blocking not working

Caunter, Stefan scaunter at topscms.com
Wed Dec 22 16:25:12 CET 2010


I'm seeing 301 responses, do you have a redirect rule that is getting executed first?

Stefan Caunter :: Senior Systems Administrator :: TOPS
e: scaunter at topscms.com  ::  m: (416) 561-4871
www.thestar.com www.topscms.com


-----Original Message-----
From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-bounces at varnish-cache.org] On Behalf Of Angelo Höngens
Sent: December-22-10 7:23 AM
To: 'varnish-misc at varnish-cache.org'
Subject: blocking not working


I just added another Bad Guy to my balancer's block list, and I want them to see a 403 access denied instead of content. It worked in the past (at least back in the 2.0.x age), but now it does not seem to work anymore.

Perhaps some syntax changed in 2.1.x regarding this?

I'm running 2.1.4 on CentOS 5.5 x64. 

Here's some of my VCL:


acl block {
"a.b.91.19"; /* 20100301 making dummy requests */
"c.d.40.34"; /* 20100618 There are quite many invalid requests to our RSS  */
"e.f.195.11"; /* 20101221 scraping */
}

sub vcl_recv {
  if ( client.ip ~ block ) {
    error 403 "Access denied";
  }
  # Add a unique header containing the client address
  remove req.http.X-Forwarded-For;
  set req.http.X-Forwarded-For = client.ip;
  ..
}


But when I look in my varnishncsa log, I still see successful requests being passed:

e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197473 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.007832050 miss
e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.665360928 miss
e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197474 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006700993 miss
e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1" 200 163794 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.241801977 miss
e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197475 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006364822 miss
e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/north-charleston/comfort-inn-coliseum/hotel/informatie HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.625963926 miss

-- 

 
With kind regards,
 
 
Angelo Höngens
 
Systems Administrator
 
------------------------------------------
NetMatch
tourism internet software solutions
 
Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239
 
mailto:A.Hongens at netmatch.nl
http://www.netmatch.nl
------------------------------------------




More information about the varnish-misc mailing list