 2024 · Sep 19, 2024 · Sep 19, 2024 · Sep 19, 2024
diff --git a/varnish6.vcl b/varnish6.vcl
@@ -100,8 +100,8 @@ sub vcl_recv {
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects
-    if (req.url ~ "(\?|&)(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+(){}%.]+&?", "");
+    if (req.url ~ "(\?|&)(_branch_match_id|srsltid|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
+        set req.url = regsuball(req.url, "(_branch_match_id|srsltid|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+(){}%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -24,6 +24,11 @@ acl purge {
 }
 
 sub vcl_recv {
+    # Add support for Prismic preview functionality
+    if (req.http.Cookie ~ "io.prismic.preview") {
+        return (pass);
+    }
+
     # Remove empty query string parameters
     # e.g.: www.example.com/index.html?    
     if (req.url ~ "\?$") {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -96,7 +96,7 @@ sub vcl_recv {
 
     # Remove all marketing get parameters to minimize the cache objects
     if (req.url ~ "(\?|&)(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
+        set req.url = regsuball(req.url, "(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+(){}%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -95,8 +95,8 @@ sub vcl_recv {
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects
-    if (req.url ~ "(\?|&)(gbraid|gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(gbraid|gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
+    if (req.url ~ "(\?|&)(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
+        set req.url = regsuball(req.url, "(_branch_match_id|_bta_c|_bta_tid|_ga|_gl|_ke|_kx|campid|cof|customid|cx|dclid|dm_i|ef_id|epik|fbclid|gad_source|gbraid|gclid|gclsrc|gdffi|gdfms|gdftrk|hsa_acc|hsa_ad|hsa_cam|hsa_grp|hsa_kw|hsa_mt|hsa_net|hsa_src|hsa_tgt|hsa_ver|ie|igshid|irclickid|matomo_campaign|matomo_cid|matomo_content|matomo_group|matomo_keyword|matomo_medium|matomo_placement|matomo_source|mc_cid|mc_eid|mkcid|mkevt|mkrid|mkwid|msclkid|mtm_campaign|mtm_cid|mtm_content|mtm_group|mtm_keyword|mtm_medium|mtm_placement|mtm_source|nb_klid|ndclid|origin|pcrid|piwik_campaign|piwik_keyword|piwik_kwd|pk_campaign|pk_keyword|pk_kwd|redirect_log_mongo_id|redirect_mongo_id|rtid|sb_referer_host|ScCid|si|siteurl|s_kwcid|sms_click|sms_source|sms_uph|toolid|trk_contact|trk_module|trk_msg|trk_sid|ttclid|twclid|utm_campaign|utm_content|utm_creative_format|utm_id|utm_marketing_tactic|utm_medium|utm_source|utm_source_platform|utm_term|wbraid|yclid|zanpid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -48,7 +48,7 @@ sub vcl_recv {
     # Reduce grace to the configured setting if the backend is healthy
     # In case of an unhealthy backend, the original grace is used
     if (std.healthy(req.backend_hint)) {
-        set req.grace = /* {{ grace }} */s;
+        set req.grace = /* {{ grace_period }} */s;
     }
 
     if (req.method == "PURGE") {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -95,8 +95,8 @@ sub vcl_recv {
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects
-    if (req.url ~ "(\?|&)(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
+    if (req.url ~ "(\?|&)(gbraid|gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
+        set req.url = regsuball(req.url, "(gbraid|gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -95,8 +95,8 @@ sub vcl_recv {
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects
-    if (req.url ~ "(\?|&)(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
+    if (req.url ~ "(\?|&)(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
+        set req.url = regsuball(req.url, "(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|nb_klid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -95,8 +95,8 @@ sub vcl_recv {
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects
-    if (req.url ~ "(\?|&)(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
-        set req.url = regsuball(req.url, "(gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
+    if (req.url ~ "(\?|&)(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=") {
+        set req.url = regsuball(req.url, "(gad_source|gclid|cx|_kx|ie|cof|siteurl|zanpid|origin|fbclid|mc_[a-z]+|utm_[a-z]+|_bta_[a-z]+)=[-_A-z0-9+()%.]+&?", "");
         set req.url = regsub(req.url, "[?|&]+$", "");
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -41,7 +41,7 @@ sub vcl_recv {
     unset req.http.proxy;
 
     # Add X-Forwarded-Proto header when using https
-    if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443) || std.port(server.ip) == 8443)) {
+    if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443 || std.port(server.ip) == 8443)) {
         set req.http.X-Forwarded-Proto = "https";
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -40,8 +40,8 @@ sub vcl_recv {
     # See https://httpoxy.org/    
     unset req.http.proxy;
 
