fh · October 8, 2015 19:28
diff --git a/post-check.vcl b/post-check.vcl
 if (
      req.http.user-agent ~ "^$"
      || req.http.user-agent ~ "^Java"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; MRA 4.6 (build 01425); .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
      || req.http.user-agent == "Mozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/2008080808 Firefox/3.0"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13"
      || req.http.user-agent == "Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01" 
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
      || req.http.user-agent == "-"
      || req.http.user-agent ~ "^Jakarta"
      || req.http.user-agent ~ "IDBot"
      || req.http.user-agent ~ "^Mozilla/4.0 \(compatible; MSIE 6.0; Windows NT 5.1"
      || req.http.user-agent ~ "id-search"
      || req.http.user-agent ~ "User-Agent"
      || req.http.user-agent ~ "compatible ;"
      || req.http.user-agent ~ "ConveraCrawler"
      || req.http.user-agent ~ "^Mozilla$"
      || req.http.user-agent ~ "libwww"
      || req.http.user-agent ~ "lwp-trivial"
      || req.http.user-agent ~ "curl"
      || req.http.user-agent ~ "PHP/"
      || req.http.user-agent ~ "urllib"
      || req.http.user-agent ~ "GT:WWW"
      || req.http.user-agent ~ "Snoopy"
      || req.http.user-agent ~ "MFC_Tear_Sample"
      || req.http.user-agent ~ "HTTP::Lite"
      || req.http.user-agent ~ "PHPCrawl"
      || req.http.user-agent ~ "URI::Fetch"
      || req.http.user-agent ~ "Zend_Http_Client"
      || req.http.user-agent ~ "http client"
      || req.http.user-agent ~ "PECL::HTTP"
      || req.http.user-agent ~ "panscient.com"
      || req.http.user-agent ~ "IBM EVV"
      || req.http.user-agent ~ "Bork-edition"
      || req.http.user-agent ~ "Fetch API Request"
      || req.http.user-agent ~ "PleaseCrawl"
      || req.http.user-agent ~ "[A-Z][a-z]{3,} [a-z]{4,} [a-z]{4,}"
      || req.http.user-agent ~ "layeredtech.com"
      || req.http.user-agent ~ "WEP Search"
      || req.http.user-agent ~ "Wells Search II"
      || req.http.user-agent ~ "Missigua Locator"
      || req.http.user-agent ~ "ISC Systems iRc Search 2.1"
      || req.http.user-agent ~ "Microsoft URL Control"
      || req.http.user-agent ~ "Indy Library"
      || req.http.user-agent == "8484 Boston Project v 1.0"
      || req.http.user-agent == "Atomic_Email_Hunter/4.0"
      || req.http.user-agent == "atSpider/1.0"
      || req.http.user-agent == "autoemailspider"
      || req.http.user-agent == "China Local Browse 2.6"
      || req.http.user-agent == "ContactBot/0.2"
      || req.http.user-agent == "ContentSmartz"
      || req.http.user-agent == "DataCha0s/2.0"
      || req.http.user-agent == "DataCha0s/2.0"
      || req.http.user-agent == "DBrowse 1.4b"
      || req.http.user-agent == "DBrowse 1.4d"
      || req.http.user-agent == "Demo Bot DOT 16b"
      || req.http.user-agent == "Demo Bot Z 16b"
      || req.http.user-agent == "DSurf15a 01"
      || req.http.user-agent == "DSurf15a 71"
      || req.http.user-agent == "DSurf15a 81"
      || req.http.user-agent == "DSurf15a VA"
      || req.http.user-agent == "EBrowse 1.4b"
      || req.http.user-agent == "Educate Search VxB"
      || req.http.user-agent == "EmailSiphon"
      || req.http.user-agent == "EmailWolf 1.00"
      || req.http.user-agent == "ESurf15a 15"
      || req.http.user-agent == "ExtractorPro"
      || req.http.user-agent == "Franklin Locator 1.8"
      || req.http.user-agent == "FSurf15a 01"
      || req.http.user-agent == "Full Web Bot 0416B"
      || req.http.user-agent == "Full Web Bot 0516B"
      || req.http.user-agent == "Full Web Bot 2816B"
      || req.http.user-agent == "Guestbook Auto Submitter"
      || req.http.user-agent == "Industry Program 1.0.x"
      || req.http.user-agent == "ISC Systems iRc Search 2.1"
      || req.http.user-agent == "IUPUI Research Bot v 1.9a"
      || req.http.user-agent == "LARBIN-EXPERIMENTAL ([email protected])"
