I think this seems related to Varnish.
After I log out, user status should change. But it didn't. I have use "CTRL + F5" to force cache refreshing.
So I am little confused. I forced refreshing of the browser cache or Varnish cache.
If Varnish is caching the correct page ( user is not logged in), why didn't the browser display it, instead, it persists with the old page when the user still logged in.
Any clue?
VCL
backend testserver {
.host = "127.0.0.1";
.port = "8080";
}
acl purge {
"localhost";
"127.0.0.1";
"192.168.3.0"/24;
}
sub vcl_recv {
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return(lookup);
}
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
// Remove has_js and Google Analytics cookies
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*","");
// remove a ";" prefix, if present
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
// remove empty cookies.
if (req.http.Cookie ~ "^\s*$") {
unset req.http.Cookie;
}
// Skip the Vanish cache for install, update, and cron
if (req.url ~ "install\.php|update\.php|cron\.php") {
return (pass);
}
# Normalize Accept-Encoding to get better cache coherency
if (req.http.Accept-Encoding) {
# No point in compressing media that is already compressed
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
remove req.http.Accept-Encoding;
# MSIE 6 JS bug workaround
} elsif(req.http.User-Agent ~ "MSIE 6") {
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# ... other vcl_recv rules here ...
# Don't serve cached content to logged-in users
# Don't cache Drupal logged-in user sessions
# LOGGED_IN is the cookie that earlier version of Pressflow sets
# VARNISH is the cookie which the varnish.module sets
if (req.http.Cookie ~ "(VARNISH|DRUPAL_UID|LOGGED_IN)") {
return (pass);
}
// Let's have a little grace
// When backend cannot generate refreshed content
// this time will allow expired content to stay longer in grace
set req.grace = 0s;
if (req.http.host ~ "^www.test.com") {
set req.backend = testserver;
if (req.request != "GET" && req.request != "HEAD") {
return(pipe);
}
else {
return(lookup);
}
}elsif (req.http.host ~ "^www.test2.com") {
set req.backend = testserver;
if (req.request != "GET" && req.request != "HEAD") {
return(pipe);
}
else {
return(lookup);
}
}
else {
error 404 "test Cache Server IS Out of Order";
return(lookup);
}
# Drupal js/css doesn't need cookies, cache them
if (req.url ~ "^/modules/.*\.(js|css)\?") {
unset req.http.Cookie;
}
## Pass cron jobs and server-status
if (req.url ~ "cron.php") {
return (pass);
}
if (req.url ~ ".*/server-status$") {
return (pass);
}
}
sub vcl_hit {
if (req.request == "PURGE") {
set obj.ttl = 0s;
error 200 "Purged.";
}
}
sub vcl_miss {
if (req.request == "PURGE") {
error 404 "Not in cache.";
}
}
sub vcl_fetch {
if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
unset beresp.http.set-cookie;
}
#if (beresp.http.Pragma ~ "nocache") {
# return(pass);
#}
if (req.request == "GET" && req.url ~ "\.(txt|js)$") {
set beresp.ttl = 3600s;
}
else {
set beresp.ttl = 30d;
}
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
synthetic {"<?xml version="1.0" encoding="utf-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><title>"} obj.status " " obj.response {"</title></head><body><h1>Error "} obj.status " " obj.response {"</h1><p>"} obj.response {"</p><h3>Guru Meditation:</h3><p>XID: "} req.xid {"</p><hr><p>Varnish cache server</p></body></html>"};
return (deliver);
