vcl(7)
NAME
VCL - Varnish Configuration Language
DESCRIPTION
The VCL language is a small domain-specific language designed to be
used to describe request handling and document caching policies for
Varnish Cache.
When a new configuration is loaded, the varnishd management process
translates the VCL code to C and compiles it to a shared object which
is then loaded into the server process.
This document focuses on the syntax of the VCL language. For a full
description of syntax and semantics, with ample examples, please see
the online documentation at https://www.varnish-cache.org/docs/ .
Starting with Varnish 4.0, each VCL file must start by declaring its
version with "vcl X.Y;" marker at the top of the file. See more about
this under Versioning below.
Operators
The following operators are available in VCL:
= Assignment operator.
== Comparison.
~ Match. Can either be used with regular expressions or ACLs.
! Negation.
&& Logical and.
|| Logical or.
Conditionals
VCL has if and else statements. Nested logic can be implemented with
the elseif statement (elsif/elif/else if are equivalent).
Note that there are no loops or iterators of any kind in VCL.
Strings, booleans, time, duration, integers and real numbers
These are the data types in Varnish. You can set or unset these.
Example:
set req.http.User-Agent = "unknown";
unset req.http.Range;
Strings
Basic strings are enclosed in double quotes (" ... "), and may not
contain newlines. Long strings are enclosed in {" ... "}. They may
contain any character including single double quotes ("), newline and
other control characters except for the NUL (0x00) character.
Booleans
Booleans can be either true or false. In addition, in a boolean
context some data types will evaluate to true or false depending on
their value.
String types will evaluate to false if they are empty; backend types
will evalute to false if they don't have a backend assigned; integer
types will evaluate to false if their value is zero.
Time
VCL has time. A duration can be added to a time to make another time.
In string context they return a formatted string in RFC1123 format
(e.g. Sun, 06 Nov 1994 08:49:37 GMT).
The keyword now returns a time representing the current time in seconds
since the Epoch.
Durations
Durations are defined by a number and a designation. The number can be
a real so 1.5w is allowed.
ms milliseconds
s seconds
m minutes
h hours
d days
w weeks
y years
Integers
Certain fields are integers, used as expected. In string context they
return a string.
Real numbers
VCL understands real numbers. As with integers, when used in a string
context they will return a string.
Regular Expressions
Varnish uses Perl-compatible regular expressions (PCRE). For a complete
description please see the pcre(3) man page.
To send flags to the PCRE engine, such as to do case insensitive
matching, add the flag within parens following a question mark, like
this:
# If host is NOT example dot com..
if (req.http.host !~ "(?i)example.com$") {
...
}
Include statement
To include a VCL file in another file use the include keyword:
include "foo.vcl";
Import statement
The import statement is used to load Varnish Modules (VMODs.)
Example:
import std;
sub vcl_recv {
std.log("foo");
}
Comments
Single lines of VCL can be commented out using // or #. Multi-line
blocks can be commented out with /* block /*.
Example:
sub vcl_recv {
// Single line of out-commented VCL.
# Another way of commenting out a single line.
/*
Multi-line block of commented-out VCL.
*/
}
Backend definition
A backend declaration creates and initialises a named backend object. A
declaration start with the keyword backend followed by the name of the
backend. The actual declaration is in curly brackets, in a key/value
fashion.:
backend name {
.attribute = "value";
}
The only mandatory attribute is host. The attributes will inherit their
defaults from the global parameters. The following attributes are
available:
host (mandatory)
The host to be used. IP address or a hostname that resolves
to a single IP address.
port The port on the backend that Varnish should connect to.
host_header
A host header to add.
connect_timeout
Timeout for connections.
first_byte_timeout
Timeout for first byte.
between_bytes_timeout
Timeout between bytes.
probe Attach a probe to the backend. See Probes
proxy_header
The PROXY protocol version Varnish should use when connecting
to this backend.
max_connections
Maximum number of open connections towards this backend. If
Varnish reaches the maximum Varnish it will start failing
connections.
