varnish-example

import std;

probe default {
  .url = "/index.html";
  .timeout = 30ms;
  .interval = 2s;
  .window = 5;
  .threshold = 3;
}

acl purge {
  "localhost";
}

acl localnet {
  "172.16.245.0"/24;
}

backend b1 {
  .host  = "nfs-m-vip";
  .port  = "8081";
  .probe = default;
}

backend b2 {
  .host  = "nfs-s-vip";
  .port  = "8081";
  .probe = default;
}

backend b3 {
  .host  = "storage03";
  .port  = "8081";
  .probe = default;
}

director dr1 random {
  { .backend = b1 ; .weight= 10; }
  { .backend = b2 ; .weight= 20; }
  { .backend = b3 ; .weight= 40; }
}
sub vcl_recv {
  set req.grace = 60s;

  # block bots
  if (req.http.User-Agent ~ "(Googlebot|SRD|MBS|Slurp|Baidu|Hatena|msnbot|MSNBOT|%2Bhttp|\+http)" ) {
     error 403 "forbidden";
  }

  # Normalize Accept-Encoding header
  if (req.http.Accept-Encoding) {
      if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
        # No point in compressing these
        remove req.http.Accept-Encoding;
      } elsif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
      } elsif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
      } else {
        # unkown algorithm
        remove req.http.Accept-Encoding;
      }
  }

  if (req.url ~ "(_ads|flash_alt_banners|emoji|_images)") {
    unset req.http.cookie;
  } elsif ( req.url ~ "^/[0-9A-Za-z_]*\.(gif|jpg|png)$"){
    unset req.http.cookie;
  } elsif ( req.url ~ "^/(javascripts|stylesheets)"){
    unset req.http.cookie;
  } elsif ( req.url ~ "^/.*\.html"){
    unset req.http.cookie;
  }

  # dont cache a.adimg.net(pc/sp js), i.adimg.net(sp img), fp.adimg.net(fp img)
  if ( req.http.host ~ "^([ai]|fp)\.adimg\.net" ) {
    return (pass);
  }
  
    if (req.request == "PURGE") {
    if (!client.ip ~ purge) {
      error 405 "Not allowed.";
    }
    return (lookup);
  }

  if (client.ip ~ localnet) {
    set req.backend = b1;
  } else {
    set req.backend = dr1;
  }

  if ( req.restarts == 3) {
    # deal with error, real file may have jpg or png extension. todo
    if (req.url ~ "^/banner_ads/.*\.$") {
      set req.url = req.url + "gif";
    } elsif (req.http.referer ~ "v\.mapion\.co\.jp" &&
      req.url ~ "^/mobile_banner_ads/.*\.png$") {

      set req.url = regsub(req.url, "png$", "gif");
    } else {
      std.syslog(180, "FALLBACK: " + req.http.host + req.url + " |REFERER|: " + req.http.referer);
      #set req.backend = fallback;
      error 404 "Not existed.";
    }
  }
}


sub vcl_hit {
  if (req.request == "PURGE") {
    purge;
    error 200 "Purged.";
  }
}

sub vcl_miss {
  if (req.request == "PURGE") {
    purge;
    error 404 "Not in cache.";
  }
}

sub vcl_fetch {
  if (!req.backend.healthy) {
    set req.grace = 1h;
  }

  if (beresp.status >= 400) {
    return (restart);
  }

  if ( req.http.Accept-Encoding &&
       req.url ~ "\.(html|htm|css|js|txt|xml)(\?[a-z0-9=]+)?$" ) {
    set beresp.do_gzip = true;
  }

  if (req.url ~ "(_ads|flash_alt_banners|emoji|_images)") {
    set beresp.ttl = 30d;
    /* Set the clients TTL on this object 360d */
    set beresp.http.cache-control = "public, max-age=31104000";
    unset beresp.http.set-cookie;
  } elsif ( req.url ~ "^/[0-9A-Za-z_]*\.(gif|jpg|png)$"){
    set beresp.ttl = 60d;
    /* Set the clients TTL on this object 360d*/
    set beresp.http.cache-control = "public, max-age=31104000";
    unset beresp.http.set-cookie;
  } elsif ( req.url ~ "^/(javascripts|stylesheets)"){
    set beresp.ttl = 6h;
    /* Set the clients TTL on this object 6h*/
    set beresp.http.cache-control = "public, max-age=21600";
    unset beresp.http.set-cookie;
  } elsif ( req.url ~ "^/.*\.html"){
    set beresp.ttl = 2d;
    /* Set the clients TTL on this object 2d*/
    set beresp.http.cache-control = "public, max-age=172800";
    unset beresp.http.set-cookie;
  } elsif (req.url == "/robots.txt") {
    # Purge manually as required
    set beresp.ttl = 4d;
  }
  
    # TODO
  if (beresp.ttl <= 0s) {
    # Cannot cache. Backend provided an expired TTL
    set beresp.http.X-Cacheable = "NO:ExpiredTTL";
  } elsif (req.http.Cookie) {
    # Presence of cookies.
    set beresp.http.X-Cacheable = "NO:Cookies";
  } elsif (beresp.http.Cache-Control ~ "private") {
    # Cache-control is private
    set beresp.http.X-Cacheable = "NO:Cache-Control=private";
  } else {
    set beresp.http.X-Cacheable = "YES";
  }

  set beresp.http.x-url = req.url;
  set beresp.http.x-host = req.http.host;

  return(deliver);
}

sub vcl_deliver {
  # TODO debug
  if (obj.hits > 0) {
    set resp.http.X-Cache = "HIT";
  } else {
    set resp.http.X-Cache = "MISS";
  }
  unset resp.http.Server;
  unset resp.http.Via;
  unset resp.http.Age;
  unset resp.http.X-Varnish;
  unset resp.http.x-url;
  unset resp.http.x-host;

  return (deliver);
}

sub vcl_error {
  # CVE-2013-4484
  if (obj.status == 400 || obj.status == 413) {
      return(deliver);
  }
  
  if (obj.status == 503 && req.restarts < 2) {
    return (restart);
  }
}

---OK---
218.222.210.104 - - [13/Dec/2013:16:52:12 +0900] "GET http://b4.i.adimg.net/banner_ads/0016/6307/89ad24c0e7c02a9094922a81e797435c31e4d8c0.gif HTTP/1.1" 200 43 "http://sangocere.269g.net/category/435549-2.html" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0)"

---NG---
123.233.227.174 - - [13/Dec/2013:16:26:33 +0900] "GET http://b4.i.adimg.net/banner_ads/0016/6307/89ad24c0e7c02a9094922a81e797435c31e4d8c0 HTTP/1.0" 302 160 "http://heartyou.269g.net/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.53 Safari/534.30"

123.233.227.174 - - [13/Dec/2013:16:26:33 +0900] "GET http://b4.i.adimg.net/banner_ads/0016/6307/ HTTP/1.0" 404 398 "http://heartyou.269g.net/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.53 Safari/534.30"