      || req.http.user-agent == "LetsCrawl.com/1.0 +http://letscrawl.com/"
      || req.http.user-agent == "Lincoln State Web Browser"
      || req.http.user-agent == "LMQueueBot/0.2"
      || req.http.user-agent == "LWP::Simple/5.803"
      || req.http.user-agent == "Mac Finder 1.0.xx"
      || req.http.user-agent == "MFC Foundation Class Library 4.0"
      || req.http.user-agent == "Microsoft URL Control - 6.00.8xxx"
      || req.http.user-agent == "Missauga Locate 1.0.0"
      || req.http.user-agent == "Missigua Locator 1.9"
      || req.http.user-agent == "Missouri College Browse"
      || req.http.user-agent == "Mizzu Labs 2.2"
      || req.http.user-agent == "Mo College 1.9"
      || req.http.user-agent == "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
      || req.http.user-agent == "Mozilla/2.0 (compatible; NEWT ActiveX; Win32)"
      || req.http.user-agent == "Mozilla/3.0 (compatible; Indy Library)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; Advanced Email Extractor v2.xx)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; Iplexx Spider/1.0 http://www.iplexx.at)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; www.wwsifu.cn)"
      || req.http.user-agent == "Mozilla/4.0 [email protected]"
      || req.http.user-agent == "Mozilla/5.0 (Version: xxxx Type:xx)"
      || req.http.user-agent == "MVAClient"
      || req.http.user-agent == "NameOfAgent (CMS Spider)"
      || req.http.user-agent == "NASA Search 1.0"
      || req.http.user-agent == "Nsauditor/1.x"
      || req.http.user-agent == "PBrowse 1.4b"
      || req.http.user-agent == "PEval 1.4b"
      || req.http.user-agent == "Poirot"
      || req.http.user-agent == "Port Huron Labs"
      || req.http.user-agent == "Production Bot 0116B"
      || req.http.user-agent == "Production Bot 2016B"
      || req.http.user-agent == "Production Bot DOT 3016B"
      || req.http.user-agent == "Program Shareware 1.0.2"
      || req.http.user-agent == "PSurf15a 11"
      || req.http.user-agent == "PSurf15a 51"
      || req.http.user-agent == "PSurf15a VA"
      || req.http.user-agent == "psycheclone"
      || req.http.user-agent == "RSurf15a 41"
      || req.http.user-agent == "RSurf15a 51"
      || req.http.user-agent == "RSurf15a 81"
      || req.http.user-agent == "searchbot [email protected]"
      || req.http.user-agent == "ShablastBot 1.0"
      || req.http.user-agent == "snap.com beta crawler v0"
      || req.http.user-agent == "Snapbot/1.0"
      || req.http.user-agent == "sogou develop spider"
      || req.http.user-agent == "Sogou Orion spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
      || req.http.user-agent == "sogou spider"
      || req.http.user-agent == "Sogou web spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
      || req.http.user-agent == "sohu agent"
      || req.http.user-agent == "SSurf15a 11"
      || req.http.user-agent == "TSurf15a 11"
      || req.http.user-agent == "Under the Rainbow 2.2"
      || req.http.user-agent == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
      || req.http.user-agent == "VadixBot"
      || req.http.user-agent == "WebVulnCrawl.blogspot.com/1.0 libwww-perl/5.803"
      || req.http.user-agent == "Wells Search II"
      || req.http.user-agent == "WEP Search 00"
      || req.http.user-agent == ""
      || req.http.user-agent == "-"

 ) {
      error 403 "Comments disabled";
 }
diff --git a/robots.vcl b/robots.vcl
 if (
      req.http.user-agent ~ "^Java"
      || req.http.user-agent == "Tiny Tiny RSS/1.6.2 (http://tt-rss.org/)" 
      || req.http.user-agent == "Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http://www.majestic12.co.uk/bot.php?+)"
      || req.http.user-agent ~ "AhrefsBot"
      || req.http.user-agent ~ "^Xenu"
      || req.http.user-agent ~ "Scooter"
      || req.http.user-agent ~ "^Jakarta"
      || req.http.user-agent ~ "^Deine"
      || req.http.user-agent ~ "IDBot"
      || req.http.user-agent ~ "yacybot"
      || req.http.user-agent ~ "id-search"
      || req.http.user-agent ~ "User-Agent"
