Provided by: varnish_3.0.2-1_amd64 bug


       varnish - Varnish Command Line Interface


       Varnish  as  a  command  line  interface  (CLI)  which  can control and change most of the
       operational parameters and the configuration of Varnish, without interrupting the  running

       The CLI can be used for the following tasks:

              You can upload, change and delete VCL files from the CLI.

              You can inspect and change the various parameters Varnish has available through the
              CLI. The individual parameters are documented in the varnishd(1) man page.

              Statistic counters are available from the CLI.

       bans   Bans are filters that are applied to keep Varnish from serving stale content.  When
              you  issue  a  ban  Varnish will not serve any banned object from cache, but rather
              re-fetch it from its backend servers.

       process management
              You can stop and start the cache (child) process  though  the  CLI.  You  can  also
              retrieve the lastst stack trace if the child process has crashed.

       If  you invoke varnishd(1) with -T, -M or -d the CLI will be available. In debug mode (-d)
       the CLI will be in the foreground, with -T you can connect to it with varnishadm or telnet
       and  with  -M  varnishd  will  connect back to a listening service pushing the CLI to that
       service. Please see varnishd(1) for details.

       Commands are usually terminated with a newline. Long command can be entered using sh style
       here documents. The format of here-documents is::

       << word
            here document

       word  can be any continuous string choosen to make sure it doesn't appear naturally in the
       following here document.

       When using the here document style of input there are  no  restrictions  on  lenght.  When
       using  newline-terminated  commands  maximum  lenght  is limited by the varnishd parameter

       When commands are newline terminated they get tokenized before  parsing  so  if  you  have
       significant spaces enclose your strings in double quotes. Within the quotes you can escape
       characters with \. The n, r and t get translated to newlines, carrage  returns  and  tabs.
       Double quotes themselves can be escaped with a backslash.

       To  enter  characters  in octals use the \nnn syntax. Hexadecimals can be entered with the
       \xnn syntax.

       help [command]
              Display a list of available commands.

              If the command is specified, display help for this command.

       param.set param value
              Set the parameter  specified  by  param  to  the  specified  value.   See  Run-Time
              Parameters for a list of parame‐ ters. [-l] [param]
              Display a list if run-time parameters and their values.

              If  the  -l  option  is  specified,  the  list includes a brief explanation of each

              If a param is specified, display only the value and explanation for this parameter.

       ping [timestamp]
              Ping the Varnish cache process, keeping the connection alive.

       ban field operator argument [&& field operator argument [...]]
              Immediately  invalidate  all  documents  matching  the  ban  expression.   See  Ban
              Expressions for more documentation and examples.

              All  requests for objects from the cache are matched against items on the ban list.
              If an object in the cache is older than a matching ban list item, it is  considered
              "banned", and will be fetched from the backend instead.

              When  a  ban  expression  is older than all the objects in the cache, it is removed
              from the list.

              ban.list displays the ban list. The output looks something like this  (broken  into
              two lines):

              0x7fea4fcb0580 1303835108.618863   131G ~ && req.url
              ~ /some/url

              The first field is the address of the ban.

              The second is the time of entry into the list, given as a high precision timestamp.

              The third field describes many objects  point  to  this  ban.  When  an  object  is
              compared  to  a  ban the object is marked with a reference to the newest ban it was
              tested against. This isn't really useful unless you're debugging.

              A "G" marks that the ban is "Gone". Meaning it has been marked as a duplicate or it
              is no longer valid. It stays in the list for effiency reasons.

              Then follows the actual ban it self.

       ban.url regexp
              Immediately  invalidate  all  documents  whose  URL  matches  the specified regular
              expression. Please note that the Host part of the URL is ignored, so  if  you  have
              several virtual hosts all of them will be banned. Use ban to specify a complete ban
              if you need to narrow it down.

       quit   Close the connection to the varnish admin port.

       start  Start the Varnish cache process if it is not already running.

       stats  Show summary statistics.

              All the numbers presented are totals since server startup; for a better idea of the
              current situation, use the varnishstat(1) utility.

       status Check the status of the Varnish cache process.

       stop   Stop the Varnish cache process.

       vcl.discard configname
              Discard the configuration specified by configname.  This will have no effect if the
              specified configuration has a non-zero reference count.

       vcl.inline configname vcl
              Create a new configuration named configname with the VCL  code  specified  by  vcl,
              which must be a quoted string.

