improvements to Varnish configs like websocket support, remove the Google Analytics added parameters, strip hash, remove unnecessary cookies
improvements to Varnish configs like websocket support, remove the Google Analytics added parameters, strip hash, remove unnecessary cookies

file:a/readme.txt -> file:b/readme.txt
--- a/readme.txt
+++ b/readme.txt
@@ -4,7 +4,7 @@
 Tags: varnish, purge, cache, caching, optimization, performance, traffic
 Requires at least: 4.0
 Tested up to: 4.7
-Stable tag: 1.5.3
+Stable tag: 1.5.4
 License: GPLv2 or later
 
 Wordpress Varnish Cache 3.x/4.x integration
@@ -116,6 +116,12 @@
 
 == Changelog ==
 
+= 1.5.4 =
+* improvements to Varnish configs like websocket support, remove the Google Analytics added parameters, strip hash, remove unnecessary cookies
+
+= 1.5.3 =
+* hardcoded on/off VCL Generator, filters added to readme
+
 = 1.5.2 =
 * added AMP URL purge
 

--- a/varnish-conf/v3/default.vcl
+++ b/varnish-conf/v3/default.vcl
@@ -21,6 +21,11 @@
         return(pipe);
     }
 
+    # Implementing websocket support (https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html)
+    if (req.http.Upgrade ~ "(?i)websocket") {
+        return (pipe);
+    }
+
     # redirect yourdomain.com to www.yourdomain.com
     #if (req.http.host ~ "^yourdomain\.com$") {
     #    error 750 "http://www.yourdomain.com" + req.url;
@@ -69,10 +74,50 @@
     #}
 
     # Remove has_js, Google Analytics __*, and wooTracker cookies.
-    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|wooTracker)=[^;]*", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(has_js|wooTracker)=[^;]*", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
     set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
+    # Remove DoubleClick offensive cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
+
+    # Remove the Quant Capital cookies (added by some plugin, all __qca)
+    set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
+
+    # Remove the AddThis cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
+
+    # Remove a ";" prefix in the cookie if present
+    set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
+
+    # Are there cookies left with only spaces or that are empty?
     if (req.http.Cookie ~ "^\s*$") {
         unset req.http.Cookie;
+    }
+
+    # Protecting against the HTTPOXY CGI vulnerability.
+    unset req.http.proxy;
+
+    # Remove the Google Analytics added parameters.
+    if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
+        set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
+        set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
+        set req.url = regsub(req.url, "\?&", "?");
+        set req.url = regsub(req.url, "\?$", "");
+    }
+
+    # Strip hash, server doesn't need it.
+    if (req.url ~ "\#") {
+        set req.url = regsub(req.url, "\#.*$", "");
+    }
+
+    # Strip a trailing ? if it exists
+    if (req.url ~ "\?$") {
+        set req.url = regsub(req.url, "\?$", "");
     }
 
     return(lookup);
@@ -157,3 +202,9 @@
     }
 }
 
+sub vcl_pipe {
+     if (req.http.upgrade) {
+         set bereq.http.upgrade = req.http.upgrade;
+     }
+}
+

--- a/varnish-conf/v4/default.vcl
+++ b/varnish-conf/v4/default.vcl
@@ -23,6 +23,11 @@
         return(pipe);
     }
 
+    # Implementing websocket support (https://www.varnish-cache.org/docs/4.0/users-guide/vcl-example-websockets.html)
+    if (req.http.Upgrade ~ "(?i)websocket") {
+        return (pipe);
+    }
+
     # redirect yourdomain.com to www.yourdomain.com
     #if (req.http.host ~ "^yourdomain\.com$") {
     #    set req.http.X-VC-Redirect = "http://www.yourdomain.com" + req.url;
@@ -71,11 +76,54 @@
     #}
 
     # Remove has_js, Google Analytics __*, and wooTracker cookies.
-    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js|wooTracker)=[^;]*", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(has_js|wooTracker)=[^;]*", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "_gat=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
+    set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
     set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
+    # Remove DoubleClick offensive cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "__gads=[^;]+(; )?", "");
+
+    # Remove the Quant Capital cookies (added by some plugin, all __qca)
+    set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
+
+    # Remove the AddThis cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "__atuv.=[^;]+(; )?", "");
+
+    # Remove a ";" prefix in the cookie if present
+    set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
+
+    # Are there cookies left with only spaces or that are empty?
     if (req.http.Cookie ~ "^\s*$") {
         unset req.http.Cookie;
     }
+
+    # Protecting against the HTTPOXY CGI vulnerability.
+    unset req.http.proxy;
+
+    # Remove the Google Analytics added parameters.
+    if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
+        set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
+        set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
+        set req.url = regsub(req.url, "\?&", "?");
+        set req.url = regsub(req.url, "\?$", "");
+    }
+
+    # Strip hash, server doesn't need it.
+    if (req.url ~ "\#") {
+        set req.url = regsub(req.url, "\#.*$", "");
+    }
+
+    # Strip a trailing ? if it exists
+    if (req.url ~ "\?$") {
+        set req.url = regsub(req.url, "\?$", "");
+    }
+
+    # Normalize the query arguments
+    set req.url = std.querysort(req.url);
 
     return(hash);
 }
@@ -162,3 +210,9 @@
     }
 }
 
+sub vcl_pipe {
+     if (req.http.upgrade) {
+         set bereq.http.upgrade = req.http.upgrade;
+     }
+}
+

--- a/vcaching.php
+++ b/vcaching.php
@@ -3,7 +3,7 @@
 Plugin Name: Varnish Caching
 Plugin URI: http://wordpress.org/extend/plugins/vcaching/
 Description: WordPress Varnish Cache integration.
-Version: 1.5.3
+Version: 1.5.4
 Author: Razvan Stanga
 Author URI: http://git.razvi.ro/
 License: http://www.apache.org/licenses/LICENSE-2.0
@@ -313,6 +313,7 @@
         $url = wp_nonce_url(admin_url('?' . $this->getParam), $this->plugin);
         $button = '';
         $nopermission = '';
+        $intro = '';
         if ($this->varnishIp == null) {
             $intro .= sprintf(__('Please setup Varnish IPs to be able to use <a href="%1$s">Varnish Caching</a>.', $this->plugin), 'http://wordpress.org/plugins/varnish-caching/');
         } else {

comments