      || req.http.user-agent ~ "compatible ;"
      || req.http.user-agent ~ "ConveraCrawler"
      || req.http.user-agent ~ "^Mozilla$"
      || req.http.user-agent ~ "PHPCrawl"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
      || req.http.user-agent == "Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 7.0; Win32)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0)"
      || req.http.user-agent == "Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.10"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7"
      || req.http.user-agent == "Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.00"
      || req.http.user-agent == "Opera/9.64 (Windows NT 5.1; U; ru) Presto/2.1.1"
      || req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.17) Gecko/2009122116 Firefox/3.0.17"
      || req.http.user-agent == "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
      || req.http.user-agent == "Mozilla/2.0 (compatible; NEWT ActiveX; Win32)"
      || req.http.user-agent == "Mozilla/3.0 (compatible; Indy Library)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; Advanced Email Extractor v2.xx)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; Iplexx Spider/1.0 http://www.iplexx.at)"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent"
      || req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; www.wwsifu.cn)"
      || req.http.user-agent == "Mozilla/4.0 [email protected]"
      || req.http.user-agent == "Mozilla/5.0 (Version: xxxx Type:xx)"
      || req.http.user-agent == "MVAClient"
      || req.http.user-agent == "Port Huron Labs"
      || req.http.user-agent == "Production Bot 0116B"
      || req.http.user-agent == "Production Bot 2016B"
      || req.http.user-agent == "Production Bot DOT 3016B"
      || req.http.user-agent == "Program Shareware 1.0.2"
      || req.http.user-agent == "PSurf15a 11"
      || req.http.user-agent == "PSurf15a 51"
      || req.http.user-agent == "PSurf15a VA"
      || req.http.user-agent == "psycheclone"
      || req.http.user-agent == "RSurf15a 41"
      || req.http.user-agent == "RSurf15a 51"
      || req.http.user-agent == "RSurf15a 81"
      || req.http.user-agent == "searchbot [email protected]"
      || req.http.user-agent == "ShablastBot 1.0"
      || req.http.user-agent == "snap.com beta crawler v0"
      || req.http.user-agent == "Snapbot/1.0"
      || req.http.user-agent == "sogou develop spider"
      || req.http.user-agent == "Sogou Orion spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
      || req.http.user-agent == "sogou spider"
      || req.http.user-agent == "Sogou web spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
      || req.http.user-agent == "sohu agent"
      || req.http.user-agent == "SSurf15a 11"
      || req.http.user-agent == "TSurf15a 11"
      || req.http.user-agent == "Under the Rainbow 2.2"
      || req.http.user-agent == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
      || req.http.user-agent == "VadixBot"
      || req.http.user-agent == "WebVulnCrawl.blogspot.com/1.0 libwww-perl/5.803"
      || req.http.user-agent == "Wells Search II"
      || req.http.user-agent == "WEP Search 00"
 ) {
      error 403 "Disabled";
 }
diff --git a/varnish.vcl b/varnish.vcl
 include "/etc/varnish/chinacidr.vcl";

 backend default {
 	.host = "127.0.0.1";
 	.port = "82";
 }
 sub vcl_recv {
 	if (req.request != "GET" && req.request != "HEAD" && req.request != "POST")  {
 		error 403 "Unknown method";
 	}
 	if (req.url !~ "/feed") {
 		include "/etc/varnish/robots.vcl";
 	}
 	#/index.php/archives/2004/01/24/idealismus/feed/
 	if (req.url ~ "(?i)/index.php/arch.*/feed/") {
 		error 404 "No such feed";
 	}
 	if (req.backend.healthy) {
 		set req.grace = 30s;
 	} else {
 		set req.grace = 1h;
 	}
 	if (req.http.x-forwarded-for) {
 		set req.http.X-Forwarded-For =
 		req.http.X-Forwarded-For + ", " + client.ip;
 	} else {
 		set req.http.X-Forwarded-For = client.ip;
 	}
 	# GOTCHA: Ohne das da gibts nen 411 Lenght required beim kommentieren