}
sub vcl_pipe {
# http://www.varnish-cache.org/ticket/451
# This forces every pipe request to be the first one.
set bereq.http.connection = "close";
}
Headers
After Log In
Response Headers view source
Cache-Control store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection close
Content-Type text/html; charset=utf-8
Date Tue, 21 Feb 2012 04:09:09 GMT
Expires Sun, 11 Mar 1984 12:00:00 GMT
Last-Modified Tue, 21 Feb 2012 04:09:07 GMT
Location http://www.test.com/frontpage_empty
Server nginx/1.0.0
Set-Cookie SESSe3202baa92dbab78a8d1785ee17b05a0=deleted; expires=Mon, 21-Feb-2011 04:09:08 GMT; path=/ SESSe3202baa92dbab78a8d1785ee17b05a0=67d001b0720c9f5a74e5b671fae74d76; expires=Fri, 09-Mar-2012 12:49:09 GMT; path=/; domain=.test.com LOGGED_IN=Y; expires=Fri, 09-Mar-2012 12:49:07 GMT; path=/
Transfer-Encoding chunked
X-Powered-By PHP/5.2.17
Request Headers view source
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Authorization Basic amFtZXM6MTIzMTIz
Connection keep-alive
Cookie OAID=e171ed7b31967c95a09c70646433d7b1; has_js=1; SESSe3202baa92dbab78a8d1785ee17b05a0=054b6fa52ce9009198a2160800d04456; __utma=256091342.2121990614.1327109315.1329792135.1329797585.41; __utmz=256091342.1327109315.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAID=e171ed7b31967c95a09c70646433d7b1; SESSa395c7767e83fe1b8cd4bf8229e072c3=2bfb1adba208cf29bf17921ce9946bd5; has_js=1; __utmc=256091342; __utmb=256091342.1.10.1329797585
Host www.test.com
Referer http://www.test.com/user/login?destination=frontpage_empty
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
Response Headers From Cache
Cache-Control store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection close
Content-Type text/html; charset=utf-8
Date Tue, 21 Feb 2012 04:09:09 GMT
Expires Sun, 11 Mar 1984 12:00:00 GMT
Last-Modified Tue, 21 Feb 2012 04:09:07 GMT
Location http://www.test.com/frontpage_empty
Server nginx/1.0.0
Set-Cookie SESSe3202baa92dbab78a8d1785ee17b05a0=deleted; expires=Mon, 21-Feb-2011 04:09:08 GMT; path=/ SESSe3202baa92dbab78a8d1785ee17b05a0=67d001b0720c9f5a74e5b671fae74d76; expires=Fri, 09-Mar-2012 12:49:09 GMT; path=/; domain=.test.com LOGGED_IN=Y; expires=Fri, 09-Mar-2012 12:49:07 GMT; path=/
Transfer-Encoding chunked
X-Powered-By PHP/5.2.17
Request Headers From Upload Stream
Content-Length 61
Content-Type application/x-www-form-urlencoded
After log out
Response Headers view source
Cache-Control store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection close
Content-Type text/html; charset=utf-8
Date Tue, 21 Feb 2012 09:10:29 GMT
Expires Sun, 11 Mar 1984 12:00:00 GMT
Last-Modified Tue, 21 Feb 2012 09:10:27 GMT
Location http://www.test.com/
Server nginx/1.0.0
Set-Cookie LOGGED_IN=deleted; expires=Mon, 21-Feb-2011 09:10:28 GMT; path=/
Transfer-Encoding chunked
X-Powered-By PHP/5.2.17
Request Headers view source
Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding gzip, deflate
Accept-Language en-us,en;q=0.5
Authorization Basic amFtZXM6MTIzMTIz
Connection keep-alive
Cookie SESSe3202baa92dbab78a8d1785ee17b05a0=67d001b0720c9f5a74e5b671fae74d76; __utma=256091342.2121990614.1327109315.1329792135.1329797585.41; __utmz=256091342.1327109315.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); OAID=e171ed7b31967c95a09c70646433d7b1; SESSa395c7767e83fe1b8cd4bf8229e072c3=2bfb1adba208cf29bf17921ce9946bd5; has_js=1; __utmc=256091342; LOGGED_IN=Y
Host www.test.com
If-Modified-Since Tue, 21 Feb 2012 03:32:36 GMT
Referer http://www.test.com/
User-Agent Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
What your VCL is currently doing is removing Cookie from the request header and caching all requests. This causes the exact behavior you describe.
Related
API is being fetched from cache. This is happening only in Edge. I went through many similar questions in stackoverflow and tried everything but in vain.
