Last year I setup a Varnish instance in front of a wordpress site so that it would be able to cope with a tsunami of requests.
For that I used the most common VCLs that you can find on google for wordpress that mainly just clear all cookies except for the wp-admin and wp-login pages.
That worked out pretty well, except that our users now were locked out of the "admin" interface on normal pages. By that I mean that they were getting served cached pages even though they were logged in.
Here's how I turned that situation around today. I've added the first block in
vcl_recv
:
if (req.http.Cookie ~ "(comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_logged_in)") {
return (pass);
}
# Make sure the above block is before the one below. We don't want to clear
# out cookies for logged in users.
# Drop any cookies sent to Wordpress.
if (!(req.url ~ "wp-(login|admin)")) {
unset req.http.cookie;
}
I got that trick from the page about Nginx here:
https://codex.wordpress.org/Nginx#W3_Total_Cache_Rules
Now users of the site will be able to visit pages once logged in and see the admin bar on top, and also the "Edit" links inside pages.