If you want to completely remove your varnish cache footprints on HTTP Headers, flow this:
sub vcl_deliver { ... ... remove resp.http.X-Varnish; remove resp.http.Via; remove resp.http.Age; remove resp.http.X-Powered-By; unset obj.http.Server; set obj.http.Server = "Go Away"; ... ... } sub vcl_error { ... ... unset obj.http.Server; set obj.http.Server = "Go Away"; ... ...
Recently, I’ve experienced very high load on my http server because of spam bots.
After some inspection on the server using tools like varnishtop , tcpdump, apache mod_log_post , I’ve realized that Web Server receives lots of invalid POST Requests.
as I have only few forms on the Web Server that uses POST method, I decide to Block ALL POST method REQUESTS except my forms , lets say the form urls is :
/upload/mainform.php
/form1.php
/form2.php
/form3.php
I just add thease lines to my Varnish configuration:
... ... sub vcl_recv { ... ... if ( req.request == "POST" ) { if ( req.url ~ "/upload/mainform.php" || req.url ~ "/form1.php" || req.url ~ "/form2.php" || req.url ~ "/form3.php" ) { return (pass); } else { error 403 ": Requested Method is not supported by this server."; } } ... ...
My Technical Diary 