Varnish 404 error every few hours

I wonder if someone can point me in the right direction with this. Something changed on my VPS at my hosting provider and loads of things have been going wrong ever since. One of those things is Varnish – I have had to rebuild my whole varnish configuration and since, every few hours a few of my sites encounter a 404 Forbidden error that is only solved by restarting varnish manually via SSH. I have attached my config below. If someone can help me that would be great. Really starting to pull my hair out now!

backend default {
  .host = "publicIP";
  .port = "8080";
}




acl purge { "localhost"; "127.0.0.1"; "publicIP";}

sub vcl_recv {



# IP forwarding.
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}


# Don't serve cached pages to logged in users
    if ( req.http.cookie ~ "wordpress_logged_in" || req.url ~ "vaultpress=true" ) {
        return( pass );
    }   




    if (req.request == "PURGE") {
    if (!client.ip ~ purge) {
    error 405 "Not allowed.";
    }
    return (lookup);
    }



#set req.grace = 60m;
if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" && req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") { 
 return (pipe); } 
if (req.request != "GET" && req.request != "HEAD") { 
 return (pass); } 
#if (req.http.Authorization || req.http.Cookie) { 
#return (pass); } 
return (lookup); 
# Set X-Forwarded-For header for logging in nginx
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;

# Remove has_js and CloudFlare/Google Analytics __* cookies and statcounter is_unique
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;s*)(_[_a-z]+|has_js|is_unique)=[^;]*", "");
# Remove a ";" prefix, if present.
set req.http.Cookie = regsub(req.http.Cookie, "^;s*", "");

# Either the admin pages or the login
if (req.url ~ "/wp-(login|admin|cron|cart|my-account|checkout|addons|administrator)") {
# Don't cache, pass to backend
return (pass);
}
if (req.url ~ "/administrator") {
  return (pass);
} 
if ( req.url ~ "?add-to-cart=" ) {
 return (pass);
}
if (req.url ~ "/(contact-us|contact|get-a-quote|upload-files|competition)")
{
return(pass);
}
# Never cache PUT, PATCH, DELETE or POST requests 
#if (req.method == "PUT" || req.method == "PATCH" || req.method == "DELETE" || req.method == "POST") { 
#return (pass);
#} 
# Remove the wp-settings-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, "wp-settings-1=[^;]+(; )?", "");

# Remove the wp-settings-time-1 cookie
set req.http.Cookie = regsuball(req.http.Cookie, 
"wp-settings-time-1=[^;]+(; )?", "");

# Remove the wp test cookie
set req.http.Cookie = regsuball(req.http.Cookie, 
"wordpress_test_cookie=[^;]+(;)?", "");

# Static content unique to the theme can be cached (so no user uploaded images)
# The reason I don't take the wp-content/uploads is because of cache size on bigger blogs
# that would fill up with all those files getting pushed into cache
if (req.url ~ "lib/themes/" && req.url ~ 
".(css|js|png|gif|jp(e)?g)") {
unset req.http.cookie;
}

# Even if no cookies are present, I don't want my "uploads" to be cached due to their potential size
if (req.url ~ "/lib/uploads/") {
return (pass);
}

# any pages with captchas need to be excluded
if (req.url ~ "^/contact/" || req.url ~ "^/links/domains-for-sale/")
{
return(pass);
}

# Check the cookies for wordpress-specific items
if (req.http.Cookie ~ "wordpress_" || req.http.Cookie ~ "comment_") {
# A wordpress specific cookie has been set
return (pass);
}

# allow PURGE from localhost
if (req.request == "PURGE") {
if (!client.ip ~ purge) {
error 405 "Not allowed.";
}
return (lookup);
}

# Force lookup if the request is a no-cache request from the client
if (req.http.Cache-Control ~ "no-cache") {
return (pass);
}

# Try a cache-lookup
return (lookup);

}

sub vcl_fetch {
#set obj.grace = 5m;
#set beresp.grace = 60m;

   set beresp.http.Vary = "Accept-Encoding";
# Images
if (req.url ~ ".(jpg|jpeg|png|gif|ico|tiff|tif|bmp|ppm|pgm|xcf|psd|webp|svg)") {
  unset beresp.http.cookie;
  set beresp.http.cache-control = "max-age=2592000";
  return (hit_for_pass);
}

if (!(req.url ~ "wp-(login|admin|cron|cart|my-account|checkout|addons|administrator)")) {
    set beresp.ttl = 6h;
    set beresp.http.cache-control = "max-age=1800, must-revalidate";
}








}

sub vcl_hit {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}

sub vcl_miss {
if (req.request == "PURGE") {
purge;
error 200 "Purged.";
}
}


sub vcl_deliver {
# multi-server webfarm? set a variable here so you can check
# the headers to see which frontend served the request
#   set resp.http.X-Server = "server-01";
   if (obj.hits > 0) {
     set resp.http.X-Cache = "HIT";
   } else {
     set resp.http.X-Cache = "MISS";
   }

     if (resp.http.magicmarker) {
                        /* Remove the magic marker */
                        unset resp.http.magicmarker;

                        /* By definition we have a fresh object */
                        set resp.http.age = "0";
                }

}