twinge · March 27, 2011 21:31
diff --git a/default.vcl b/default.vcl
 ## Redirect requests to Apache, running on port 8000 on localhost
 backend apache {
 	.host = "ttp.26am.com";
        .port = "8080";
 }
 sub vcl_pipe {
        # Note that only the first request to the backend will have
        # X-Forwarded-For set.  If you use X-Forwarded-For and want to
        # have it set for all requests, make sure to have:
        # set req.http.connection = "close";
 
        # This is otherwise not necessary if you do not do any request rewriting.
 
        set req.http.connection = "close";
 }

 sub vcl_recv {
  if (req.http.X-Forwarded-Proto == "https" ) {
   set req.http.X-Forwarded-Port = "443";
  } else {
   set req.http.X-Forwarded-Port = "80";
   set req.http.X-Forwarded-Proto = "http";
  }
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
        # No point in compressing these
        remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
        set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
        set req.http.Accept-Encoding = "deflate";
    } else {
        # unkown algorithm
        remove req.http.Accept-Encoding;
    }
  }
   if (req.request != "GET" && req.request != "HEAD") {
      /* We only deal with GET and HEAD by default */
      return (pass);
  }
  if (req.url ~ "^/system") {
    unset req.http.Cookie;
  }
  if (req.http.Authorization || req.http.Cookie) {
    return(lookup);
  }
 }
 ## Fetch
 sub vcl_fetch {

 		## Remove the X-Forwarded-For header if it exists.
        remove req.http.X-Forwarded-For;
 		
 		## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
        set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
 #       set    req.http.X-Real-IP = req.http.rlnclientipaddr;
 		## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
        if (req.url ~ "^/w00tw00t") {
                error 403 "Not permitted";
        }
 		## Deliver the content
        return(deliver);
 }

 ## Deliver
 sub vcl_deliver {
 		## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
              ## Since we're not caching (yet), why bother telling people we use it?
 #        remove resp.http.X-Varnish;
 #        remove resp.http.Via;
 #        remove resp.http.Age;
 		
 		## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
        remove resp.http.X-Powered-By;
 }
	## Redirect requests to Apache, running on port 8000 on localhost
	backend apache {
	.host = "ttp.26am.com";
	.port = "8080";
	}
	sub vcl_pipe {
	# Note that only the first request to the backend will have
	# X-Forwarded-For set. If you use X-Forwarded-For and want to
	# have it set for all requests, make sure to have:
	# set req.http.connection = "close";

	# This is otherwise not necessary if you do not do any request rewriting.

	set req.http.connection = "close";
	}

	sub vcl_recv {
	if (req.http.X-Forwarded-Proto == "https" ) {
	set req.http.X-Forwarded-Port = "443";
	} else {
	set req.http.X-Forwarded-Port = "80";
	set req.http.X-Forwarded-Proto = "http";
	}
	if (req.http.Accept-Encoding) {
	if (req.url ~ "\.(jpg\|png\|gif\|gz\|tgz\|bz2\|tbz\|mp3\|ogg)$") {
	# No point in compressing these
	remove req.http.Accept-Encoding;
	} elsif (req.http.Accept-Encoding ~ "gzip") {
	set req.http.Accept-Encoding = "gzip";
	} elsif (req.http.Accept-Encoding ~ "deflate") {
	set req.http.Accept-Encoding = "deflate";
	} else {
	# unkown algorithm
	remove req.http.Accept-Encoding;
	}
	}
	if (req.request != "GET" && req.request != "HEAD") {
	/* We only deal with GET and HEAD by default */
	return (pass);
	}
	if (req.url ~ "^/system") {
	unset req.http.Cookie;
	}
	if (req.http.Authorization \|\| req.http.Cookie) {
	return(lookup);
	}
	}
	## Fetch
	sub vcl_fetch {

	## Remove the X-Forwarded-For header if it exists.
	remove req.http.X-Forwarded-For;

	## insert the client IP address as X-Forwarded-For. This is the normal IP address of the user.
	set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
	# set req.http.X-Real-IP = req.http.rlnclientipaddr;
	## Added security, the "w00tw00t" attacks are pretty annoying so lets block it before it reaches our webserver
	if (req.url ~ "^/w00tw00t") {
	error 403 "Not permitted";
	}
	## Deliver the content
	return(deliver);
	}

	## Deliver
	sub vcl_deliver {
	## We'll be hiding some headers added by Varnish. We want to make sure people are not seeing we're using Varnish.
	## Since we're not caching (yet), why bother telling people we use it?
	# remove resp.http.X-Varnish;
	# remove resp.http.Via;
	# remove resp.http.Age;

	## We'd like to hide the X-Powered-By headers. Nobody has to know we can run PHP and have version xyz of it.
	remove resp.http.X-Powered-By;
	}