including know basic good options to improve setup

consider updating package version from 0.8 to anything else to be easier to see at pfsense package manager
author: marcelloc <marcellocoutinho@gmail.com> 2011-07-20 13:42:03 -0700
committer: marcelloc <marcellocoutinho@gmail.com> 2011-07-20 13:42:03 -0700
commit: 71653b200753424219592fb701e129adfeb855ae (patch)
tree: 648909c832046197b8c9c814573294a715751d79 /config/varnish64
parent: 9e803fe55fc25491701933f9744651c7f0d7550f (diff)
download: pfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.gz
pfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.bz2
pfsense-packages-71653b200753424219592fb701e129adfeb855ae.zip
1 files changed, 64 insertions, 22 deletions
diff --git a/config/varnish64/varnish.inc b/config/varnish64/varnish.inc
index 1322cd9d..2b4a6f6e 100644
--- a/config/varnish64/varnish.inc
+++ b/config/varnish64/varnish.inc
@@ -308,6 +308,69 @@ function sync_package_varnish() {
 			if($vcl['vcl_pipe_late']) 
 				$vcl_pipe_late = $vcl['vcl_pipe_late'];
 		}
+		$vcl_recv_basic='#BASIC VCL RULES'."\n";
+		foreach($config['installedpackages']['varnishsettings']['config'] as $vcl) {
+                        if($vcl['sessioncache']){
+                                $vcl_recv_basic.="\t#Disable session cache\n";
+                                $vcl_recv_basic.="\t".'if (req.http.Cookie && req.http.Cookie ~ "(JSESSION|PHPSESSID)"){return(pass);}'."\n";
+                                $vcl_recv_basic.="\t".'if (req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache"){return(pass);}'."\n\n";
+                                }
+                        if($vcl['postcache']){
+                                $vcl_recv_basic.="\t#Disable post cache\n";
+                                $vcl_recv_basic.="\t".'if (req.request == "POST"){return(pass);}'."\n\n";
+                                }
+                        if($vcl['imagecache']){
+                                $vcl_recv_basic.="\t#Enable image cache\n";
+                                $vcl_recv_basic.="\t".'if (req.request=="GET" && req.url ~ "\.(css|js|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf)$") {remove req.http.cookie;return(lookup);}' ."\n\n";
+                                }
+                        if($vcl['fixgzip']){
+                                $vcl_recv_basic.="\t#Fix gzip compression\n";
+                                $vcl_recv_basic.="\t".'if (req.http.Accept-Encoding) {'."\n";
+                                $vcl_recv_basic.="\t".'if (req.url ~ "\.(gif|jpg|jpeg|bmp|png|ico|img|tga|wmf|gz|tgz|bz2|tbz|mp3|ogg)$") {remove req.http.Accept-Encoding;}'."\n";
+                                $vcl_recv_basic.="\t".'else if (req.http.Accept-Encoding ~ "gzip") {set req.http.Accept-Encoding = "gzip";}'."\n";
+                                $vcl_recv_basic.="\t".'else if (req.http.Accept-Encoding ~ "deflate") {set req.http.Accept-Encoding = "deflate";}'."\n";
+                                $vcl_recv_basic.="\t".'else {remove req.http.Accept-Encoding;}}'."\n\n";
+                                }
+                        if($vcl['rfc2616']){
+                                $vcl_recv_basic.="\t#Be rfc2616 compliant\n";
+                                $vcl_recv_basic.="\t".'if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" &&'."\n";
+                                $vcl_recv_basic.="\t".'    req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {return(pipe);}'."\n\n";
+                                }
+if($vcl['xforward']){
+                                $vcl_recv_basic.="\t#set X-forward\n";
+                                switch ($vcl['xforward']){
+                                        case 'set':
+                                                $vcl_recv_basic.="\t".'set req.http.X-Forwarded-For = client.ip;'."\n\n";
+                                        break;
+                                        case 'append':
+                                                $vcl_recv_basic.="\t".'set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip;'."\n\n";
+                                        break;
+                                        case 'create':
+                                                $vcl_recv_basic.="\t".'set req.http.X-Forwarded-Varnish = client.ip;'."\n\n";
+                                        break;
+                                        case 'unset':
+                                                $vcl_recv_basic.="\t".'unset req.http.X-Forwarded-For;'."\n\n";
+                                        break;
+                                        }
+                                }
+                        if($vcl['clientbalance']){
+                                $vcl_recv_basic.="\t#set client balance identity\n";
+                                switch ($vcl['clientbalance']){
+                                        case 'url':
+                                                $vcl_recv_basic.="\t".'set client.identity = req.url;'."\n\n";
+                                        break;
+                                        case 'ip':
+                                                $vcl_recv_basic.="\t".'set client.identity = client.ip;'."\n\n";
+                                        break;
+                                        case 'agent':
+                                                $vcl_recv_basic.="\t".'set client.identity = req.http.user-agent;'."\n\n";
+                                        break;
+                                        }
+                                }
+                        if($vcl['htmlerror'] && !$errorvcl){
+                                $errorvcl=$vcl['htmlerror'];
+                                }
+		}
 	}
 
 	if(!$errorvcl) 
@@ -369,28 +432,7 @@ sub vcl_error {
 
 sub vcl_recv {
 	{$vcl_recv_early}
-	# If the client sent an X-Forwarded-For header, remove it. 
-	# It cannot betrusted.
-	unset req.http.X-Forwarded-For;
-	# Note that we don't need to add the client ip to the X-Forwarded-For 
-	# header, varnish will do that for us
-	if (req.http.Accept-Encoding) {
-		# Handle compression correctly. Varnish treats headers literally
-		# not semantically. So it is very well possible that there are
-		# cache misses because the headers sent by different browsers
-		# aren't the same.
-		# @see: http:// varnish.projects.linpro.no/wiki/FAQ/Compression
-		if (req.http.Accept-Encoding ~ "gzip") {
-			# if the browser supports it, we'll use gzip
-			set req.http.Accept-Encoding = "gzip";
-		} elsif (req.http.Accept-Encoding ~ "deflate") {
-			# next, try deflate if it is supported
-			set req.http.Accept-Encoding = "deflate";
-		} else {
-			# unknown algorithm. Probably junk, remove it
-			unset req.http.Accept-Encoding;
-		}
-	}
+	{$vcl_recv_basic}
 	{$urlmappings}
 	{$vcl_recv_late}
 	if (req.request != "GET" && req.request != "HEAD") {
author	marcelloc <marcellocoutinho@gmail.com>	2011-07-20 13:42:03 -0700
committer	marcelloc <marcellocoutinho@gmail.com>	2011-07-20 13:42:03 -0700
commit	71653b200753424219592fb701e129adfeb855ae (patch)
tree	648909c832046197b8c9c814573294a715751d79 /config/varnish64
parent	9e803fe55fc25491701933f9744651c7f0d7550f (diff)
download	pfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.gz pfsense-packages-71653b200753424219592fb701e129adfeb855ae.tar.bz2 pfsense-packages-71653b200753424219592fb701e129adfeb855ae.zip