Bypassing the cache for specific URL patterns

Tags: vcl (18) pass (1)

Bypassing the cache in Varnish is done by calling return (pass) in the vcl_recv subroutine of your VCL file. This return statement will send you to the vcl_pass subroutine where a backend fetch will be triggered instead of performing a cache lookup.

This is something you would typically do when you can determine, based on the request information, that the response is not cacheable.

A typical example is using the URL to identify non-cacheable resources.

VCL example

Imagine an application that has an admin panel that is identified by the /admin URL and any subordinate resource of /admin/.

If the URL is /admin, /admin/posts or anything similar, we should bypass the cache as illustrated in the VCL example below:

vcl 4.1;

sub vcl_recv {
    if (req.url ~ "^/admin($|/.*)") {
        return (pass);

In this example we’re hooking into the vcl_recv subroutine and matching the req.url variable to the ^/admin($|/.*) regular expression pattern. If it matches we call return (pass) to bypass the cache.

Pass versus pipe

Please be aware of the difference between return (pass) and return (pipe). Both are used to bypass the cache, but return (pipe) should only be used if the incoming request cannot be identified as an HTTP request.

By piping a request, you take away all notion of HTTP and reduce the data to plain TCP.

A valid use case for a return (pipe) is when a websocket is established by upgrading the HTTP connection via the Connection: Upgrade header. As soon as the connection upgrade takes place, the data is no longer HTTP and return (pipe) is the sensible solution.

Use return (pass) to bypass the cache, unless the request cannot be identified as HTTP.