backend_round_robin rr { set backend.set = { { "xx.xx.xx.xx", "http" } { "xx.xx.xx.xx", "http" } }; } acl purge { "localhost"; "127.0.0.1"; } # Caching mime types sub vcl_recv { if (req.http.host ~ "example.com") { req.backend = rr; } if (req.request == "GET" && req.url ~ "\.(css|gif|jpg|png|js|bmp|flv|jpeg|ico|mp3|mp4)$") { lookup; } /* Do not cache if request is not GET or HEAD */ if (req.request != "GET" && req.request != "HEAD") { /* Forward to 'lookup' if request is an authorized PURGE request */ if (req.request == "PURGE") { if (!client.ip ~ purge) { error 405 "Not allowed."; } lookup; } pipe ; } /* Do not cache if request contains an Expect header */ if (req.http.Expect) { pipe ; } /* Varnish doesn't do INM requests so pass it through */ if (req.http.If-None-Match) { pass; } /* Do not cache when authenticated via HTTP Basic or Digest Authentication */ if (req.http.Authenticate || req.http.Authorization) { pipe ; } /* Do not cache when authenticated via "__ac" cookies */ if (req.http.Cookie && req.http.Cookie ~ "__ac_(name|password|persistent)=") { pipe; } if (req.http.Cache-Control ~ "no-cache") { pass; } if (req.url ~ "account.login") { pipe ; } lookup; } sub vcl_fetch { # force minimum ttl of 300 seconds if (obj.ttl < 300s) { set obj.ttl = 300s; } } # Do the PURGE thing sub vcl_hit { if (req.request == "PURGE") { set obj.ttl = 0s; error 200 "Purged"; } } sub vcl_miss { /* Varnish doesn't do IMS to backend, so if not in cache just pass it through */ if (req.http.If-Modified-Since) { pass; } if (req.request == "PURGE") { error 404 "Not in cache"; } }