Search
Varnish Enterprise
varnish-enterprise    features
Introduction Installation Upgrading Troubleshooting Changelog Known Issues Features Client SSL/TLS Backend SSL/TLS Cluster MSE 4 Basic Configuration / Getting Started Configuration Persisted caching Categories Configuration Reference MSE 3.0 Settings mkfs.mse Memory Governor NUMA Parallel ESI Backend health counter HTTP/2 Support JSON Logging TCP Only Probes Timeouts Transit Buffer Varnish scoreboard VMODs accept accounting aclplus activedns akamai asn aws blob brotli cookieplus crypto cwt deviceatlas deviceatlas3 digest edgestash file format goto h2 headerplus http image json jwt kv kvstore leastconn mmdb mse mse4 nodes prng probe_proxy proxy purge ratelimit resolver rewrite rtstatus s3 session slicer sqlite3 stale stat std str synthbackend tcp tls udo unix uri urlplus utils vsthrottle xbody ykey

Features

Varnish Enterprise is the enhanced version of Varnish Cache, offering performance improvements and an extended set of features. These features are made available through Varnish Modules, (VMODs), which you can read more about by clicking the links on the left.

Below you’ll find common use-cases and the corresponding features and VMODs that can help you implement them efficiently.

Varnish Enterprise Core (Content Delivery)

The standard set of high-performance delivery, caching, and traffic management features included in the Varnish Enterprise foundation.

HTTP Object Manipulation

Varnish Enterprise provides many VMODs that can simplify and enhance your VCL with focused functions for HTTP headers, URLs, cookies, and request/response bodies:

  • vmod-accept: Sanitize content negotiation headers (Accept-Language, etc.) to avoid object duplication and increase cache efficiency
  • vmod-cookieplus: Get, add, delete, and filter Cookie and Set-Cookie headers to normalize cache keys
  • vmod-headerplus: Advanced header manipulation including accessing singular or multiple headers, regex-based operations, and managing header attributes (e.g., Cache-Control directives)
  • vmod-rewrite: Reduce VCL complexity with rule-based text matching and susbtitution
  • vmod-uri: Parse URIs into components (scheme, authority, path, query, fragment) as defined by RFC3986
  • vmod-urlplus: URL and query string normalization, parsing, and manipulation including query parameter filtering and sorting
  • vmod-xbody: Regex body capture, and transformation

Load Balancing & Traffic Routing

Advanced directors and routing capabilities for distributing traffic across backends:

  • vmod-goto: Dynamic backends to discover new IPs behind a DNS name. This vmod is superseded by vmod-udo
  • vmod-leastconn: Least connections director with backend weights and optional ramp-up time for newly healthy backends
  • vmod-probe_proxy: Redirect health probes through VCL for advanced probe routing, caching, and collapsing
  • vmod-udo: Load-balancing capabilities for static and dynamic backends (including smart retries). Can use the following VMODs as sources for the backend list:
    • vmod-activedns: Dynamic backend creation based on DNS updates with support for A, AAAA, and SRV records
    • vmod-nodes: [Add-on] Define backends using configuration files with support for dynamic updates and multiple subscriber VMODs. Can be populated using varnish-discovery to generate nodes.conf

High Availability & Clustering

Features for building resilient and scalable Varnish deployments:

  • Cluster: Increase cache hit rate by enabling Varnish nodes to request objects from each other, with dynamic service discovery via DNS/SRV
  • Varnish High Availability: API-based content replication system for cache-to-cache transfers across Varnish nodes using HMAC-SHA256 signed replication. Note: Cluster is the newer, preferred approach
  • vmod-stale: Safe and high-performance stale-if-error implementation that avoids request serialization

Cache Invalidation

  • vmod-purge: Fine-grained purge control for cache invalidation with support for both hard and soft purges
  • vmod-ykey: Secondary key-based purging for efficient cache invalidation with support for hard and soft purges.

Storage & Performance

  • HTTP/2: Enable HTTP/2 protocol support for improved performance with multiplexing and header compression. Use vmod-h2 to control HTTP/2 transport behavior
  • Memory Governor: Automated memory management of the cache size
  • MSE4: Massive Storage Engine, a hybrid disk/memory storage for large caches, and compact object structure. Use vmod-mse4 for controlling MSE4 behavior including category assignment and storage selection
  • NUMA: NUMA-awareness for optimized performance on multi-socket systems by ensuring thread affinity and memory locality
  • Transit Buffer: Control memory consumption during streaming passes by pacing backend transfers
  • vmod-brotli: Compress object for faster delivery and better cache efficiency
  • vmod-slicer: Enable caching of partial responses by splitting objects into smaller pieces with range request support

Dynamic Content Assembly

Tools for composing, modifying, and optimizing content on the edge:

  • Parallel ESI (pESI): Fetch all ESI include fragments concurrently for significantly reduced load times
  • vmod-edgestash: Real-time templating engine with Mustache syntax for composing dynamic responses from JSON data
  • vmod-image: Image modification and optimization including format conversion (e.g., WebP)
  • vmod-synthbackend: Create synthetic responses using the request body or VCL data
  • vmod-xbody: Regex body capture, and transformation

