Ressuscitando um post antigo, eu sei, mas queria colocar isso aqui para qualquer um que se deparasse com o mesmo problema.
Primeiro, você vai querer deixar os cookies para os usuários que não estão logados. Aqui está uma seção do meu subcliente vcl_recv:
sub vcl_recv {
# Some wordpress URL manipulation
if (req.url ~ "\?(utm_(campaign|medium|source|term)|adParams|client|cx|eid|fbid|feed|ref(id|src)?|v(er|iew))=") {
set req.url = regsub(req.url, "\?.*$", "");
}
# Pass if the page is login, admin, preview, search or xmlrpc
if (req.url ~ "wp-(login|admin)" || req.url ~ "preview=true" || req.url ~ "\?s=" || req.url ~ "xmlrpc.php") {
return (pass);
}
# Some generic URL manipulation, useful for all templates that follow
# First remove the Google Analytics added parameters, useless for our backend
if (req.url ~ "(\?|&)(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=") {
set req.url = regsuball(req.url, "&(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(utm_source|utm_medium|utm_campaign|utm_content|gclid|cx|ie|cof|siteurl)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
# Strip hash, server doesn't need it.
if (req.url ~ "\#") {
set req.url = regsub(req.url, "\#.*$", "");
}
# Strip a trailing ? if it exists
if (req.url ~ "\?$") {
set req.url = regsub(req.url, "\?$", "");
}
# Remove the wp-settings-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");
# Remove the wp-settings-time-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-time-1=[^;]+(; )?", "");
# Remove the wp test cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=[^;]+(; )?", "");
# Remove the cloudflare cookie
set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
# Remove the PHPSESSID in members area cookie
set req.http.Cookie = regsuball(req.http.Cookie, "PHPSESSID=[^;]+(; )?", "");
# Remove the Quant Capital cookies (added by some plugin, all __qca)
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
# Are there cookies left with only spaces or that are empty?
if (req.http.cookie ~ "^\s*$") {
unset req.http.cookie;
}
#Drop ALL cookies sent to WordPress, except those originating from the URLs defined.
if (!(req.url ~ "(wp-login|wp-admin|cart|my-account|checkout|addons|wordpress-social-login|wp-login\.php|forumPM|members)")) {
unset req.http.cookie;
}
}
Além disso, na sua resposta de back-end, você quer descartar cookies se não estiver logado. Você também precisa instruir o verniz para definir o TTL para o beresp, para que o Age nem sempre mostre 0.
sub vcl_backend_response {
if (!(bereq.url ~ "(wp-(login|admin)|login)")) {
unset beresp.http.set-cookie;
}
set beresp.ttl = 1h;
return (deliver);
}
Esse é o básico.