VCL()VCL()NAME
VCL - Varnish Configuration Language
DESCRIPTION
The VCL language is a small domain-specific language designed to be
used to describe request handling and document caching policies for
Varnish Cache.
When a new configuration is loaded, the varnishd management process
translates the VCL code to C and compiles it to a shared object which
is then loaded into the server process.
This document focuses on the syntax of the VCL language. For a full
description of syntax and semantics, with ample examples, please see
the online documentation at https://www.varnish-cache.org/docs/ .
Starting with Varnish 4.0, each VCL file must start by declaring its
version with a special "vcl 4.0;" marker at the top of the file.
Operators
The following operators are available in VCL:
= Assignment operator.
== Comparison.
~ Match. Can either be used with regular expressions or ACLs.
! Negation.
&& Logical and.
|| Logical or.
Conditionals
VCL has if and else statements. Nested logic can be implemented with
the elseif statement. (elsif/elif/else if is equivalent.)
Note that are no loops or iterators of any kind in VCL.
Strings, booleans, time, duration and integers
These are the data types in Varnish. You can set or unset these.
Example:
set req.http.User-Agent = "unknown";
unset req.http.Range;
Strings
Basic strings are enclosed in double quotes (" ... "), and may not con‐
tain newlines. Long strings are enclosed in {" ... "}. They may contain
any character including single double quotes ("), newline and other
control characters except for the NUL (0x00) character.
Booleans
Booleans can be either true or false.
Time
VCL has time. The function now returns a time. A duration can be added
to a time to make another time. In string context they return a format‐
ted string.
Durations
Durations are defined by a number and a designation. The number can be
a real so 1.5w is allowed.
ms milliseconds
s seconds
m minutes
h hours
d days
w weeks
Integers
Certain fields are integers, used as expected. In string context they
return a string.
Real numbers
VCL understands real numbers. As with integers, when used in a string
context they will return a string.
Regular Expressions
Varnish uses Perl-compatible regular expressions (PCRE). For a complete
description please see the pcre(3) man page.
To send flags to the PCRE engine, such as to do case insensitive match‐
ing, add the flag within parens following a question mark, like this:
# If host is NOT example dot com..
if (req.http.host !~ "(?i)example.com$") {
...
}
Include statement
To include a VCL file in another file use the include keyword:
include "foo.vcl";
Import statement
The import statement is used to load Varnish Modules (VMODs.)
Example:
import std;
sub vcl_recv {
std.log("foo");
}
Backend definition
A backend declaration creates and initialises a named backend object. A
declaration start with the keyword backend followed by the name of the
backend. The actual declaration is in curly brackets, in a key/value
fashion.:
backend name {
.attribute = "value";
}
The only mandatory attribute is host. The attributes will inherit their
defaults from the global parameters. The following attributes are
available:
host (mandatory)
The host to be used. IP address or a hostname that resolves to a
single IP address.
port The port on the backend that Varnish should connect to.
host_header
A host header to add.
connect_timeout
Timeout for connections.
first_byte_timeout
Timeout for first byte.
between_bytes_timeout
Timeout between bytes.
probe Attach a probe to the backend. See Probes.
max_connections
Maximum number of open connections towards this backend. If Var‐
nish reaches the maximum Varnish it will start failing connec‐
tions.
Backends can be used with directors. Please see the vmod_direc‐
tors(3) man page for more information.
Probes
Probes will query the backend for status on a regular basis and mark
the backend as down it they fail. A probe is defined as this::
probe name {
.attribute = "value";
}
There are no mandatory options. These are the options you can set:
url The URL to query. Defaults to "/".
request
Specify a full HTTP request using multiple strings. .request
will have rn automatically inserted after every string. If spec‐
ified,
expected_response
The expected HTTP response code. Defaults to 200.
timeout
The timeout for the probe. Default is 2s.
interval
How often the probe is run. Default is 5s.
initial
How many of the polls in .window are considered good when Var‐
nish starts. Defaults to the value of threshold - 1. In this
case, the backend starts as sick and requires one single poll to
be considered healthy.
window How many of the latest polls we examine to determine backend
health. Defaults to 8.
threshold
How many of the polls in .window must have succeeded for us to
consider the backend healthy. If this is set to more than or
equal to the threshold, the backend starts as healthy. Defaults
to the value of threshold - 1. In this case, the backend starts
as sick and requires one poll to pass to become healthy.
Defaults to threshold - 1.
Access Control List (ACL)
An Access Control List (ACL) declaration creates and initialises a
named access control list which can later be used to match client
addresses:
acl localnetwork {
"localhost"; # myself
"192.0.2.0"/24; # and everyone on the local network
! "192.0.2.23"; # except for the dial-in router
}
If an ACL entry specifies a host name which Varnish is unable to
resolve, it will match any address it is compared to. Consequently, if
it is preceded by a negation mark, it will reject any address it is
compared to, which may not be what you intended. If the entry is
enclosed in parentheses, however, it will simply be ignored.
