Code examples in VCL
Push prices or breaking news in real time with Server-Sent-Events
Stream responses to the browser while still receiving data from the origin and also saving it to cache. Great for spreading out server-sent-events streams to millions of users from a single source stream.
Map IPv6 addresses to IPv4 address space
Create an identifier that looks like an IPv4 address if the user has made their request using IPv6. Useful for origin servers that require an IPv4 address for some reason.
Support video scrubbing or download resumption using Range requests
Range headers sent from client are stripped by Fastly so we can cache the full object at the edge.
Make very large payloads visible in VCL using custom headers
Configuration version discrepancy detection
Detect situations when a shield server might have a different version of your code than the edge server, and avoid errors that this might cause.
Math assignment operators in VCL
Use addition, subtraction, multiplication, division, and modulus operators when assigning numeric values to headers or variables.
Regular expression capturing patterns
Capture regex pattern groups to use in matching url segments and more.
Search and replace in strings
Use regular expression substitution functions to map paths, strip extraneous slashes, and more.
Support matching on unicode in VCL. すごい！
Represent non-ASCII characters in VCL using unicode escapes.
Base64 POST body
Access the body of a POST request in Base64-encoded form.
Logical assignment operators in VCL
Logical expressions involving the left side of an assignment as an operand.
Generate random whole numbers in a range.
Extract a substring from a string value
Isolate a portion of a string identified by a range of characters.
Compute intersection of two lists
Useful for comparing capabilities with required permissions.
Catch malicious requests with WAF
The web application firewall catches a variety of different types of malicious requests including cross-site scripting (XSS), SQL injection, remote and local file inclusion (RFI, LFI), remote command execution (RCE) and session fixation.
H2 Server Push
Send required resources along with page responses, before the resources are requested by the browser. Generally no longer a recommended practice.
Bot detection using ratecounter
Rate counters are normally used for detecting high volume DoS-style attacks, but you can also use them to measure lower rates, to ensure that navigation between pages is happening at human speed.
Rate limit requests
Use ratecounters and penalty boxes to stop high-volume automated attacks against your website.
Validate domain on query string
Check the query string if it contains a valid domain.
All code on this page is provided under both the BSD and MIT open source licenses.