 	if (req.request == "POST") {
 		include "/etc/varnish/post-check.vcl";
 		if( client.ip ~ china) {
 			error 403 "Forbidden";
 		}
 		return(pass);
 	}
 	if ((req.url ~ "timthumb.php")) {
 		error 404 "Not found";
 	}
 	if ((req.url ~ "^/m-admin")||(req.url ~ "^/aws/")||(req.url ~ "^/cgi-bin/")) {
 		return (pipe);
 	}
 	if (req.http.Accept-Encoding) {
 		if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
 			# No point in compressing these
 			remove req.http.Accept-Encoding;
 		} elsif (req.http.Accept-Encoding ~ "gzip") {
 			set req.http.Accept-Encoding = "gzip";
 		} elsif (req.http.Accept-Encoding ~ "deflate") {
 			set req.http.Accept-Encoding = "deflate";
 		} else {
 			# unkown algorithm
 			remove req.http.Accept-Encoding;
 		}
 	}
 	if ((req.http.Cookie ~ "wordpress_logged_in") || (req.url ~ "^/wp-admin")) {
 		return (pipe);
 	}
 	if ((req.url ~ "^/wp-(login|admin|cron)")) {
 		return(pass);
 	}
 	return (lookup);
 }

 sub vcl_pipe {
 	set bereq.http.X-pipe = "Pipe";
 	return (pipe);
 } 
 sub vcl_hash {
 	hash_data(req.url);
 	hash_data(req.http.X-Forwarded-Proto);
 	if (req.http.host) {
 		 hash_data( req.http.host);
 	} else {
 		hash_data(server.ip);
 	}
 	return (hash);
 }
 	
 sub vcl_hit {
 	# GOTCHA: Ohne das da gibts nen 411 Lenght required beim kommentieren
 	if (req.request == "POST") {
 	set obj.ttl = 0s;
 		 return(pass);
 	}
 	return (deliver);
 }
 	
 sub vcl_miss {
 	set bereq.http.X-Debugging = "nack";
 	return (fetch);
 }
 	
 sub vcl_fetch {
 	set beresp.grace = 1h; 
 	if (req.http.X-Forwarded-Proto == "https") {
 		set beresp.http.X-ssl = "Yes";
 	}
 	if (req.request == "POST" && req.backend.healthy) {
 		set beresp.http.X-purged = regsub(beresp.http.Location,"\#.*","*");
 		set beresp.http.X-purged = regsub(beresp.http.X-purged,"http://www.lawblog.de","");
 		ban("req.url ~ " + beresp.http.X-purged);
 		unset beresp.http.X-purged;
 	}
 	if (req.http.Cookie ~ "wordpress_logged_in") {	
 	set beresp.ttl = 0s;
 		set beresp.http.X-loggedin = "Yes";
 		return (deliver);
 	}
 	set beresp.http.Cache-Control = "max-age=240";
 	set beresp.ttl = 2h;
 	if (req.url ~ "wp-admin") {
 		set beresp.http.Cache-Control = "max-age=0";
 		set beresp.ttl = 0s;
 	}
 	if (req.url ~ "^/index.php/archives/201") {
 		set beresp.ttl = 120s;
 		set beresp.http.X-twentyten = "Yes";
 		set beresp.http.Cache-Control = "no-cache";
 	}
 	if (req.url ~ "^/index.php/archives/200") {
 		set beresp.http.X-twentyten = "No";
 		set beresp.http.Cache-Control = "max-age=3600";
 		set beresp.ttl = 3h;
 		unset beresp.http.set-cookie;
 	}
 	if (req.url ~ "^/$") {
 		set beresp.http.Cache-Control = "max-age=1200";
 		set beresp.ttl = 60s;
 		unset beresp.http.set-cookie;
 	}
 	if (req.http.host ~ "^lawblog\.de") {
 		set beresp.http.Cache-Control = "max-age=18140000";
 		set beresp.ttl = 1w;
 		unset beresp.http.set-cookie;
 	}
 	if (req.url ~ "\.js\?v") {
 		set beresp.http.Cache-Control = "max-age=18140000";
 		set beresp.ttl = 1m;
 		unset beresp.http.set-cookie;
 	}
 	if (req.url ~ "\.(ico|txt|png|gif|jpg|swf|css|js)$") {
 		unset beresp.http.expires;
 		set beresp.http.Cache-Control = "max-age=18140000";
 		set beresp.ttl = 1w;
 		unset beresp.http.set-cookie;
 	}
 	if (req.url ~ "(feed)") {
 		set beresp.http.Cache-Control = "max-age=600";
 		set beresp.ttl = 180s;
 		unset beresp.http.set-cookie;
 	}
 	if (req.request == "POST") {
 		set beresp.ttl = 0s;
 		unset beresp.http.Cache-Control;
 	}
 	if (beresp.status != 200 && beresp.status != 301 && beresp.status != 302 && beresp.status != 404 && beresp.status != 304) {
 		set beresp.ttl = 60m;
 		set beresp.http.Cache-Control = "max-age=18140000";
 		set beresp.http.X-Status = "Error";
 		unset beresp.http.set-cookie;
 	}
 	if (beresp.status == 404) {
 		set beresp.ttl = 2m;
 		set beresp.http.Cache-Control = "max-age=18140000";
 		unset beresp.http.set-cookie;
 	}
 	if (req.http.host ~ "knastblog\.de") {
 		set beresp.http.Cache-Control = "max-age=18140000";
