Problems with ACL and some prefixes

Liaan vd Merewe varnish at rcgear.co.za
Wed Aug 18 11:31:55 CEST 2010


  Piotr
According to strict IP rules, you not allowed to supernet a 192.168.0.0 
range(its class C range).. so /22 on 192.168.0.0 is prohibited.

I don't know if that is the cause of your problem, can you maybe test on 
a 10.x.x.x range?

cheers
L:


On 18/08/2010 11:00 AM, Piotr Teodorowski wrote:
> Hey,
>
> I've noticed some problems with ACL's (which doesn't work for me for most
> subnet prefixes)
>
> my config:
> acl prd {
>      "192.168.0.0"/22;
>      ! "192.168.1.110";
> }
>
> varnishlog -i VCL_acl,ReqStart
>     12 ReqStart     c 192.168.0.12 48855 1353135783
>     12 VCL_acl      c MATCH prd 192.168.0.0/22
>     12 ReqStart     c 192.168.1.91 52266 1353135784
>     12 VCL_acl      c NO_MATCH prd
>
> acl prd works only for subnet 192.168.0.0/24 not /22
>
> if I change my configuration to
> acl prd {
>      "192.168.0.0"/24;
>      "192.168.1.0"/24;
>      "192.168.2.0"/24;
>      "192.168.3.0"/24;
>      ! "192.168.1.110";
> }
> it seems to work fine (also it works, if I use prefix /16).
>
> I've varnish from debian squeeze:
> varnishd -V
> varnishd (varnish-2.1.2 SVN b8c9904)
> Copyright (c) 2006-2009 Linpro AS / Verdens Gang AS
>
> Am I doing something wrong?
>
> Piotr Teodorowski
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://lists.varnish-cache.org/mailman/listinfo/varnish-misc
>




More information about the varnish-misc mailing list