Search code examples
cachingcookiesvarnishvcl

varnish cookies on uri + domain

i have varnish installed that serve my cached content on my sites i have wordpress and added the rule to strip incoming and outgoing cookies if they do not belong to wp-admin or wp-login

sub vcl_recv {
        if (!(req.url ~ "wp-(login|admin)")) {
                unset req.http.cookie;
        }
}

and

sub vcl_fetch {
        if (!(req.url ~ "wp-(login|admin)") {
                unset beresp.http.set-cookie;
        }
}

now i added some other sites on different domains/subdomains that need to have cookies enabled; i tried to add the rule but with no success, the only way i solved is without caching some domain/subdomains.

i was thinking something like (both for recv and fetch) but it doesn't work, and it breks the wordpress rule too:

sub vcl_fetch {
        if (!(req.url ~ "wp-(login|admin)") || !(req.http.host ~ "ingredienti\.popeating\.it")) {
                unset beresp.http.set-cookie;
        }

}
Solution

  • The correct approach may vary if there's a majority of WP sites or non WP sites.

    Given that you only have only one WP site and WP domain is my.wordpress.tld you should change your rules to:

    sub vcl_recv {
  if ( req.http.host ~ "my.wordpress.tld"
    && ! (req.url ~ "wp-(login|admin)")
  ) {
    unset req.http.cookie;
  }
}
#...
sub vcl_fetch {
  if ( req.http.host ~ "my.wordpress.tld"
    && ! (req.url ~ "wp-(login|admin)")
  ) {
    unset beresp.http.set-cookie;
  }
}

    It's easy to generalize the code for 2+ WP sites replacing req.http.host ~ "my.wordpress.tld" with an or expression like (req.http.host ~ "my1.wordpress.tld" || req.http.host ~ "my2.wordpress.tld").

    Given that you only have only one NON-WP site and NON-WP domain is my.not-wordpress.tld you should change your rules to:

    sub vcl_recv {
  if ( ! req.http.host ~ "my.not-wordpress.tld"
    && ! (req.url ~ "wp-(login|admin)")
  ) {
    unset req.http.cookie;
  }
}
#...
sub vcl_fetch {
  if ( ! req.http.host ~ "my.not-wordpress.tld"
    && ! (req.url ~ "wp-(login|admin)")
  ) {
    unset beresp.http.set-cookie;
  }
}

    Again, it's easy to generalize the code for 2+ NON-WP sites replacing req.http.host ~ "my.wordpress.tld" with an or expression like (req.http.host ~ "my1.not-wordpress.tld" || req.http.host ~ "my2.not-wordpress.tld").

    NOTES:

    1. You should understand what cookie striping means and the differences between stripping a cookie on the request and avoiding a cookie to be setted on the response
    2. Be carefull when copy-pasting, since the expresion to get ride of the cookies is not the same on vcl_fetch and vcl_recv