sub vcl_recv {    if (req.request != "GET" &&  req.request != "HEAD" &&  req.request != "PUT" &&  req.request != "POST" &&  req.request != "TRACE" &&  req.request != "OPTIONS" &&  req.request != "DELETE") {  /* Non-RFC2616 or CONNECT which is weird. */  pipe;  }    if (req.request == "POST") {  pipe;  }    if (req.request != "GET" && req.request != "HEAD") {  # PURGE request if zope asks nicely.  # Purge via admin port is preferred btw. There you can purge  # with regular expressions ;)  if (req.request == "PURGE") {  if (!client.ip ~ purge) {  error 405 "Not allowed.";  }  lookup;  }  pass;  }    if (req.http.Expect) {  pipe;  }    /* Always cache images, css and js */  # PLEASE make sure, your secret media files have hard-to-guess filenames ;)  if (req.url ~ "\.(jpg|jpeg|gif|png|tiff|tif|svg|swf|ico|css|js|vsd|doc|ppt|pps|xls|pdf|mp3|mp4|m4a|ogg|mov|avi|wmv|sxw|zip|gz|bz2|tgz|tar|rar|odc|odb|odf|odg|odi|odp|ods|odt|sxc|sxd|sxi|sxw|dmg|torrent|deb|msi|iso|rpm)$") {  lookup;  }    /* Do not cache other authorised content */  if (req.http.Authenticate || req.http.Authorization) {  pass;  }  # We only care about the "__ac.*" cookies, used for authentication and special persistent p_* cookies.  if (req.http.Cookie && ( req.http.Cookie ~ "__ac(|_(name|password|persistent))=" || req.http.Cookie ~ "p_[^=]+=" )) {  pass;  }    # we can add a cookie to the hash and cache per user  #sub vcl_hash {  #       set req.hash += req.http.cookie;  #}    # XXX TODO: I think, both should work... Worth a try?  # Cache all other objects which use cookies (overwrite default).  #if (req.request == "GET" && req.http.cookie) {  #       lookup;  #}  # throw away cookies all other and lookup  remove req.http.cookie;  lookup;  }