-    # Add X-Forwarded-Proto header when using https as a fallback
-    if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443)) {
+    # Add X-Forwarded-Proto header when using https
+    if (!req.http.X-Forwarded-Proto && (std.port(server.ip) == 443) || std.port(server.ip) == 8443)) {
         set req.http.X-Forwarded-Proto = "https";
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -145,36 +145,40 @@ sub vcl_backend_response {
 	# Perform asynchronous revalidation while stale content is served
     set beresp.grace = 3d;
 
+    # All text-based content can be parsed as ESI
     if (beresp.http.content-type ~ "text") {
         set beresp.do_esi = true;
     }
 
+    # Allow GZIP compression on all JavaScript files and all text-based content
     if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
         set beresp.do_gzip = true;
     }
-
+
+    # Add debug headers
     if (beresp.http.X-Magento-Debug) {
         set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
     }
 
-    # cache only successfully responses and 404s that are not marked as private
-    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "no-cache|no-store|private") {
+    # Only cache HTTP 200 and HTTP 404 responses
+    if (beresp.status != 200 && beresp.status != 404) {
+        set beresp.ttl = 120s;
         set beresp.uncacheable = true;
-        set beresp.ttl = 86400s;
         return (deliver);
     }
-
-    # validate if we need to cache it and prevent from setting cookie
-    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
-        unset beresp.http.set-cookie;
-    }
-
-    # If the cache key in the Magento response doesn't match (which happens for example after user logs in, or changes store, or changes currency) the one that was sent in the request, don't cache under the request's key
+
+    # Don't cache if the request cache ID doesn't match the response cache ID for graphql requests
     if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;
        return (deliver);
     }
+
+    # Remove the Set-Cookie header for cacheable content
+    # Only for HTTP GET & HTTP HEAD requests
+    if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
+        unset beresp.http.Set-Cookie;
+    }
 }
 
 sub vcl_deliver {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -145,32 +145,35 @@ sub vcl_backend_response {
 	# Perform asynchronous revalidation while stale content is served
     set beresp.grace = 3d;
 
-    # All text-based content can be parsed as ESI
     if (beresp.http.content-type ~ "text") {
         set beresp.do_esi = true;
     }
 
-    # Allow GZIP compression on all JavaScript files and all text-based content
     if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
         set beresp.do_gzip = true;
     }
-
-    # Add debug headers
+
     if (beresp.http.X-Magento-Debug) {
         set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
     }
 
-    # Only cache HTTP 200 and HTTP 404 responses
-    if (beresp.status != 200 && beresp.status != 404) {
-        set beresp.ttl = 120s;
+    # cache only successfully responses and 404s that are not marked as private
+    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "no-cache|no-store|private") {
         set beresp.uncacheable = true;
+        set beresp.ttl = 86400s;
         return (deliver);
     }
 
-    # Remove the Set-Cookie header for cacheable content
-    # Only for HTTP GET & HTTP HEAD requests
+    # validate if we need to cache it and prevent from setting cookie
     if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
-        unset beresp.http.Set-Cookie;
+        unset beresp.http.set-cookie;
+    }
+
+    # If the cache key in the Magento response doesn't match (which happens for example after user logs in, or changes store, or changes currency) the one that was sent in the request, don't cache under the request's key
+    if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
+       set beresp.ttl = 120s;
+       set beresp.uncacheable = true;
+       return (deliver);
     }
 }
 
@@ -201,4 +204,4 @@ sub vcl_deliver {
     unset resp.http.X-Varnish;
     unset resp.http.Via;
     unset resp.http.Link;
-}
+}
diff --git a/varnish6.vcl b/varnish6.vcl
@@ -145,35 +145,32 @@ sub vcl_backend_response {
 	# Perform asynchronous revalidation while stale content is served
     set beresp.grace = 3d;
 
+    # All text-based content can be parsed as ESI
     if (beresp.http.content-type ~ "text") {
         set beresp.do_esi = true;
     }
 
+    # Allow GZIP compression on all JavaScript files and all text-based content
     if (bereq.url ~ "\.js$" || beresp.http.content-type ~ "text") {
         set beresp.do_gzip = true;
     }
-
+
+    # Add debug headers
     if (beresp.http.X-Magento-Debug) {
         set beresp.http.X-Magento-Cache-Control = beresp.http.Cache-Control;
     }
 
