Manually refresh cached content in Varnish Cache
An easy way to do it, when you need it
If for whatever reason you ever need to manually refresh cached content in Varnish, be it an image, a script, some css, or a content page, you can use a nice option of Varnish:
{htmlentities(set req.hash_always_miss = true;)}
How to use that feature?
Simple answer: When you press Ctrl+F5 (Win) or Cmd+R (Mac) in your browser. In almost all browsers by now, your browser reloads the page AND sends a "Cache-Control: no-cache" header with its request. You can use that in Varnish:
{htmlentities(sub vcl_recv {
if (req.http.cache-control == "no-cache") {
set req.hash_always_miss = true;
}
})}
How to secure it via IP check
But wait: if you can do it so can someone else do it, which could potentially be harmful, wether intentionally (bad actors) or unintentionally (bad browser extensions, devtools, ...). To get around that you can either limit that feature to certain IPs, like this:
{htmlentities(vcl 4.1;
acl purge {
"123.123.123.123";
}
sub vcl_recv {
if (req.http.cache-control == "no-cache" && client.ip ~ purge) {
set req.hash_always_miss = true;
}
})}
How to secure it via obscure custom header
Or you can use a browser extension to modify headers, like this one, to set a custom header like "X-Obscure-Debug-Header". That header will be send only to a predefined domain, with each request. Since it's bound to the same security measures and risks like sending a Basic Auth header, its within most risk tolerance models.
Finally you put that check into your Varnish config:
{htmlentities(sub vcl_recv {
if (req.http.cache-control == "no-cache" && req.http.X-Obscure-Debug-Header) {
set req.hash_always_miss = true;
}
})}