129 lines
4.9 KiB
Plaintext
129 lines
4.9 KiB
Plaintext
|
#
|
||
|
# Default WordPress config
|
||
|
#
|
||
|
# Much of this taken from:
|
||
|
# https://www.serverlab.ca/tutorials/linux/web-servers-linux/how-to-configure-varnish-4-for-wordpress/
|
||
|
# https://github.com/mattiasgeniar/varnish-6.0-configuration-templates/blob/master/default.vcl
|
||
|
#
|
||
|
sub wordpress {
|
||
|
|
||
|
# Do not cache AJAX requests
|
||
|
if (req.http.X-Requested-With == "XMLHttpRequest") {
|
||
|
return(pass);
|
||
|
}
|
||
|
|
||
|
# Bypass REST API
|
||
|
if (req.url ~ "^/wp-json/") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# Do not cache previews
|
||
|
if (req.url ~ "preview=true") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# Do not cache cron
|
||
|
if (req.url ~ "/wp-cron.php") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# Don't cache uploads. Should only be static files that apache can serve efficiently.
|
||
|
# Use mod_expires via .htaccess so that static files are cached by clients.
|
||
|
if (req.url ~ "/wp-content/uploads/") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# Undecided on these. Disabled for now, keep an eye out for issues.
|
||
|
# # don't cache rss feed
|
||
|
# if (req.url ~ "/feed(/)?") {
|
||
|
# return ( pass );
|
||
|
# }
|
||
|
#
|
||
|
# # Don't cache search results
|
||
|
# if (req.url ~ "/\?s\=") {
|
||
|
# return ( pass );
|
||
|
# }
|
||
|
|
||
|
# Remove the Google Analytics added parameters, not needed by backend
|
||
|
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
|
||
|
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
|
||
|
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
|
||
|
set req.url = regsub(req.url, "\?&", "?");
|
||
|
set req.url = regsub(req.url, "\?$", "");
|
||
|
}
|
||
|
|
||
|
# Strip hash, server doesn't need it.
|
||
|
if (req.url ~ "\#") {
|
||
|
set req.url = regsub(req.url, "\#.*$", "");
|
||
|
}
|
||
|
|
||
|
# Strip a trailing ? if it exists
|
||
|
if (req.url ~ "\?$") {
|
||
|
set req.url = regsub(req.url, "\?$", "");
|
||
|
}
|
||
|
|
||
|
# Normalize the query arguments (but exclude for WordPress' backend)
|
||
|
if (req.url !~ "wp-admin") {
|
||
|
set req.url = std.querysort(req.url);
|
||
|
}
|
||
|
|
||
|
# Remove unneeded WP cookies
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
|
||
|
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-\d+=[^;]+(; )?", "");
|
||
|
set req.http.cookie = regsuball(req.http.cookie, "wp-settings-time-\d+=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove the "has_js" cookie
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove any Google Analytics based cookies
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove DoubleClick cookies
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove the Quant Capital cookies (added by some plugin, all __qca)
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove the AddThis cookies
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
|
||
|
|
||
|
# Remove a ";" prefix in the cookie if present
|
||
|
set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
|
||
|
|
||
|
# Remove any cookies left with only spaces or that are empty
|
||
|
if (req.http.cookie ~ "^ *$") {
|
||
|
unset req.http.cookie;
|
||
|
}
|
||
|
|
||
|
# Remove all cookies for static files and cache now
|
||
|
# Note that we already skipped the 'uploads' dir, so this really only applies to files included in WP Core, Themes & Plugins.
|
||
|
# Could disable skipping of 'uploads' dir to cache all static files. Has potential to fill up varnish cache, but could be useful in some specific cases.
|
||
|
if (std.tolower(req.url) ~ "^[^?]*\.(7z|avi|bmp|bz2|css|csv|doc|docx|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|less|mka|mkv|mov|mp3|mp4|mpeg|mpg|odt|ogg|ogm|opus|otf|pdf|png|ppt|pptx|rar|rtf|svg|svgz|swf|tar|tbz|tgz|ttf|txt|txz|wav|webm|webp|woff|woff2|xls|xlsx|xml|xz|zip)(\?.*)?$") {
|
||
|
unset req.http.Cookie;
|
||
|
return (hash);
|
||
|
}
|
||
|
|
||
|
# Do not cache the admin or login pages
|
||
|
if (req.url ~ "^/wp-admin/|^/wp-login\.php") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# Check for wordpress cookies that should indicate no-cache.
|
||
|
if (req.http.Cookie ~ "wordpress_logged_in_" || req.http.Cookie ~ "comment_" || req.http.Cookie ~ "resetpass") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# check for woocommerce cookies
|
||
|
if (req.http.Cookie ~ "(woocommerce_cart_hash|woocommerce_items_in_cart|wp_woocommerce_session_[a-zA-Z0-9]+)") {
|
||
|
return (pass);
|
||
|
}
|
||
|
|
||
|
# catch-all will run next. if cookie (pass) else (hash)
|
||
|
|
||
|
}
|