 		set beresp.ttl = 1w;
 		unset beresp.http.set-cookie;
 	}
 	if ((req.url ~ "der-rotz-der-unser-leben-lebenswert-macht")) {
 		set beresp.ttl = 1w;
 	}
 	return (deliver);
 }
 	
 sub vcl_deliver {
 	unset resp.http.X-Varnish;
 	unset resp.http.Date;
 	unset resp.http.Pragma;
 	unset resp.http.X-Pingback;
 	unset resp.http.Via;
 	unset resp.http.X-Powered-By;
 	unset resp.http.X-Mobilized-By;
 	unset resp.http.Server;
 	unset resp.http.WP-Super-Cache;
 	set resp.http.X-FRAME-OPTIONS = "DENY";
 	set resp.http.Server = "busybox httpd/1.35 6-Oct-2004";
 	return (deliver);
 }
	if (
	req.http.user-agent ~ "^$"
	\|\| req.http.user-agent ~ "^Java"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; MRA 4.6 (build 01425); .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
	\|\| req.http.user-agent == "Mozilla/5.0 (X11; U; Linux i686; rv:1.9) Gecko/2008080808 Firefox/3.0"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/523.15 (KHTML, like Gecko) Version/3.0 Safari/523.15"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10"
	\|\| req.http.user-agent == "-"
	\|\| req.http.user-agent ~ "^Jakarta"
	\|\| req.http.user-agent ~ "IDBot"
	\|\| req.http.user-agent ~ "^Mozilla/4.0 \(compatible; MSIE 6.0; Windows NT 5.1"
	\|\| req.http.user-agent ~ "id-search"
	\|\| req.http.user-agent ~ "User-Agent"
	\|\| req.http.user-agent ~ "compatible ;"
	\|\| req.http.user-agent ~ "ConveraCrawler"
	\|\| req.http.user-agent ~ "^Mozilla$"
	\|\| req.http.user-agent ~ "libwww"
	\|\| req.http.user-agent ~ "lwp-trivial"
	\|\| req.http.user-agent ~ "curl"
	\|\| req.http.user-agent ~ "PHP/"
	\|\| req.http.user-agent ~ "urllib"
	\|\| req.http.user-agent ~ "GT:WWW"
	\|\| req.http.user-agent ~ "Snoopy"
	\|\| req.http.user-agent ~ "MFC_Tear_Sample"
	\|\| req.http.user-agent ~ "HTTP::Lite"
	\|\| req.http.user-agent ~ "PHPCrawl"
	\|\| req.http.user-agent ~ "URI::Fetch"
	\|\| req.http.user-agent ~ "Zend_Http_Client"
	\|\| req.http.user-agent ~ "http client"
	\|\| req.http.user-agent ~ "PECL::HTTP"
	\|\| req.http.user-agent ~ "panscient.com"
	\|\| req.http.user-agent ~ "IBM EVV"
	\|\| req.http.user-agent ~ "Bork-edition"
	\|\| req.http.user-agent ~ "Fetch API Request"
	\|\| req.http.user-agent ~ "PleaseCrawl"
	\|\| req.http.user-agent ~ "[A-Z][a-z]{3,} [a-z]{4,} [a-z]{4,}"
	\|\| req.http.user-agent ~ "layeredtech.com"
	\|\| req.http.user-agent ~ "WEP Search"
	\|\| req.http.user-agent ~ "Wells Search II"
	\|\| req.http.user-agent ~ "Missigua Locator"
	\|\| req.http.user-agent ~ "ISC Systems iRc Search 2.1"
	\|\| req.http.user-agent ~ "Microsoft URL Control"
	\|\| req.http.user-agent ~ "Indy Library"
	\|\| req.http.user-agent == "8484 Boston Project v 1.0"
	\|\| req.http.user-agent == "Atomic_Email_Hunter/4.0"
	\|\| req.http.user-agent == "atSpider/1.0"
	\|\| req.http.user-agent == "autoemailspider"
	\|\| req.http.user-agent == "China Local Browse 2.6"
	\|\| req.http.user-agent == "ContactBot/0.2"
	\|\| req.http.user-agent == "ContentSmartz"
	\|\| req.http.user-agent == "DataCha0s/2.0"
	\|\| req.http.user-agent == "DataCha0s/2.0"
	\|\| req.http.user-agent == "DBrowse 1.4b"
	\|\| req.http.user-agent == "DBrowse 1.4d"
	\|\| req.http.user-agent == "Demo Bot DOT 16b"
	\|\| req.http.user-agent == "Demo Bot Z 16b"
	\|\| req.http.user-agent == "DSurf15a 01"
	\|\| req.http.user-agent == "DSurf15a 71"
	\|\| req.http.user-agent == "DSurf15a 81"
	\|\| req.http.user-agent == "DSurf15a VA"
	\|\| req.http.user-agent == "EBrowse 1.4b"
	\|\| req.http.user-agent == "Educate Search VxB"
	\|\| req.http.user-agent == "EmailSiphon"
	\|\| req.http.user-agent == "EmailWolf 1.00"
	\|\| req.http.user-agent == "ESurf15a 15"
	\|\| req.http.user-agent == "ExtractorPro"
	\|\| req.http.user-agent == "Franklin Locator 1.8"
	\|\| req.http.user-agent == "FSurf15a 01"
	\|\| req.http.user-agent == "Full Web Bot 0416B"
	\|\| req.http.user-agent == "Full Web Bot 0516B"
	\|\| req.http.user-agent == "Full Web Bot 2816B"
	\|\| req.http.user-agent == "Guestbook Auto Submitter"