To match an IP address against an ACL, simply use the match operator:
if (client.ip ~ localnetwork) {
return (pipe);
}
VCL objects
A VCL object can be made with the new keyword.
Example:
sub vcl_init {
new b = directors.round_robin()b.add_backend(node1);
}
Subroutines
A subroutine is used to group code for legibility or reusability:
sub pipe_if_local {
if (client.ip ~ localnetwork) {
return (pipe);
}
}
Subroutines in VCL do not take arguments, nor do they return values.
The built in subroutines all have names beginning with vcl_, which is
reserved.
To call a subroutine, use the call keyword followed by the subroutine's
name:
sub vcl_recv {
call pipe_if_local;
}
Return statements
The ongoing vcl_* subroutine execution ends when a return(action)
statement is made.
The action specifies how execution should proceed. The context defines
which actions are available.
Multiple subroutines
If multiple subroutines with the name of one of the built-in ones are
defined, they are concatenated in the order in which they appear in the
source.
The built-in VCL distributed with Varnish will be implicitly concate‐
nated when the VCL is compiled.
Variables
In VCL you have access to certain variable objects. These contain
requests and responses currently being worked on. What variables are
available depends on context.
bereq
bereq.backend Type: BACKEND
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
bereq.between_bytes_timeout Type: DURATION
Readable from: backend
Writable from: backend
The time in seconds to wait between each received byte from the back‐
end. Not available in pipe mode.
bereq.connect_timeout Type: DURATION
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The time in seconds to wait for a backend connection.
bereq.first_byte_timeout Type: DURATION
Readable from: backend
Writable from: backend
The time in seconds to wait for the first byte from the backend. Not
available in pipe mode.
bereq.http. Type: HEADER
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The corresponding HTTP header.
bereq.method Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The request type (e.g. "GET", "HEAD").
bereq.proto Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The HTTP protocol version used to talk to the server.
bereq.retries Type: INT
Readable from: backend
bereq.uncacheable Type: BOOL
Readable from: backend
Writable from: backend
bereq.url Type: STRING
Readable from: vcl_pipe, backend
Writable from: vcl_pipe, backend
The requested URL.
bereq.xid Type: STRING
Readable from: backend
Unique ID of this request.
beresp
beresp.backend.ip Type: IP
Readable from: vcl_backend_response, vcl_backend_error
IP of the backend this response was fetched from.
beresp.backend.name Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Name of the backend this response was fetched from.
beresp.do_esi Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. ESI-process the object after fetching it. Defaults to false.
Set it to true to parse the object for ESI directives. Will only be
honored if req.esi is true.
beresp.do_gunzip Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. Unzip the object before storing it in the cache. Defaults to
false.
beresp.do_gzip Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Boolean. Gzip the object before storing it. Defaults to false. When
http_gzip_support is on Varnish will request already compressed content
from the backend and as such compression in Varnish is not needed.
beresp.do_stream Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Deliver the object to the client directly without fetching the whole
object into varnish. If this request is pass'ed it will not be stored
in memory. As of Varnish Cache 3.0 the object will marked as busy as
it is delivered so only client can access the object.
beresp.grace Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Set to a period to enable grace.
beresp.http. Type: HEADER
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The corresponding HTTP header.
beresp.keep Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
beresp.proto Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP protocol version used the backend replied with.
beresp.reason Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP status message returned by the server.
beresp.status Type: INT
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The HTTP status code returned by the server.
beresp.storage_hint Type: STRING
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
Hint to Varnish that you want to save this object to a particular stor‐
age backend.
beresp.ttl Type: DURATION
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
The object's remaining time to live, in seconds. beresp.ttl is
writable.
beresp.uncacheable Type: BOOL
Readable from: vcl_backend_response, vcl_backend_error
Writable from: vcl_backend_response, vcl_backend_error
client
client.identity Type: STRING
Readable from: client
Writable from: client
Identification of the client, used to load balance in the client direc‐
tor.
client.ip Type: IP
Readable from: client
The client's IP address.
now
now Type: TIME
Readable from: vcl_all
The current time, in seconds since the epoch. When used in string con‐
text it returns a formatted string.
obj
obj.grace Type: DURATION
Readable from: vcl_hit
The object's grace period in seconds. obj.grace is writable.
obj.hits Type: INT
Readable from: vcl_hit, vcl_deliver
The approximate number of times the object has been delivered. A value
of 0 indicates a cache miss. This variable is also available in
vcl_deliver.
obj.http. Type: HEADER
Readable from: vcl_hit
The corresponding HTTP header.