I added cache related headers in Vue js
axios.defaults.headers.common['Cache-Control'] = 'private, no-cache, no-store, must-revalidate'
axios.defaults.headers.common['Expires'] = 0
axios.defaults.headers.common['Pragma'] = 'no-cache'
axios.defaults.headers.common['If-Modified-Since'] = 'Mon, 26 Jul 1997 05:00:00 GMT'
I also added cache headers from server side.
[ResponseCache(NoStore = true, Location = ResponseCacheLocation.None)]
[ServiceFilter(typeof(AuthenticateFilter))]
[Produces("application/json")]
[Route("{tenant}")]
public class DashboardController : Controller
{
}
My Request headers looks like in chrome
Accept: application/json, text/plain, */*
Authorization: Token ggggggggggggggggggggg
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: 0
If-Modified-Since: Mon, 26 Jul 1997 05:00:00 GMT
Origin: http://somedummy.com
Pragma: no-cache
Referer: http://somedummy.com/dashboard/sample
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
withCredentials: true
And response headers :
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://somedummy.com
Cache-Control: no-store,no-cache
Content-Type: application/json; charset=utf-8
Date: Mon, 11 Mar 2019 08:35:36 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains;
Transfer-Encoding: chunked
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
X-StackifyID: V1|b6841c38-3ec0-4a46-ac24-699ac8a5af0d|
X-XSS-Protection: 1; mode=block
APIs are being fetched from server in IE, chrome and safari but only in Edge it is being served from cache even though "Always refresh from server" option in developer option is selected.
I also have added meta in index.html
<meta http-equiv="expires" content="-1">
<meta http-equiv="cache-control" content="max-age=0">
<meta http-equiv="cache-control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="pragma" content="no-cache">
There are no errors in console. No preflight (OPTIONS) call going from Edge. Strange thing is when fiddler is open then APIs are being served from server in Edge.
Thanks in advance.
Your modification is a Server Response, this won't work, instead you should use headers: { Pragma: 'no-cache' }
Example:
const api = axios.create({
headers: { Pragma: 'no-cache' },
});
Or add it to the configuration
const config = {
headers: { Pragma: 'no-cache'},
params: { id: this.state.taskID }
}
axios.get("some URL", config).then(...)
In my Firefox or Chrome if I check the HTTP header the result are always with Content-Encoding: gzip. But I have customers reporting that they see "transfer-encoding: chunked" instead and the request are not gzipped.
http://www.example.com/public/css/style.min.css
If I or the customer do a gzip compression online check it's confirmed gzip is active.
https://checkgzipcompression.com = gzip!
But if I use a checker like this one. http://onlinecurl.com/
I also get the transfer-encoding: chunked
Request:
GET /style/css.css HTTP/1.1
Host: www.example.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
User-Agent: ...
Accept: /
Referer: http://www.example.com/
Accept-Encoding: gzip, deflate
Accept-Language: ...
Cookie: ...
Response:
HTTP/1.1 200 OK
Age: 532948
cache-control: public, max-age=604800
Content-Type: text/css
Date: Wed, 28 Jun 2017 12:35:07 GMT
ETag: "5349e8d595dfd21:0"
Last-Modified: Wed, 07 Jun 2017 13:56:17 GMT
Server: Microsoft-IIS/7.5
Vary: X-UA,Accept-Encoding, User-Agent
X-Cache: HIT
X-Cache-Hits: 6327
X-CacheReason: Static-js-css.
X-Powered-By: ASP.NET
X-Served-By: ip-xxx-xxx-xxx-xx.name.xxx
x-stale: true
X-UA-Device: pc
X-Varnish: 993020034 905795837
X-Varnish-beresp-grace: 43200.000
X-Varnish-beresp-status: 200
X-Varnish-beresp-ttl: 604800.000
transfer-encoding: chunked
Connection: keep-alive
Why are some requests not gzipped, when it should, this is my Varnish config (the part relevant for gzip):
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|flv|swf)$") {
# No point in compressing these
remove req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# Enabling GZIP
if (beresp.http.Content-Type ~ "(text/css|application/x-javascript|application/javascript)") {
set beresp.do_gzip = true;
}
if (beresp.http.Content-Encoding ~ "gzip" ) {
if (beresp.http.Content-Length == "0") {
unset beresp.http.Content-Encoding;
}
}
set beresp.http.Vary = regsub(beresp.http.Vary, "(?i)^(.*?)X-Forwarded-URI,?(.*)$", "\1\2");
set beresp.http.Vary = regsub(beresp.http.Vary, "(?i)^(.*?)User-Agent,?(.*)$", "\1\2");
set beresp.http.Vary = regsub(beresp.http.Vary, "^(.*?),?$", "X-UA,\1");
set beresp.http.Vary = regsub(beresp.http.Vary, "^(.*?),?$", "\1");
Any ideas, thank you.