Backends can be used with directors. Please see the vmod_directors(3)
man page for more information.
Probes
Probes will query the backend for status on a regular basis and mark
the backend as down it they fail. A probe is defined as this:
probe name {
.attribute = "value";
}
The probe named default is special and will be used for all backends
which do not explicitly reference a probe.
There are no mandatory options. These are the options you can set:
url The URL to query. Defaults to "/".
request
Specify a full HTTP request using multiple strings. .request
will have \r\n automatically inserted after every string. If
specified, .request will take precedence over .url.
expected_response
The expected HTTP response code. Defaults to 200.
timeout
The timeout for the probe. Default is 2s.
interval
How often the probe is run. Default is 5s.
initial
How many of the polls in .window are considered good when
Varnish starts. Defaults to the value of threshold - 1. In
this case, the backend starts as sick and requires one single
poll to be considered healthy.
window How many of the latest polls we examine to determine backend
health. Defaults to 8.
threshold
How many of the polls in .window must have succeeded for us
to consider the backend healthy. Defaults to 3.
Access Control List (ACL)
An Access Control List (ACL) declaration creates and initialises a
named access control list which can later be used to match client
addresses:
acl localnetwork {
"localhost"; # myself
"192.0.2.0"/24; # and everyone on the local network
! "192.0.2.23"; # except for the dial-in router
}
If an ACL entry specifies a host name which Varnish is unable to
resolve, it will match any address it is compared to. Consequently, if
it is preceded by a negation mark, it will reject any address it is
compared to, which may not be what you intended. If the entry is
enclosed in parentheses, however, it will simply be ignored.
To match an IP address against an ACL, simply use the match operator:
if (client.ip ~ localnetwork) {
return (pipe);
}
VCL objects
A VCL object can be instantiated with the new keyword:
sub vcl_init {
new b = directors.round_robin()
b.add_backend(node1);
}
This is only available in vcl_init.
Subroutines
A subroutine is used to group code for legibility or reusability:
sub pipe_if_local {
if (client.ip ~ localnetwork) {
return (pipe);
}
}
Subroutines in VCL do not take arguments, nor do they return values.
The built in subroutines all have names beginning with vcl_, which is
reserved.
To call a subroutine, use the call keyword followed by the subroutine's
name:
sub vcl_recv {
call pipe_if_local;
}
Return statements
The ongoing vcl_* subroutine execution ends when a return(action)
statement is made.
The action specifies how execution should proceed. The context defines
which actions are available.
Multiple subroutines
If multiple subroutines with the name of one of the built-in ones are
defined, they are concatenated in the order in which they appear in the
source.
The built-in VCL distributed with Varnish will be implicitly
concatenated when the VCL is compiled.
Variables
In VCL you have access to certain variable objects. These contain
requests and responses currently being worked on. What variables are
available depends on context.
bereq
bereq
Type: HTTP
Readable from: backend
The entire backend request HTTP data structure
bereq.backend
Type: BACKEND
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
This is the backend or director we attempt to fetch from.
bereq.between_bytes_timeout
Type: DURATION
Readable from: backend
Writable from: backend
The time in seconds to wait between each received byte from the
backend. Not available in pipe mode.
bereq.body
Type: BODY
Writable from: vcl_backend_fetch
The request body.
bereq.connect_timeout
Type: DURATION
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The time in seconds to wait for a backend connection.
bereq.first_byte_timeout
Type: DURATION
Readable from: backend
Writable from: backend
The time in seconds to wait for the first byte from the backend.
Not available in pipe mode.
bereq.http.
