We havie Plone site coming through Varnish front end cache. We'd like to give two different subdomains www.site.com and editors.site.com for this site. The latter would always be serving non-cached versions of the pages and used by the site maintainers to update the content.

What would be the simplest way to accomplish this?

Varnish 2.x - based on the default Debian template

Config below:

 backend default {
     .host = "";
     .port = "8080";

sub vcl_recv {
    if (req.http.host ~ "(www\.)?site\.com(:[0-9]+)?$") {
                set req.url = "/VirtualHostBase/http/www.site.com:80/LS/VirtualHostRoot" req.url;
                set req.backend = default;      
        else if (req.http.host ~ "editors.site.com(:[0-9]+)?$") {
                set req.url = "/VirtualHostBase/http/editors.site.com:80/LS/VirtualHostRoot" req.url;
                set req.backend = default;

# Below is a commented-out copy of the default VCL logic.  If you
# redefine any of these subroutines, the built-in logic will be
# appended to your code.
 sub vcl_recv {
     if (req.http.x-forwarded-for) {
    set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For ", " client.ip;
     } else {
    set req.http.X-Forwarded-For = client.ip;
     if (req.request != "GET" &&
       req.request != "HEAD" &&
       req.request != "PUT" &&
       req.request != "POST" &&
       req.request != "TRACE" &&
       req.request != "OPTIONS" &&
       req.request != "DELETE") {
         /* Non-RFC2616 or CONNECT which is weird. */
         return (pipe);
     if (req.request != "GET" && req.request != "HEAD") {
         /* We only deal with GET and HEAD by default */
         return (pass);
     if (req.http.Authorization || req.http.Cookie) {
         /* Not cacheable by default */
         return (pass);
     return (lookup);

 sub vcl_pipe {
     # Note that only the first request to the backend will have
     # X-Forwarded-For set.  If you use X-Forwarded-For and want to
     # have it set for all requests, make sure to have:
     # set req.http.connection = "close";
     # here.  It is not set by default as it might break some broken web
     # applications, like IIS with NTLM authentication.
     return (pipe);
 sub vcl_pass {
     return (pass);
 sub vcl_hash {
     set req.hash += req.url;
     if (req.http.host) {
         set req.hash += req.http.host;
     } else {
         set req.hash += server.ip;
     return (hash);
sub vcl_hit {
     if (!obj.cacheable) {
         return (pass);
     return (deliver);
 sub vcl_miss {
     return (fetch);
 sub vcl_fetch {
     if (!beresp.cacheable) {
         return (pass);
     if (beresp.http.Set-Cookie) {
         return (pass);
     return (deliver);
 sub vcl_deliver {
     return (deliver);
Mikko Ohtamaa
  • 1,364
  • 3
  • 17
  • 28

3 Answers3


The simplest way is to configure varnish entirely assuming www.site.com. Then add these three lines to the top of your vcl_recv.

#changed single quotes to double quotes throws error for single quotes in varnish 3.0
if (req.http.host == "editors.site.com") {
    return (pass);
  • 1,405
  • 4
  • 17
  • 20
  • That's kind of what I already stated, except that if he add it to the top no other rules will apply. – 3molo Aug 04 '11 at 12:56
  • A "return(pass)" in vcl_recv does not prevent caching, it prevents lookup. The result being object cached but never reused. Please correct me if I'm wrong. – Gerard H. Pille Apr 18 '13 at 12:21

In the bottom of your vcl_recv, you 'return (lookup)', Instead, do a:
"if host = editors.site.com, return (pass).... else return (lookup)"

     if (!req.http.host == "editors.site.com") {
             return (lookup);
     # default rule here
     return (pass);

Here's your config edited

 sub vcl_recv {
     if (req.http.x-forwarded-for) {
    set req.http.X-Forwarded-For =
        req.http.X-Forwarded-For ", " client.ip;
     } else {
    set req.http.X-Forwarded-For = client.ip;
     if (req.request != "GET" &&
       req.request != "HEAD" &&
       req.request != "PUT" &&
       req.request != "POST" &&
       req.request != "TRACE" &&
       req.request != "OPTIONS" &&
       req.request != "DELETE") {
         /* Non-RFC2616 or CONNECT which is weird. */
         return (pipe);
     if (req.request != "GET" && req.request != "HEAD") {
         /* We only deal with GET and HEAD by default */
         return (pass);
     if (req.http.Authorization || req.http.Cookie) {
         /* Not cacheable by default */
         return (pass);

     if (!req.http.host == "editors.site.com") {
             return (lookup);
    return (pass);

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • 4,340
  • 5
  • 30
  • 46

Just tuck return(pass); in the editor part, all Varnish won't cache those requests then.

sub vcl_recv {
[... snip ...]
        else if (req.http.host ~ "editors.site.com(:[0-9]+)?$") {
                set req.url = "/VirtualHostBase/http/editors.site.com:80/LS/VirtualHostRoot" req.url;
                set req.backend = default;
  • 183
  • 1
  • 6