Responses will only be gzipped if the request indicates that it can accept a gzipped response. This is indicated by the Accept-Encoding header in the request. So perhaps your online curl is not sending that header. It may be the same for your clients who are seeing this. You really have customers who are reporting that they are not getting responses gzipped?
Update
Ah, I see what you're doing now. Are you using a recent version of Varnish? There's no need to do all this yourself now. Varnish handles it all natively. All you need to do is set do_gzip to on for the content types where you want it, and Varnish takes care of the rest, including the Accept-Encoding header. See the documentation here.
So just remove all of your gzip/encoding related code except the part directly under # Enabling GZIP:
# Enabling GZIP
if (beresp.http.Content-Type ~ "(text/css|application/x-javascript|application/javascript)") {
set beresp.do_gzip = true;
}
And that will probably get everything working. It works fine for me that way. The best amount of VCL is as little as possible, Varnish is very good at handling things itself. Don't forget to restart Varnish or otherwise clear the cache for this site after making the change.
In case it's useful, I use the following VCL for this:
if (
beresp.status == 200
&& beresp.http.content-type ~ "\b((text/(html|plain|css|javascript|xml|xsl))|(application/(javascript|xml|xhtml\+xml)))\b"
) {
set beresp.do_gzip = true;
}
Which checks for more content types that can benefit from compression, including HTML. I don't bother with application/x-javascript as it's ancient and not used.
On another note, are you sure you need to be modifying the Vary header in the way that you are doing there?
Right now the default Content-Type of my spring-data-rest (spring-boot 1.4.3.RELEASE) provided controllers are application/hal+json which makes sense. If I use chrome I get application/hal+json for the root of my application for instance since chrome uses an Accept header of "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8". However, the /profile (formally /alps) URLs provide text/html even though the response body is json (making the Content-Type not match the body). If you specifically ask for only application/json then you get the correct response header.
Here is the incorrectly working case (returns text/html when the document/body returned is NOT text/html):
$ http --verbose "http://localhost:8080/v1/profile/eldEvents" "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
GET /v1/profile/eldEvents HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8080
User-Agent: HTTPie/0.9.2
HTTP/1.1 200
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Location, X-Auth, Authorization
Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Location
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: text/html;charset=UTF-8
Date: Fri, 03 Feb 2017 01:16:14 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Transfer-Encoding: chunked
X-Application-Context: application
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
{
"alps" : {
"version" : "1.0",
"descriptors" : [ {
"id" : "eldEvent-representation",
"href" : "http://localhost:8080/v1/profile/eldEvents",
"descriptors" : [ {
"name" : "sequenceId",
"type" : "SEMANTIC"
}, {
...
Cut out the rest of the response, you can see from above it is json data.
I believe the correct Content-Type for the above request should be something similar to "application/json".
If this is still relevant for you: I've solved this by manually overriding all requests against /profile/* with no content-type defined.
#Component
public class ProfileContentTypeFilter extends OncePerRequestFilter
{
private static final AntPathMatcher matcher = new AntPathMatcher();
#Override
protected void doFilterInternal (HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException
{
if (request.getContentType() == null && matcher.match("/profile/*", request.getRequestURI()))
{
// Override response content type for unspecified requests on profile endpoints
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
}
filterChain.doFilter(request, response);
}
}
i have setup varnish 4 to run on port 8081 while apache is configured to run on port 80.