              List  available  configurations  and their respective reference counts.  The active
              configuration is indicated with an asterisk ("*").

       vcl.load configname filename
              Create a new configuration named configname with  the  contents  of  the  specified
              file. configname
              Display the source code for the specified configuration.

       vcl.use configname
              Start  using  the  configuration  specified  by  configname  for  all new requests.
              Existing requests will con‐ tinue using whichever configuration  was  in  use  when
              they arrived.

   Ban Expressions
       A  ban expression consists of one or more conditions.  A condition consists of a field, an
       operator, and an argument.  Conditions can be ANDed together with "&&".

       A field can be any of the variables from  VCL,  for  instance  req.url,  or

       Operators  are "==" for direct comparision, "~" for a regular expression match, and ">" or
       "<" for size comparisons.  Prepending an operator with "!" negates the expression.

       The argument could be a quoted string, a regexp, or an integer.  Integers can  have  "KB",
       "MB", "GB" or "TB" appended for size related fields.

       If  you are going to write a script that talks CLI to varnishd, the include/cli.h contains
       the relevant magic numbers.

       One particular magic number to know, is that the line with  the  status  code  and  length
       field always is exactly 13 characters long, including the NL character.

       For  your  reference  the  sourcefile  lib/libvarnish/cli_common.h  contains the functions
       varnish code uses to read and write CLI response.

   Details on authentication
       If the -S secret-file is given as argument to varnishd, all network CLI  connections  must
       authenticate, by proving they know the contents of that file.

       The  file is read at the time the auth command is issued and the contents is not cached in
       varnishd, so it is possible to update the file on the fly.

       Use the unix file permissions to control access to the file.

       An authenticated session looks like this::

       critter phk> telnet localhost 1234
       Trying ::1...
       Connected to localhost.
       Escape character is '^]'.
       107 59

       Authentication required.

       auth 455ce847f0073c7ab3b1465f74507b75d3dc064c1e7de3b71e00de9092fdc89a
       200 193
       Varnish HTTP accelerator CLI.
       Type 'help' for command list.
       Type 'quit' to close CLI session.
       Type 'start' to launch worker process.

       The CLI status of 107 indicates that authentication is necessary. The first 32  characters
       of the reponse text is the challenge "ixsl...mpg". The challenge is randomly generated for
       each CLI connection, and changes each time a 107 is emitted.

       The most recently emitted  challenge  must  be  used  for  calculating  the  authenticator

       The  authenticator  is  calculated  by  applying the SHA256 function to the following byte

       · Challenge string

       · Newline (0x0a) character.

       · Contents of the secret file

       · Challenge string

       · Newline (0x0a) character.

       and dumping the resulting digest in lower-case hex.

       In the above example, the secret file contained foon and thus::

       critter phk> cat > _
       critter phk> hexdump -C _
       00000000  69 78 73 6c 76 76 78 72  67 6b 6a 70 74 78 6d 63  |ixslvvxrgkjptxmc|
       00000010  67 6e 6e 73 64 78 73 76  64 6d 76 66 79 6d 70 67  |gnnsdxsvdmvfympg|
       00000020  0a 66 6f 6f 0a 69 78 73  6c 76 76 78 72 67 6b 6a  |.foo.ixslvvxrgkj|
       00000030  70 74 78 6d 63 67 6e 6e  73 64 78 73 76 64 6d 76  |ptxmcgnnsdxsvdmv|
       00000040  66 79 6d 70 67 0a                                 |fympg.|
       critter phk> sha256 _
       SHA256 (_) = 455ce847f0073c7ab3b1465f74507b75d3dc064c1e7de3b71e00de9092fdc89a
       critter phk> openssl dgst -sha256 < _

       The sourcefile lib/libvarnish/cli_auth.c contains a useful function which  calculates  the
       response, given an open filedescriptor to the secret file, and the challenge string.


       Simple  example:  All  requests  where req.url exactly matches the string /news are banned
       from the cache::

       req.url == "/news"

       Example: Ban all documents where the name does not end with ".ogg", and where the size  of
       the object is greater than 10 megabytes::

       req.url !~ "\.ogg$" && obj.size > 10MB

       Example:  Ban  all documents where the serving host is "" or "",
       and where the Set-Cookie header received from the backend contains "USERID=1663":: ~ "^(?i)(www\.)$" && obj.set-cookie ~ "USERID=1663"


       · varnishd(1)

       · vanrishadm(1)

       · vcl(7)


       The varnish manual page was written by Per Buer in 2011. Some of the text was  taken  from
       the Varnish Cache wiki, the varnishd(7) man page or the varnish source code.


       This  document  is  licensed  under  the  same  licence as Varnish itself. See LICENCE for

       · Copyright (c) 2011 Varnish Software AS


       Per Buer