I recently started setting up a server with Varnish and realized that our instructions for configuring Varnish look terrible. Specifically our recommendations for Varnish 4.0. https://www.mediawiki.org/wiki/Manual:Varnish_caching#Configuring_Varnish_4....
That said, while I know things look wrong, I'm not enough of a Varnish expert to be confident changing the guide.
## Purging The purge instructions look all wrong.
ban() is not equivalent to ban_url() so the invocations look broken.
Also the Varnish 4 instructions do purging with a `return (purge);` and omit the vcl_hit and vcl_miss.
See: https://www.varnish-cache.org/docs/trunk/users-guide/purging.html
## Gzip The instructions still include Accept-Encoding handling. Varnish now handles gzip natively.
From what I understand without this code Varnish will natively prefer
requesting gzipped responses from the server and will handle gunzipping things for clients that don't support it.
I believe normalizing "gzip, deflate" -> "gzip,deflate" or just "gzip, deflate" -> "gzip" is also redundant now: https://github.com/varnish/Varnish-Cache/blob/336f2eb8fe1c8f46dbf32a9bad3871...
## XFF The instructions include the setting of an X-Forwarded-For header to client.ip as well.
This is redundant. Varnish implements XFF natively. And it does it correctly, which is to append to XFF when already present. The guide will end up stripping out information which CheckUser makes use of.
## Redundant and harmful vcl_recv overriding Varnish's default vcl already does stuff like CONNECT piping, Authorization and Cookie passing (and now it also handles the absence of SPDY support). https://github.com/varnish/Varnish-Cache/blob/master/bin/varnishd/builtin.vc...
However the guide duplicates these things and ends with a `return(hash);` making it so the default vcl is never run.
## If-None-Match Someone is going to have to explain this block to me, because doing it does not make sense to me:
if (req.http.If-None-Match) {return(pass);}