aboutsummaryrefslogtreecommitdiffstats
path: root/config/varnish64
diff options
context:
space:
mode:
authormarcelloc <marcellocoutinho@gmail.com>2011-07-20 13:42:03 -0700
committermarcelloc <marcellocoutinho@gmail.com>2011-07-20 13:42:03 -0700
commit71653b200753424219592fb701e129adfeb855ae (patch)
tree648909c832046197b8c9c814573294a715751d79 /config/varnish64
parent9e803fe55fc25491701933f9744651c7f0d7550f (diff)
downloadpfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.gz
pfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.bz2
pfsense-packages-71653b200753424219592fb701e129adfeb855ae.zip
including know basic good options to improve setup
consider updating package version from 0.8 to anything else to be easier to see at pfsense package manager
Diffstat (limited to 'config/varnish64')
-rw-r--r--config/varnish64/varnish.inc86
1 files changed, 64 insertions, 22 deletions
diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc
index 1322cd9d..2b4a6f6e 100644
--- a/config/varnish64/varnish.inc
+++ b/config/varnish64/varnish.inc
@@ -308,6 +308,69 @@ function sync_package_varnish() {
if($vcl['vcl_pipe_late'])
$vcl_pipe_late = $vcl['vcl_pipe_late'];
}
+ $vcl_recv_basic='#BASIC VCL RULES'."\n";
+ foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) {
+ if($vcl['sessioncache']){
+ $vcl_recv_basic.="\t#Disable session cache\n";
+ $vcl_recv_basic.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|PHPSESSID)"){return(pass);}'."\n";
+ $vcl_recv_basic.="\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache"){return(pass);}'."\n\n";
+ }
+ if($vcl['postcache']){
+ $vcl_recv_basic.="\t#Disable post cache\n";
+ $vcl_recv_basic.="\t".'if (req.request == "POST"){return(pass);}'."\n\n";
+ }
+ if($vcl['imagecache']){
+ $vcl_recv_basic.="\t#Enable image cache\n";
+ $vcl_recv_basic.="\t".'if (req.request=="GET" && req.url ~ "\.(css|js|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf)$") {remove req.http.cookie;return(lookup);}' ."\n\n";
+ }
+ if($vcl['fixgzip']){
+ $vcl_recv_basic.="\t#Fix gzip compression\n";
+ $vcl_recv_basic.="\t".'if (req.http.Accept-Encoding) {'."\n";
+ $vcl_recv_basic.="\t".'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|gz|tgz|bz2|tbz|mp3|ogg)$") {remove req.http.Accept-Encoding;}'."\n";
+ $vcl_recv_basic.="\t".'else if (req.http.Accept-Encoding ~ "gzip") {set req.http.Accept-Encoding = "gzip";}'."\n";
+ $vcl_recv_basic.="\t".'else if (req.http.Accept-Encoding ~ "deflate") {set req.http.Accept-Encoding = "deflate";}'."\n";
+ $vcl_recv_basic.="\t".'else {remove req.http.Accept-Encoding;}}'."\n\n";
+ }
+ if($vcl['rfc2616']){
+ $vcl_recv_basic.="\t#Be rfc2616 compliant\n";
+ $vcl_recv_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" &&'."\n";
+ $vcl_recv_basic.="\t".' req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n";
+ }
+if($vcl['xforward']){
+ $vcl_recv_basic.="\t#set X-forward\n";
+ switch ($vcl['xforward']){
+ case 'set':
+ $vcl_recv_basic.="\t".'set req.http.X-Forwarded-For = client.ip;'."\n\n";
+ break;
+ case 'append':
+ $vcl_recv_basic.="\t".'set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip;'."\n\n";
+ break;
+ case 'create':
+ $vcl_recv_basic.="\t".'set req.http.X-Forwarded-Varnish = client.ip;'."\n\n";
+ break;
+ case 'unset':
+ $vcl_recv_basic.="\t".'unset req.http.X-Forwarded-For;'."\n\n";
+ break;
+ }
+ }
+ if($vcl['clientbalance']){
+ $vcl_recv_basic.="\t#set client balance identity\n";
+ switch ($vcl['clientbalance']){
+ case 'url':
+ $vcl_recv_basic.="\t".'set client.identity = req.url;'."\n\n";
+ break;
+ case 'ip':
+ $vcl_recv_basic.="\t".'set client.identity = client.ip;'."\n\n";
+ break;
+ case 'agent':
+ $vcl_recv_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n";
+ break;
+ }
+ }
+ if($vcl['htmlerror'] && !$errorvcl){
+ $errorvcl=$vcl['htmlerror'];
+ }
+ }
}
if(!$errorvcl)
@@ -369,28 +432,7 @@ sub vcl_error {
sub vcl_recv {
{$vcl_recv_early}
- # If the client sent an X-Forwarded-For header, remove it.
- # It cannot betrusted.
- unset req.http.X-Forwarded-For;
- # Note that we don't need to add the client ip to the X-Forwarded-For
- # header, varnish will do that for us
- if (req.http.Accept-Encoding) {
- # Handle compression correctly. Varnish treats headers literally
- # not semantically. So it is very well possible that there are
- # cache misses because the headers sent by different browsers
- # aren't the same.
- # @see: http:// varnish.projects.linpro.no/wiki/FAQ/Compression
- if (req.http.Accept-Encoding ~ "gzip") {
- # if the browser supports it, we'll use gzip
- set req.http.Accept-Encoding = "gzip";
- } elsif (req.http.Accept-Encoding ~ "deflate") {
- # next, try deflate if it is supported
- set req.http.Accept-Encoding = "deflate";
- } else {
- # unknown algorithm. Probably junk, remove it
- unset req.http.Accept-Encoding;
- }
- }
+ {$vcl_recv_basic}
{$urlmappings}
{$vcl_recv_late}
if (req.request != "GET" && req.request != "HEAD") {