-    # cache only successfully responses and 404s that are not marked as private
-    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "no-cache|no-store|private") {
+    # Only cache HTTP 200 and HTTP 404 responses
+    if (beresp.status != 200 && beresp.status != 404) {
+        set beresp.ttl = 120s;
         set beresp.uncacheable = true;
-        set beresp.ttl = 86400s;
         return (deliver);
     }
 
-    # validate if we need to cache it and prevent from setting cookie
+    # Remove the Set-Cookie header for cacheable content
+    # Only for HTTP GET & HTTP HEAD requests
     if (beresp.ttl > 0s && (bereq.method == "GET" || bereq.method == "HEAD")) {
-        unset beresp.http.set-cookie;
-    }
-
-    # If the cache key in the Magento response doesn't match (which happens for example after user logs in, or changes store, or changes currency) the one that was sent in the request, don't cache under the request's key
-    if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
-       set beresp.ttl = 120s;
-       set beresp.uncacheable = true;
-       return (deliver);
+        unset beresp.http.Set-Cookie;
     }
 }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -1,3 +1,4 @@
+# A number of these changes come form the following PR's; , combines changes in https://github.com/magento/magento2/pull/29360, https://github.com/magento/magento2/pull/28944 and https://github.com/magento/magento2/pull/28894, https://github.com/magento/magento2/pull/35228, https://github.com/magento/magento2/pull/36524, https://github.com/magento/magento2/pull/34323
 # VCL version 5.0 is not supported so it should be 4.0 even though actually used Varnish version is 6
 vcl 4.1;
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -157,7 +157,7 @@ sub vcl_backend_response {
     }
 
     # cache only successfully responses and 404s that are not marked as private
-    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "private") {
+    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "no-cache|no-store|private") {
         set beresp.uncacheable = true;
         set beresp.ttl = 86400s;
         return (deliver);

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -157,7 +157,7 @@ sub vcl_backend_response {
     }
 
     # cache only successfully responses and 404s that are not marked as private
-    if (beresp.status != 200 && beresp.status != 404) {
+    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "private") {
         set beresp.uncacheable = true;
         set beresp.ttl = 86400s;
         return (deliver);

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -157,7 +157,7 @@ sub vcl_backend_response {
     }
 
     # cache only successfully responses and 404s that are not marked as private
-    if ((beresp.status != 200 && beresp.status != 404) || beresp.http.Cache-Control ~ "private") {
+    if (beresp.status != 200 && beresp.status != 404) {
         set beresp.uncacheable = true;
         set beresp.ttl = 86400s;
         return (deliver);

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -140,6 +140,8 @@ sub vcl_hash {
 }
 
 sub vcl_backend_response {
+	# Serve stale content for three days after object expiration
+	# Perform asynchronous revalidation while stale content is served
     set beresp.grace = 3d;
 
     if (beresp.http.content-type ~ "text") {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -125,9 +125,6 @@ sub vcl_hash {
 
     # To make sure http users don't see ssl warning
     hash_data(req.http./* {{ ssl_offloaded_header }} */);
-
-    # Create cache variations depending on the request protocol when mixed mode is used
-    hash_data(req.http.X-Forwarded-Proto);
 
     /* {{ design_exceptions_code }} */
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -119,7 +119,7 @@ sub vcl_recv {
 }
 
 sub vcl_hash {
-    if ((req.url !~ "/graphql" || !req.http.X-Magento-Cache-Id) && req.http.cookie ~ "X-Magento-Vary=") {
+    if (req.url !~ "/graphql" && req.http.cookie ~ "X-Magento-Vary=") {
         hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -110,8 +110,8 @@ sub vcl_recv {
         #unset req.http.Cookie;
     }
 
-    # Bypass authenticated GraphQL requests without a X-Magento-Cache-Id
-    if (req.url ~ "/graphql" && !req.http.X-Magento-Cache-Id && req.http.Authorization ~ "^Bearer") {
+    # Don't cache the authenticated GraphQL requests
+    if (req.url ~ "/graphql" && req.http.Authorization ~ "^Bearer") {
         return (pass);
     }
 
@@ -134,11 +134,6 @@ sub vcl_hash {
     if (req.url ~ "/graphql") {
         if (req.http.X-Magento-Cache-Id) {
             hash_data(req.http.X-Magento-Cache-Id);
-
-            # When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
-            if (req.http.Authorization ~ "^Bearer") {
-                hash_data("Authorized");
-            }
         } else {
             # if no X-Magento-Cache-Id (which already contains Store & Currency) is not set, use the HTTP headers
             hash_data(req.http.Store);