Type: HEADER
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The corresponding HTTP header.
bereq.method
Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The request type (e.g. "GET", "HEAD").
bereq.proto
Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The HTTP protocol version used to talk to the server.
bereq.retries
Type: INT
Readable from: backend
A count of how many times this request has been retried.
bereq.uncacheable
Type: BOOL
Readable from: backend
Indicates whether this request is uncacheable due to a pass in the
client side or a hit on an existing uncacheable object (aka
hit-for-pass).
bereq.url
Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The requested URL.
bereq.xid
Type: STRING
Readable from: backend
Unique ID of this request.
beresp
beresp
Type: HTTP
Readable from: vcl_backend_response, vcl_backend_error
The entire backend response HTTP data structure
beresp.age
Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
The age of the object.
beresp.backend
Type: BACKEND
Readable from: vcl_backend_response, vcl_backend_error
This is the backend we fetched from. If bereq.backend was set to a
director, this will be the backend selected by the director.
beresp.backend.ip
Type: IP
Readable from: vcl_backend_response, vcl_backend_error
IP of the backend this response was fetched from.
beresp.backend.name
Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Name of the backend this response was fetched from.
beresp.body
Type: BODY
Writable from: vcl_backend_error
The response body.
beresp.do_esi
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. ESI-process the object after fetching it. Defaults to
false. Set it to true to parse the object for ESI directives. Will
only be honored if req.esi is true.
beresp.do_gunzip
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. Unzip the object before storing it in the cache. Defaults
to false.
beresp.do_gzip
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. Gzip the object before storing it. Defaults to false. When
http_gzip_support is on Varnish will request already compressed
content from the backend and as such compression in Varnish is not
needed.
beresp.do_stream
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Deliver the object to the client while fetching the whole object
into varnish. For uncacheable objects, storage for parts of the body
which have been sent to the client may get freed early, depending on
the storage engine used.
beresp.grace
Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Set to a period to enable grace.
beresp.http.
Type: HEADER
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The corresponding HTTP header.
beresp.keep
Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Set to a period to enable conditional backend requests.
The keep time is cache lifetime in addition to the ttl.
Objects with ttl expired but with keep time left may be used to
issue conditional (If-Modified-Since / If-None-Match) requests to
the backend to refresh them.
beresp.proto
Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP protocol version used the backend replied with.
beresp.reason
Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP status message returned by the server.
beresp.status
Type: INT
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP status code returned by the server.
beresp.storage_hint
Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Hint to Varnish that you want to save this object to a particular
storage backend.
beresp.ttl
Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The object's remaining time to live, in seconds.
beresp.uncacheable
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Inherited from bereq.uncacheable, see there.
Setting this variable makes the object uncacheable, which may get
stored as a hit-for-pass object in the cache.
Clearing the variable has no effect and will log the warning
"Ignoring attempt to reset beresp.uncacheable".
beresp.was_304
Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Boolean. If this is a successful 304 response to a backend
conditional request refreshing an existing cache object.
client
client.identity
Type: STRING
Readable from: client
Writable from: client
Identification of the client, used to load balance in the client
director. Defaults to the client's IP address.
client.ip
Type: IP
Readable from: client, backend
The client's IP address.
local
local.ip
Type: IP
Readable from: client, backend
The IP address of the local end of the TCP connection.
now
now
Type: TIME
Readable from: all
The current time, in seconds since the epoch. When used in string
context it returns a formatted string.
obj
obj.age
Type: DURATION
Readable from: vcl_hit, vcl_deliver
The age of the object.
obj.grace
Type: DURATION
Readable from: vcl_hit, vcl_deliver
The object's remaining grace period in seconds.
obj.hits
Type: INT
Readable from: vcl_hit, vcl_deliver
The count of cache-hits on this object. A value of 0 indicates a
cache miss.
obj.http.
Type: HEADER
Readable from: vcl_hit
The corresponding HTTP header.
obj.keep
Type: DURATION
Readable from: vcl_hit, vcl_deliver
The object's remaining keep period in seconds.
obj.proto
Type: STRING
Readable from: vcl_hit
The HTTP protocol version used when the object was retrieved.
obj.reason
Type: STRING
Readable from: vcl_hit
The HTTP status message returned by the server.
obj.status
Type: INT
Readable from: vcl_hit
The HTTP status code returned by the server.
obj.ttl
Type: DURATION
Readable from: vcl_hit, vcl_deliver
The object's remaining time to live, in seconds.
obj.uncacheable
Type: BOOL
Readable from: vcl_deliver
Whether the object is uncacheable (pass or hit-for-pass).
