Varnish WAF

Advanced Configuration

Editing waf.vcl

To seamlessly edit and maintain a waf.vcl while still being able to update the varnish-plus-waf package, a copy of the VCL with a different name must be made. Now edits can safely be made to /etc/varnish/waf_edit.vcl.

cp /usr/share/varnish-plus/vcl/waf.vcl /etc/varnish/waf_edit.vcl

Update Static Content Type to Skip

The default list of response MIME types to have ModSecurity not parse are shown in vcl_backend_response being compared against beresp.http.Content-Type. To add or remove those, update "audio|image|video". This is a pipe (regex or) delimited list.