	\|\| req.http.user-agent == "Industry Program 1.0.x"
	\|\| req.http.user-agent == "ISC Systems iRc Search 2.1"
	\|\| req.http.user-agent == "IUPUI Research Bot v 1.9a"
	\|\| req.http.user-agent == "LARBIN-EXPERIMENTAL ([email protected])"
	\|\| req.http.user-agent == "LetsCrawl.com/1.0 +http://letscrawl.com/"
	\|\| req.http.user-agent == "Lincoln State Web Browser"
	\|\| req.http.user-agent == "LMQueueBot/0.2"
	\|\| req.http.user-agent == "LWP::Simple/5.803"
	\|\| req.http.user-agent == "Mac Finder 1.0.xx"
	\|\| req.http.user-agent == "MFC Foundation Class Library 4.0"
	\|\| req.http.user-agent == "Microsoft URL Control - 6.00.8xxx"
	\|\| req.http.user-agent == "Missauga Locate 1.0.0"
	\|\| req.http.user-agent == "Missigua Locator 1.9"
	\|\| req.http.user-agent == "Missouri College Browse"
	\|\| req.http.user-agent == "Mizzu Labs 2.2"
	\|\| req.http.user-agent == "Mo College 1.9"
	\|\| req.http.user-agent == "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
	\|\| req.http.user-agent == "Mozilla/2.0 (compatible; NEWT ActiveX; Win32)"
	\|\| req.http.user-agent == "Mozilla/3.0 (compatible; Indy Library)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; Advanced Email Extractor v2.xx)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; Iplexx Spider/1.0 http://www.iplexx.at)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; www.wwsifu.cn)"
	\|\| req.http.user-agent == "Mozilla/4.0 [email protected]"
	\|\| req.http.user-agent == "Mozilla/5.0 (Version: xxxx Type:xx)"
	\|\| req.http.user-agent == "MVAClient"
	\|\| req.http.user-agent == "NameOfAgent (CMS Spider)"
	\|\| req.http.user-agent == "NASA Search 1.0"
	\|\| req.http.user-agent == "Nsauditor/1.x"
	\|\| req.http.user-agent == "PBrowse 1.4b"
	\|\| req.http.user-agent == "PEval 1.4b"
	\|\| req.http.user-agent == "Poirot"
	\|\| req.http.user-agent == "Port Huron Labs"
	\|\| req.http.user-agent == "Production Bot 0116B"
	\|\| req.http.user-agent == "Production Bot 2016B"
	\|\| req.http.user-agent == "Production Bot DOT 3016B"
	\|\| req.http.user-agent == "Program Shareware 1.0.2"
	\|\| req.http.user-agent == "PSurf15a 11"
	\|\| req.http.user-agent == "PSurf15a 51"
	\|\| req.http.user-agent == "PSurf15a VA"
	\|\| req.http.user-agent == "psycheclone"
	\|\| req.http.user-agent == "RSurf15a 41"
	\|\| req.http.user-agent == "RSurf15a 51"
	\|\| req.http.user-agent == "RSurf15a 81"
	\|\| req.http.user-agent == "searchbot [email protected]"
	\|\| req.http.user-agent == "ShablastBot 1.0"
	\|\| req.http.user-agent == "snap.com beta crawler v0"
	\|\| req.http.user-agent == "Snapbot/1.0"
	\|\| req.http.user-agent == "sogou develop spider"
	\|\| req.http.user-agent == "Sogou Orion spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
	\|\| req.http.user-agent == "sogou spider"
	\|\| req.http.user-agent == "Sogou web spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
	\|\| req.http.user-agent == "sohu agent"
	\|\| req.http.user-agent == "SSurf15a 11"
	\|\| req.http.user-agent == "TSurf15a 11"
	\|\| req.http.user-agent == "Under the Rainbow 2.2"
	\|\| req.http.user-agent == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
	\|\| req.http.user-agent == "VadixBot"
	\|\| req.http.user-agent == "WebVulnCrawl.blogspot.com/1.0 libwww-perl/5.803"
	\|\| req.http.user-agent == "Wells Search II"
	\|\| req.http.user-agent == "WEP Search 00"
	\|\| req.http.user-agent == ""
	\|\| req.http.user-agent == "-"

	) {
	error 403 "Comments disabled";
	}
	if (
	req.http.user-agent ~ "^Java"
	\|\| req.http.user-agent == "Tiny Tiny RSS/1.6.2 (http://tt-rss.org/)"
	\|\| req.http.user-agent == "Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http://www.majestic12.co.uk/bot.php?+)"
	\|\| req.http.user-agent ~ "AhrefsBot"
	\|\| req.http.user-agent ~ "^Xenu"
	\|\| req.http.user-agent ~ "Scooter"
	\|\| req.http.user-agent ~ "^Jakarta"
	\|\| req.http.user-agent ~ "^Deine"
	\|\| req.http.user-agent ~ "IDBot"
	\|\| req.http.user-agent ~ "yacybot"
	\|\| req.http.user-agent ~ "id-search"
	\|\| req.http.user-agent ~ "User-Agent"
