Varnish and "arbitrary VCL"

agitator · August 17, 2017, 11:27am

I'm trying to add custom VCL rules from https://www.varnish-software.com/wiki/content/tutorials/varnish/sample_vclTemplate.html for Varnish through plone.recipe.varnish but the rules don't seem to end up in the generated config.

cookie-whitelist =
    statusmessages
    __ac
    ....

vcl_recv =
    set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");

backends =
    /VirtualHostBase/http/domain.ch:80/Plone:127.0.0.1:8080
   ...

What is the correct format to add rules like this?

hvelarde · August 17, 2017, 6:27pm

Don't use the recipe; edit your configuration file directly.

On the other side, this is what you want on your VLC file:

...

sub vcl_recv {
    ...
    call sanitize_cookies;
}

...

# Clean up all cookies but the ones we should care
# https://www.varnish-cache.org/docs/4.0/users-guide/increasing-your-hitrate.html#cookies
# http://docs.plone.org/develop/plone/sessions/cookies.html
sub sanitize_cookies {
    if (req.http.Cookie) {
        set req.http.Cookie = ";" + req.http.Cookie;
        set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
        set req.http.Cookie = regsuball(req.http.Cookie, ";(__ac|__cp|_ZopeId|statusmessages)=", "; \1=");
        set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
        set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

        if (req.http.Cookie == "") {
            unset req.http.Cookie;
        }
    }
}

I can share my VLC file with you, if you have no previous experience with Varnish.

agitator · August 18, 2017, 7:23am

Been using the recipe for a long time, what's wrong with it?

I'm no regex expert, but this generated part looks quite identical to me

    /* Cookie whitelist, remove all not in there */
    if (req.http.Cookie) {
        set req.http.Cookie = ";" + req.http.Cookie;
        set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
        set req.http.Cookie = regsuball(req.http.Cookie, ";(statusmessages|cart|__ac|_ZopeId|__cp)=", "; \1=");
        set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
        set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
        if (req.http.Cookie == "") {
            unset req.http.Cookie;
        }
    }

still I have that __gads cookie which produces X-Cacheable:NO - Set Cookie

hvelarde · August 18, 2017, 1:39pm

There's nothing wrong with it, is just not as flexible as editing the file by hand.

I don't know how can that cookie be there, this line removes everything except the Zope/Plone related cookies:

    set req.http.Cookie = regsuball(req.http.Cookie, ";(__ac|__cp|_ZopeId|statusmessages)=", "; \1=");

cleberjsantos · August 20, 2017, 1:39am

You can also use the varnishlog to debugging your rules and see which cookies are being stripped in your VCL.

Here's a tip on how you can see what cookies your client is sending, and what cookies your Varnish VCL is removing and sending on to the backend.

More information about varnishlog here: https://varnish-cache.org/docs/trunk/reference/varnishlog.html

agitator · August 21, 2017, 6:57am

Thanx, I'll try that.