obj.keep Type: DURATION
Readable from: vcl_hit
obj.proto Type: STRING
Readable from: vcl_hit
The HTTP protocol version used when the object was retrieved.
obj.reason Type: STRING
Readable from: vcl_hit
The HTTP status message returned by the server.
obj.status Type: INT
Readable from: vcl_hit
The HTTP status code returned by the server.
obj.ttl Type: DURATION
Readable from: vcl_hit
The object's remaining time to live, in seconds. obj.ttl is writable.
obj.uncacheable Type: BOOL
Readable from: vcl_hit
req
req.backend_hint Type: BACKEND
Readable from: client
Writable from: client
Set bereq.backend to this if we attempt to fetch.
req.can_gzip Type: BOOL
Readable from: client
Does the client accept the gzip transfer encoding.
req.esi Type: BOOL
Readable from: vcl_recv, vcl_backend_response, vcl_deliver, vcl_synth
Writable from: vcl_recv, vcl_backend_response, vcl_deliver, vcl_synth
Boolean. Set to false to disable ESI processing regardless of any value
in beresp.do_esi. Defaults to true. This variable is subject to change
in future versions, you should avoid using it.
req.esi_level Type: INT
Readable from: client
A count of how many levels of ESI requests we're currently at.
req.hash_always_miss Type: BOOL
Readable from: vcl_recv
Writable from: vcl_recv
Force a cache miss for this request. If set to true Varnish will disre‐
gard any existing objects and always (re)fetch from the backend.
req.hash_ignore_busy Type: BOOL
Readable from: vcl_recv
Writable from: vcl_recv
Ignore any busy object during cache lookup. You would want to do this
if you have two server looking up content from each other to avoid
potential deadlocks.
req.http. Type: HEADER
Readable from: client
Writable from: client
The corresponding HTTP header.
req.method Type: STRING
Readable from: client
Writable from: client
The request type (e.g. "GET", "HEAD").
req.proto Type: STRING
Readable from: client
Writable from: client
The HTTP protocol version used by the client.
req.restarts Type: INT
Readable from: client
A count of how many times this request has been restarted.
req.ttl Type: DURATION
Readable from: client
Writable from: client
req.url Type: STRING
Readable from: client
Writable from: client
The requested URL.
req.xid Type: STRING
Readable from: client
Unique ID of this request.
resp
resp.http. Type: HEADER
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The corresponding HTTP header.
resp.proto Type: STRING
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP protocol version to use for the response.
resp.reason Type: STRING
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP status message that will be returned.
resp.status Type: INT
Readable from: vcl_deliver, vcl_synth
Writable from: vcl_deliver, vcl_synth
The HTTP status code that will be returned.
server
server.hostname Type: STRING
Readable from: client
The host name of the server.
server.identity Type: STRING
Readable from: client
The identity of the server, as set by the -i parameter. If the -i
parameter is not passed to varnishd, server.identity will be set to the
name of the instance, as specified by the -n parameter.
server.ip Type: IP
Readable from: client
The IP address of the socket on which the client connection was
received.
Functions
The following built-in functions are available:
ban(expression)
Invalidates all objects in cache that match the expression with
the ban mechanism.
call(subroutine)
Run a VCL subroutine within the current scope.
hash_data(input)
Adds an input to the hash input. In the built-in VCL hash_data()
is called on the host and URL of the request. Available in
vcl_hash.
new() Instanciate a new VCL object. Available in vcl_init.
purge()
Invalidate all variants of the current object using purge.
Available in vcl_miss and vcl_hit.
return()
End execution of the current VCL subroutine, and continue to the
next step in the request handling state machine.
rollback()
Restore request HTTP headers to their original state.
synthetic(STRING)
Prepare a synthetic response body containing the STRING. Avail‐
able in vcl_synth and vcl_backend_error.
regsub(str, regex, sub)
Returns a copy of str with the first occurrence of the regular
expression regex replaced with sub. Within sub, \0 (which can
also be spelled \&) is replaced with the entire matched string,
and \n is replaced with the contents of subgroup n in the
matched string.
regsuball(str, regex, sub)
As regsub() but this replaces all occurrences.
EXAMPLES
For examples, please see the online documentation.
SEE ALSO
· varnishd(1)
· vmod_directors(3)
· vmod_std(3)HISTORY
VCL was developed by Poul-Henning Kamp in cooperation with Verdens Gang
AS, Redpill Linpro and Varnish Software. This manual page is written
by Per Buer, Poul-Henning Kamp, Martin Blix Grydeland, Kristian Lyn‐
gstøl, Lasse Karstensen and possibly others.
COPYRIGHT
This document is licensed under the same license as Varnish itself. See
LICENSE for details.
· Copyright (c) 2006 Verdens Gang AS
· Copyright (c) 2006-2014 Varnish Software AS
VCL()