	\|\| req.http.user-agent ~ "compatible ;"
	\|\| req.http.user-agent ~ "ConveraCrawler"
	\|\| req.http.user-agent ~ "^Mozilla$"
	\|\| req.http.user-agent ~ "PHPCrawl"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"
	\|\| req.http.user-agent == "Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 7.0; Win32)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0)"
	\|\| req.http.user-agent == "Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.10"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7"
	\|\| req.http.user-agent == "Opera/9.80 (Windows NT 5.1; U; ru) Presto/2.2.15 Version/10.00"
	\|\| req.http.user-agent == "Opera/9.64 (Windows NT 5.1; U; ru) Presto/2.1.1"
	\|\| req.http.user-agent == "Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.17) Gecko/2009122116 Firefox/3.0.17"
	\|\| req.http.user-agent == "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)"
	\|\| req.http.user-agent == "Mozilla/2.0 (compatible; NEWT ActiveX; Win32)"
	\|\| req.http.user-agent == "Mozilla/3.0 (compatible; Indy Library)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; Advanced Email Extractor v2.xx)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; Iplexx Spider/1.0 http://www.iplexx.at)"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt; DTS Agent"
	\|\| req.http.user-agent == "Mozilla/4.0 (compatible; MSIE 6.0; www.wwsifu.cn)"
	\|\| req.http.user-agent == "Mozilla/4.0 [email protected]"
	\|\| req.http.user-agent == "Mozilla/5.0 (Version: xxxx Type:xx)"
	\|\| req.http.user-agent == "MVAClient"
	\|\| req.http.user-agent == "Port Huron Labs"
	\|\| req.http.user-agent == "Production Bot 0116B"
	\|\| req.http.user-agent == "Production Bot 2016B"
	\|\| req.http.user-agent == "Production Bot DOT 3016B"
	\|\| req.http.user-agent == "Program Shareware 1.0.2"
	\|\| req.http.user-agent == "PSurf15a 11"
	\|\| req.http.user-agent == "PSurf15a 51"
	\|\| req.http.user-agent == "PSurf15a VA"
	\|\| req.http.user-agent == "psycheclone"
	\|\| req.http.user-agent == "RSurf15a 41"
	\|\| req.http.user-agent == "RSurf15a 51"
	\|\| req.http.user-agent == "RSurf15a 81"
	\|\| req.http.user-agent == "searchbot [email protected]"
	\|\| req.http.user-agent == "ShablastBot 1.0"
	\|\| req.http.user-agent == "snap.com beta crawler v0"
	\|\| req.http.user-agent == "Snapbot/1.0"
	\|\| req.http.user-agent == "sogou develop spider"
	\|\| req.http.user-agent == "Sogou Orion spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
	\|\| req.http.user-agent == "sogou spider"
	\|\| req.http.user-agent == "Sogou web spider/3.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
	\|\| req.http.user-agent == "sohu agent"
	\|\| req.http.user-agent == "SSurf15a 11"
	\|\| req.http.user-agent == "TSurf15a 11"
	\|\| req.http.user-agent == "Under the Rainbow 2.2"
	\|\| req.http.user-agent == "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
	\|\| req.http.user-agent == "VadixBot"
	\|\| req.http.user-agent == "WebVulnCrawl.blogspot.com/1.0 libwww-perl/5.803"
	\|\| req.http.user-agent == "Wells Search II"
	\|\| req.http.user-agent == "WEP Search 00"
	) {
	error 403 "Disabled";
	}
	include "/etc/varnish/chinacidr.vcl";

	backend default {
	.host = "127.0.0.1";
	.port = "82";
	}
	sub vcl_recv {
	if (req.request != "GET" && req.request != "HEAD" && req.request != "POST") {
	error 403 "Unknown method";
	}
	if (req.url !~ "/feed") {
	include "/etc/varnish/robots.vcl";
	}
	#/index.php/archives/2004/01/24/idealismus/feed/
	if (req.url ~ "(?i)/index.php/arch.*/feed/") {
	error 404 "No such feed";
	}
	if (req.backend.healthy) {
	set req.grace = 30s;
	} else {
	set req.grace = 1h;
	}
	if (req.http.x-forwarded-for) {
	set req.http.X-Forwarded-For =
	req.http.X-Forwarded-For + ", " + client.ip;
	} else {
	set req.http.X-Forwarded-For = client.ip;
	}
	# GOTCHA: Ohne das da gibts nen 411 Lenght required beim kommentieren
	if (req.request == "POST") {
	include "/etc/varnish/post-check.vcl";
	if( client.ip ~ china) {
	error 403 "Forbidden";
	}
	return(pass);