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -174,7 +174,7 @@ sub vcl_backend_response {
         unset beresp.http.set-cookie;
     }
 
-    # If the cache key in the Magento response doesn't match the one that was sent in the request, don't cache under the request's key
+    # If the cache key in the Magento response doesn't match (which happens for example after user logs in, or changes store, or changes currency) the one that was sent in the request, don't cache under the request's key
     if (bereq.url ~ "/graphql" && bereq.http.X-Magento-Cache-Id && bereq.http.X-Magento-Cache-Id != beresp.http.X-Magento-Cache-Id) {
        set beresp.ttl = 120s;
        set beresp.uncacheable = true;

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -132,23 +132,19 @@ sub vcl_hash {
     /* {{ design_exceptions_code }} */
 
     if (req.url ~ "/graphql") {
-        call process_graphql_headers;
-    }
-}
-
-sub process_graphql_headers {
-    if (req.http.X-Magento-Cache-Id) {
-        hash_data(req.http.X-Magento-Cache-Id);
-
-        # When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
-        if (req.http.Authorization ~ "^Bearer") {
-            hash_data("Authorized");
+        if (req.http.X-Magento-Cache-Id) {
+            hash_data(req.http.X-Magento-Cache-Id);
+
+            # When the frontend stops sending the auth token, make sure users stop getting results cached for logged-in users
+            if (req.http.Authorization ~ "^Bearer") {
+                hash_data("Authorized");
+            }
+        } else {
+            # if no X-Magento-Cache-Id (which already contains Store & Currency) is not set, use the HTTP headers
+            hash_data(req.http.Store);
+            hash_data(req.http.Content-Currency);
         }
     }
-
-    hash_data(req.http.Store);
-
-    hash_data(req.http.Content-Currency);
 }
 
 sub vcl_backend_response {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -44,10 +44,10 @@ sub vcl_recv {
         set req.http.X-Forwarded-Proto = "https";
     }
 
-    # Reduce grace to 300s if the backend is healthy
+    # Reduce grace to the configured setting if the backend is healthy
     # In case of an unhealthy backend, the original grace is used
     if (std.healthy(req.backend_hint)) {
-        set req.grace = 300s;
+        set req.grace = /* {{ grace }} */s;
     }
 
     if (req.method == "PURGE") {

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -90,9 +90,6 @@ sub vcl_recv {
         return (pass);
     }
 
-    # normalize url in case of leading HTTP scheme and domain
-    set req.url = regsub(req.url, "^http[s]?://", "");
-
     # Collapse multiple cookie headers into one
     std.collect(req.http.Cookie);
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -93,7 +93,7 @@ sub vcl_recv {
     # normalize url in case of leading HTTP scheme and domain
     set req.url = regsub(req.url, "^http[s]?://", "");
 
-    # collect all cookies
+    # Collapse multiple cookie headers into one
     std.collect(req.http.Cookie);
 
     # Remove all marketing get parameters to minimize the cache objects

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -90,9 +90,6 @@ sub vcl_recv {
         return (pass);
     }
 
-    # Set initial grace period usage status
-    set req.http.grace = "none";
-
     # normalize url in case of leading HTTP scheme and domain
     set req.url = regsub(req.url, "^http[s]?://", "");
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -58,7 +58,7 @@ sub vcl_recv {
         # has been added to the response in your backend server config. This is used, for example, by the
         # capistrano-magento2 gem for purging old content from varnish during it's deploy routine.
         if (!req.http.X-Magento-Tags-Pattern && !req.http.X-Pool) {
-            return (synth(400, "X-Magento-Tags-Pattern or X-Pool header required"));
+            return (purge);
         }
         if (req.http.X-Magento-Tags-Pattern) {
           ban("obj.http.X-Magento-Tags ~ " + req.http.X-Magento-Tags-Pattern);

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -77,7 +77,6 @@ sub vcl_recv {
         req.method != "TRACE" &&
         req.method != "OPTIONS" &&
         req.method != "DELETE") {
-          /* Non-RFC2616 or CONNECT which is weird. */
           return (pipe);
     }
 

diff --git a/varnish6.vcl b/varnish6.vcl
@@ -73,6 +73,7 @@ sub vcl_recv {
         req.method != "HEAD" &&
         req.method != "PUT" &&
         req.method != "POST" &&
+        req.method != "PATCH" &&
         req.method != "TRACE" &&
         req.method != "OPTIONS" &&
         req.method != "DELETE") {
No results found