I just realized that a week without offending your intelligence is no good week by my standards. So here goes. Did you know that Varnish works out of the box? Provided, of course, you specify a backend to use. In a perfect world your backend would actually respond with a proper
Cache-Control Header and Varnish would go on doing its thing. Yeah – In that perfect world there is no HTTP Cookie. Damn you, Netscape. 1994 is the year the terminator should come back to, stopping you from ruining it for all of us.
Since everybody’s situation is different and so you can break stuff for the lulz, Varnish allows you to do all kinds of weird shit in its configuration file. And if you ever wasted a second to read it before overwriting it with some example you found in the dark alleys of the interwebs, you would have seen what Varnish would do by default. The VCL you can see there is just for show, the logic is actually hardcoded. Beats trying to make you understand the source code of Varnish itself though.
By now I’m sorry that I’ve wasted Rule #1 for something so trivial because it should have been: “Let Varnish be the judge of that“.
Write your configuration with the thought of Varnish being there, knowing what to do, in case you screw it up. Use only the vcl_* hooks you need and, for the love of god, refrain from making hasty decisions in the form of “
return(lookup);” or similar every time you think you got it figured out. Your configuration gets to add or remove headers, send the occasional redirect or a quick “403 Forbidden”. Nothing else. If you don’t know for sure, your job is to let Varnish fall thru at the end of each vcl_* hook thus giving it a chance to decide for itself how to continue.
There is no need to copy that default VCL and extend it. Just write the bits of configuration you need. The bits unique to your situation. Instead of deciding yourself, you can make sure to e.g. remove Cookies so to nudge Varnish into making the decision you want it to make. This way you get to benefit from changes in Varnish’s default behavior the next time you update. Plus, you know, your busy schedule as an overworked sysadmin doesn’t give you the same insight into the world of HTTP caching as the creators of Varnish have.
Don’t be a smart-ass. Your job, while configuring Varnish, is to make sure Varnish has the last word. Don’t decide but let Varnish fall thru at the end of each vcl_* hook. Default behavior is there for a reason; if only to save you from stupid oversight because your boss man is breathing down your neck, creepin’ you out.