	}
	if ((req.url ~ "timthumb.php")) {
	error 404 "Not found";
	}
	if ((req.url ~ "^/m-admin")\|\|(req.url ~ "^/aws/")\|\|(req.url ~ "^/cgi-bin/")) {
	return (pipe);
	}
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg)$") {
	# No point in compressing these
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	# unkown algorithm
	remove req.http.Accept-Encoding;
	}
	}
	if ((req.http.Cookie ~ "wordpress_logged_in") \|\| (req.url ~ "^/wp-admin")) {
	return (pipe);
	}
	if ((req.url ~ "^/wp-(login\|admin\|cron)")) {
	return(pass);
	}
	return (lookup);
	}

	sub vcl_pipe {
	set bereq.http.X-pipe = "Pipe";
	return (pipe);
	}
	sub vcl_hash {
	hash_data(req.url);
	hash_data(req.http.X-Forwarded-Proto);
	if (req.http.host) {
	hash_data( req.http.host);
	} else {
	hash_data(server.ip);
	}
	return (hash);
	}

	sub vcl_hit {
	# GOTCHA: Ohne das da gibts nen 411 Lenght required beim kommentieren
	if (req.request == "POST") {
	set obj.ttl = 0s;
	return(pass);
	}
	return (deliver);
	}

	sub vcl_miss {
	set bereq.http.X-Debugging = "nack";
	return (fetch);
	}

	sub vcl_fetch {
	set beresp.grace = 1h;
	if (req.http.X-Forwarded-Proto == "https") {
	set beresp.http.X-ssl = "Yes";
	}
	if (req.request == "POST" && req.backend.healthy) {
	set beresp.http.X-purged = regsub(beresp.http.Location,"\#.","");
	set beresp.http.X-purged = regsub(beresp.http.X-purged,"http://www.lawblog.de","");
	ban("req.url ~ " + beresp.http.X-purged);
	unset beresp.http.X-purged;
	}
	if (req.http.Cookie ~ "wordpress_logged_in") {
	set beresp.ttl = 0s;
	set beresp.http.X-loggedin = "Yes";
	return (deliver);
	}
	set beresp.http.Cache-Control = "max-age=240";
	set beresp.ttl = 2h;
	if (req.url ~ "wp-admin") {
	set beresp.http.Cache-Control = "max-age=0";
	set beresp.ttl = 0s;
	}
	if (req.url ~ "^/index.php/archives/201") {
	set beresp.ttl = 120s;
	set beresp.http.X-twentyten = "Yes";
	set beresp.http.Cache-Control = "no-cache";
	}
	if (req.url ~ "^/index.php/archives/200") {
	set beresp.http.X-twentyten = "No";
	set beresp.http.Cache-Control = "max-age=3600";
	set beresp.ttl = 3h;
	unset beresp.http.set-cookie;
	}
	if (req.url ~ "^/$") {
	set beresp.http.Cache-Control = "max-age=1200";
	set beresp.ttl = 60s;
	unset beresp.http.set-cookie;
	}
	if (req.http.host ~ "^lawblog\.de") {
	set beresp.http.Cache-Control = "max-age=18140000";
	set beresp.ttl = 1w;
	unset beresp.http.set-cookie;
	}
	if (req.url ~ "\.js\?v") {
	set beresp.http.Cache-Control = "max-age=18140000";
	set beresp.ttl = 1m;
	unset beresp.http.set-cookie;
	}
	if (req.url ~ "\.(ico\|txt\|png\|gif\|jpg\|swf\|css\|js)$") {
	unset beresp.http.expires;
	set beresp.http.Cache-Control = "max-age=18140000";
	set beresp.ttl = 1w;
	unset beresp.http.set-cookie;
	}
	if (req.url ~ "(feed)") {
	set beresp.http.Cache-Control = "max-age=600";
	set beresp.ttl = 180s;
	unset beresp.http.set-cookie;
	}
	if (req.request == "POST") {
	set beresp.ttl = 0s;
	unset beresp.http.Cache-Control;
	}
	if (beresp.status != 200 && beresp.status != 301 && beresp.status != 302 && beresp.status != 404 && beresp.status != 304) {
	set beresp.ttl = 60m;
	set beresp.http.Cache-Control = "max-age=18140000";
	set beresp.http.X-Status = "Error";
	unset beresp.http.set-cookie;
	}
	if (beresp.status == 404) {
	set beresp.ttl = 2m;
	set beresp.http.Cache-Control = "max-age=18140000";
	unset beresp.http.set-cookie;
	}
	if (req.http.host ~ "knastblog\.de") {
	set beresp.http.Cache-Control = "max-age=18140000";
	set beresp.ttl = 1w;
	unset beresp.http.set-cookie;
	}
	if ((req.url ~ "der-rotz-der-unser-leben-lebenswert-macht")) {
	set beresp.ttl = 1w;
	}
	return (deliver);
	}

	sub vcl_deliver {
	unset resp.http.X-Varnish;
	unset resp.http.Date;
	unset resp.http.Pragma;
	unset resp.http.X-Pingback;
	unset resp.http.Via;
	unset resp.http.X-Powered-By;
	unset resp.http.X-Mobilized-By;
	unset resp.http.Server;
	unset resp.http.WP-Super-Cache;
	set resp.http.X-FRAME-OPTIONS = "DENY";
	set resp.http.Server = "busybox httpd/1.35 6-Oct-2004";
	return (deliver);
	}