remote
remote.ip
Type: IP
Readable from: client, backend
The IP address of the other end of the TCP connection. This can
either be the clients IP, or the outgoing IP of a proxy server.
req
req
Type: HTTP
Readable from: client
The entire request HTTP data structure
req.backend_hint
Type: BACKEND
Readable from: client
Writable from: client
Set bereq.backend to this if we attempt to fetch.
req.can_gzip
Type: BOOL
Readable from: client
Does the client accept the gzip transfer encoding.
req.esi
Type: BOOL
Readable from: client
Writable from: client
Boolean. Set to false to disable ESI processing regardless of any
value in beresp.do_esi. Defaults to true. This variable is subject
to change in future versions, you should avoid using it.
req.esi_level
Type: INT
Readable from: client
A count of how many levels of ESI requests we're currently at.
req.hash_always_miss
Type: BOOL
Readable from: vcl_recv
Writable from: vcl_recv
Force a cache miss for this request. If set to true Varnish will
disregard any existing objects and always (re)fetch from the
backend.
req.hash_ignore_busy
Type: BOOL
Readable from: vcl_recv
Writable from: vcl_recv
Ignore any busy object during cache lookup. You would want to do
this if you have two server looking up content from each other to
avoid potential deadlocks.
req.http.
Type: HEADER
Readable from: client
Writable from: client
The corresponding HTTP header.
req.method
Type: STRING
Readable from: client
Writable from: client
The request type (e.g. "GET", "HEAD").
req.proto
Type: STRING
Readable from: client
Writable from: client
The HTTP protocol version used by the client.
req.restarts
Type: INT
Readable from: client
A count of how many times this request has been restarted.
req.ttl
Type: DURATION
Readable from: client
Writable from: client
req.url
Type: STRING
Readable from: client
Writable from: client
The requested URL.
req.xid
Type: STRING
Readable from: client
Unique ID of this request.
req_top
req_top.http.
Type: HEADER
Readable from: client
HTTP headers of the top-level request in a tree of ESI requests.
Identical to req.http. in non-ESI requests.
req_top.method
Type: STRING
Readable from: client
The request method of the top-level request in a tree of ESI
requests. (e.g. "GET", "HEAD"). Identical to req.method in non-ESI
requests.
req_top.proto
Type: STRING
Readable from: client
HTTP protocol version of the top-level request in a tree of ESI
requests. Identical to req.proto in non-ESI requests.
req_top.url
Type: STRING
Readable from: client
The requested URL of the top-level request in a tree of ESI
requests. Identical to req.url in non-ESI requests.
resp
resp
Type: HTTP
Readable from: vcl_deliver, vcl_synth
The entire response HTTP data structure.
resp.body
Type: BODY
Writable from: vcl_synth
The response body.
resp.http.
Type: HEADER
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The corresponding HTTP header.
resp.is_streaming
Type: BOOL
Readable from: vcl_deliver, vcl_synth
Returns true when the response will be streamed from the backend.
resp.proto
Type: STRING
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP protocol version to use for the response.
resp.reason
Type: STRING
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP status message that will be returned.
resp.status
Type: INT
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP status code that will be returned.
Assigning a HTTP standardized code to resp.status will also set
resp.reason to the corresponding status message.
server
server.hostname
Type: STRING
Readable from: all
The host name of the server.
server.identity
Type: STRING
Readable from: all
The identity of the server, as set by the -i parameter. If the -i
parameter is not passed to varnishd, server.identity will be set to
the name of the instance, as specified by the -n parameter.
server.ip
Type: IP
Readable from: client, backend
The IP address of the socket on which the client connection was
received.
storage
storage.<name>.free_space
Type: BYTES
Readable from: client, backend
Free space available in the named stevedore. Only available for the
malloc stevedore.
storage.<name>.used_space
Type: BYTES
Readable from: client, backend
Used space in the named stevedore. Only available for the malloc
stevedore.
storage.<name>.happy
Type: BOOL
Readable from: client, backend
Health status for the named stevedore. Not available in any of the
current stevedores.