The problem with my setup is that when i browse my domain
http//:mydomain.com:8180/.
i get a (301) permanent redirect to http//:mydomain.com/.
Due to this redirect am unable to get the difference between calling the cached domain http//:mydomain.com:8180/ visa v the uncached domain http//:mydomain.com/.
my varnish config
DAEMON_OPTS="-a :8180\
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,1G"
.......
also the vcl
backend mydomain {
.host = "x.x.x.x";
.port = "80";
.connect_timeout = 60s;
.first_byte_timeout = 60s;
.between_bytes_timeout = 60s;
.max_connections = 800;
}
.......
the responce header shows that apache is the one redirecting.
HTTP/1.1 301 Moved Permanently
Date: Fri, 04 Sep 2015 11:58:04 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Pingback: http//:mydomain.com/xmlrpc.php
Location: http//:mydomain.com/
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Varnish: 32795
Age: 0
Via: 1.1 varnish-v4
Connection: keep-alive
my question is How do i stop the redirect?
fixed this by adding
set req.http.host = "http//:mydomain.com";
in vlc as shown below.
if (req.http.host ~ "mydomain.com:8180") {
set req.http.host = "mydomain.com";
set req.backend_hint = mydomain;
}
by doing this we ensure that the request host is recognized by apache hence apache will not redirect
Our firm uses an application internally that serves more or less static content to all authenticated users. The application is built such that all its resources (js, css, images, html pages) are authenticated. Sadly, I can't seem to get Varnish working for caching authenticated resources. If I make the resource unauthenticated and use the following VCL configuration, things work:
backend default {
.host = "****";
.port = "****";
}
sub vcl_recv {
if (req.url ~ "^/js" || req.url ~ "^/css" || req.url ~ "^/images") {
unset req.http.cookie;
}
}
sub vcl_fetch {
if (req.url ~ "^/js" || req.url ~ "^/css" || req.url ~ "^/images") {
unset beresp.http.set-cookie;
}
}
However, I'm looking to cache despite the resource being authenticated which I understand is not Varnish's default behaviour. Trying
if (req.http.Authorization) {
return(lookup);
}
in vcl_recv hasn't helped. Unsetting Authorization headers doesn't help either (application's authentication gets messed up).
I get the following varnish logs (b- backend calls still happen):
14 TxURL b /_search
14 TxHeader b Content-Type: application/x-www-form-urlencoded
15 RxURL c /_search
15 RxHeader c Content-Type: application/x-www-form-urlencoded
14 TxURL b /admin
14 TxHeader b Content-Type: application/x-www-form-urlencoded
17 RxURL c /admin
17 RxHeader c Content-Type: application/x-www-form-urlencoded
15 RxURL c /_search
15 RxHeader c Content-Type: application/x-www-form-urlencoded
17 RxURL c /admin
17 RxHeader c Content-Type: application/x-www-form-urlencoded
14 TxURL b /js/all.js?_=1385100392830
17 RxURL c /js/all.js?_=1385100392830
Adding the HTTP request and response headers:
Request Headers:
Host: ****.com
Connection: keep-alive
Authorization: Negotiate YIIVTAYGKwYBBQUCoIIVQDCCFTygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKK
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Safari/537.36
Referer: ****
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Response Headers:
Cache-Control: public, max-age=86400
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Content-Encoding: gzip
Last-Modified: Sat, 10 Nov 2012 08:32:01 GMT
Accept-Ranges: bytes
ETag: "{6B28BC5E-71C3-4A1B-9D3C-1DA5EA161F96},2pub"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
SPRequestGuid: 8864bca5-d7cb-4ac0-bbe8-3a64391ca70f
X-AspNet-Version: 2.0.50727
WWW-Authenticate: Negotiate oYGzMIGwoAMKAQChCwYJKoZIgvcSAQICooGbBIGYYIGVBgkqhkiG9xIBAgICAG+BhTCBgqADAgEFoQMCAQ+idjB
Persistent-Auth: true
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.6137
X-MS-InvokeApp: 1; RequireReadOnly
Date: Tue, 26 Nov 2013 15:43:46 GMT
Can someone please provide me a VCL config snippet that can help?