Connection Inspection

Inspect and control connection-level properties:

  • vmod-h2: Control and inspect HTTP/2 transport including rapid reset detection
  • vmod-proxy: Extract PROXY protocol v2 TLV attributes for client connection information
  • vmod-session: Manipulate session-local variables including idle timeout settings
  • vmod-tcp: Control TCP congestion algorithms, set connection pacing (rate limiting), and log protocol information
  • vmod-tls: Query TLS connection details for both client and backend connections
  • vmod-unix: Access credentials of peer processes connected via Unix domain sockets

Utility & Helper Functions

  • vmod-blob: Binary data manipulation
  • vmod-digest: Hashing and digest functions
  • vmod-format: Advanced string formatting capabilities
  • vmod-json: JSON parsing and manipulation
  • vmod-std: Standard VMOD with core utility functions including type conversions, string operations, and basic request handling
  • vmod-str: String manipulation utilities
  • vmod-utils: Collection of useful utility functions including fast_304 for efficient revalidation with MSE

Advanced Edge & Security Services

Specialized modules for Security, Observability, and Edge Computing use cases.

Security & Access Control

Enhance security with authentication, encryption, rate limiting, and access control:

  • TLS/SSL: Secure connections with SSL/TLS support for both client-side termination and backend connections. Use vmod-tls to inspect TLS connection details
  • vmod-aclplus: Dynamic ACLs for IP-based access control that can be stored externally and updated without VCL reloads
  • vmod-asn: Look up Autonomous System Numbers (ASN) for IP-based routing and security decisions
  • vmod-crypto: Varnish Total Encryption provides cache encryption with innovative dual-key algorithm and comprehensive crypto API
  • vmod-cwt: [Add-on] Verify and validate CBOR Web Tokens (CWT) for access control, similar to JWT but using CBOR encoding
  • vmod-jwt: Manipulate, create, and verify JWT and JWS tokens for authentication. Use with vmod-json to access token claims once validated
  • vmod-ratelimit: [Add-on] Limit request rates locally or globally across multiple Varnish instances using NATS protocol
  • vmod-resolver: Domain name resolution via reverse/forward DNS lookup for verifying web crawler identities with dynamic IPs
  • vmod-vsthrottle: Rate limiting on a single Varnish server, with per-key throttling
  • vmod-waf: [Add-on] A high-performance Web Application Firewall running in-process to protect against common web vulnerabilities.

Cloud & Backend Integrations

Connectors for external storage, cloud services, and file serving:

  • vmod-akamai: Akamai Connector for integrating data and configuration between Varnish origin servers and Akamai’s CDN network
  • vmod-aws: AWS Signature V4 signing, S3 backend support, and AWS Secrets Manager integration
  • vmod-file: Serve static files directly from the file system, allowing Varnish to act as a file server
  • vmod-http: Make HTTP requests to external services from VCL with support for synchronous and asynchronous calls
  • vmod-s3: S3-specific caching proxy with dynamic backend director for S3 bucket endpoints, load balancing, and smart retries

Edge Compute & State

Stateful storage modules and programmable runtimes:

  • vmod-kv: [Add-on] Improved key-value storage with optional TTLs and distributed support for sharing data between servers. Successor to vmod-kvstore
  • vmod-sqlite3: SQLite database integration for in-memory or file-based relational database queries from VCL

Monitoring & Observability

Enhanced logging and metrics capabilities:

  • JSON Logging: Structured logging in JSON format for better log analysis
  • varnish-otel: [Add-on] Comprehensive observability using OpenTelemetry to export logs, metrics, and traces
  • varnishscoreboard: Display and track Varnish tasks, worker threads, and thread pool activity
  • vmod-accounting: Create custom statistics namespaces and keys for detailed request tracking
  • vmod-stat: Expose Varnish counters and statistics via HTTP backends with support for Prometheus format

Device Detection & Personalization

  • vmod-asn: Identify network ownership and routing information from client IPs
  • vmod-deviceatlas3: [Add-on] Commercial device detection for tailoring responses based on client device specifications
  • vmod-mmdb (geolocation): Associate IP addresses with geolocation data using MaxMind databases
Manuals
Varnish Enterprise
Varnish Cloud
Varnish Controller
Varnish High Availability
Varnish Custom Statistics
Varnish WAF
Varnish Broadcaster
Varnish Helm Chart
Packages
Docker
Varnish Otel
News
Varnish Helm Chart 1.7.5
Varnish Controller 7.3.2
Varnish Helm Chart 1.7.4
Varnish Helm Chart 1.7.3
Varnish Enterprise 6.0.16r10
News archive
Cookie Settings Privacy Policy Contact Us Press Branding
®Varnish Software, Wallingatan 12, 111 60 Stockholm, Organization nr. 556805-6203