Functions
The following built-in functions are available:
ban(expression)
Invalidates all objects in cache that match the expression with
the ban mechanism.
hash_data(input)
Adds an input to the hash input. In the built-in VCL hash_data()
is called on the host and URL of the request. Available in
vcl_hash.
synthetic(STRING)
Prepare a synthetic response body containing the STRING.
Available in vcl_synth and vcl_backend_error.
regsub(str, regex, sub)
Returns a copy of str with the first occurrence of the regular
expression regex replaced with sub. Within sub, \0 (which can
also be spelled \&) is replaced with the entire matched string,
and \n is replaced with the contents of subgroup n in the
matched string.
regsuball(str, regex, sub)
As regsub() but this replaces all occurrences.
For converting or casting VCL values between data types use the
functions available in the std VMOD.
VERSIONING
Multiple versions of the VCL syntax can coexist within certain constraints. The VCL syntax version at the start of VCL file specified with ''-f'' sets the hard limit that cannot be exceeded anywhere, and it selects the appropriate version of the builtin VCL. That means that you can never include "vcl 9.1;" from "vcl 8.7;", but the opposite may be possible, to the extent the compiler supports it. Files pulled in via include do not need to have a "vcl X.Y;" but it may be a good idea to do it anyway, to not have surprises in the future. The syntax version set in an included file only applies to that file and any files it includes - unless these set their own VCL syntax version. The version of Varnish this file belongs to supports syntax 4.0 only.
EXAMPLES
For examples, please see the online documentation.
SEE ALSO
* varnishd(1) * vmod_directors(3) * vmod_std(3)
HISTORY
VCL was developed by Poul-Henning Kamp in cooperation with Verdens Gang AS, Redpill Linpro and Varnish Software. This manual page is written by Per Buer, Poul-Henning Kamp, Martin Blix Grydeland, Kristian Lyngstl, Lasse Karstensen and possibly others.
COPYRIGHT
This document is licensed under the same license as Varnish itself. See
LICENSE for details.
* Copyright (c) 2006 Verdens Gang AS
* Copyright (c) 2006-2015 Varnish Software AS
VCL(7)
Opportunity
Personal Opportunity - Free software gives you access to billions of dollars of software at no cost. Use this software for your business, personal use or to develop a profitable skill. Access to source code provides access to a level of capabilities/information that companies protect though copyrights. Open source is a core component of the Internet and it is available to you. Leverage the billions of dollars in resources and capabilities to build a career, establish a business or change the world. The potential is endless for those who understand the opportunity.
Business Opportunity - Goldman Sachs, IBM and countless large corporations are leveraging open source to reduce costs, develop products and increase their bottom lines. Learn what these companies know about open source and how open source can give you the advantage.
Free Software
Free Software provides computer programs and capabilities at no cost but more importantly, it provides the freedom to run, edit, contribute to, and share the software. The importance of free software is a matter of access, not price. Software at no cost is a benefit but ownership rights to the software and source code is far more significant.
Free Office Software - The Libre Office suite provides top desktop productivity tools for free. This includes, a word processor, spreadsheet, presentation engine, drawing and flowcharting, database and math applications. Libre Office is available for Linux or Windows.
Free Books
The Free Books Library is a collection of thousands of the most popular public domain books in an online readable format. The collection includes great classical literature and more recent works where the U.S. copyright has expired. These books are yours to read and use without restrictions.
Source Code - Want to change a program or know how it works? Open Source provides the source code for its programs so that anyone can use, modify or learn how to write those programs themselves. Visit the GNU source code repositories to download the source.
Education
Study at Harvard, Stanford or MIT - Open edX provides free online courses from Harvard, MIT, Columbia, UC Berkeley and other top Universities. Hundreds of courses for almost all major subjects and course levels. Open edx also offers some paid courses and selected certifications.
Linux Manual Pages - A man or manual page is a form of software documentation found on Linux/Unix operating systems. Topics covered include computer programs (including library and system calls), formal standards and conventions, and even abstract concepts.
