blocking not working
Angelo Höngens
A.Hongens at netmatch.nl
Thu Dec 23 15:27:48 CET 2010
Reply to my own post: I was being stupid. The vcl was correct, but my script that loads the vcl into varnish was not working correctly, and I did not read my script output as I should have :(
--
With kind regards,
Angelo Höngens
Systems Administrator
------------------------------------------
NetMatch
tourism internet software solutions
Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239
mailto:A.Hongens at netmatch.nl
http://www.netmatch.nl
------------------------------------------
> -----Original Message-----
> From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-
> bounces at varnish-cache.org] On Behalf Of Angelo Höngens
> Sent: woensdag 22 december 2010 13:23
> To: 'varnish-misc at varnish-cache.org'
> Subject: blocking not working
>
>
> I just added another Bad Guy to my balancer's block list, and I want
> them to see a 403 access denied instead of content. It worked in the
> past (at least back in the 2.0.x age), but now it does not seem to work
> anymore.
>
> Perhaps some syntax changed in 2.1.x regarding this?
>
> I'm running 2.1.4 on CentOS 5.5 x64.
>
> Here's some of my VCL:
>
>
> acl block {
> "a.b.91.19"; /* 20100301 making dummy requests */
> "c.d.40.34"; /* 20100618 There are quite many invalid requests to our
> RSS */
> "e.f.195.11"; /* 20101221 scraping */
> }
>
> sub vcl_recv {
> if ( client.ip ~ block ) {
> error 403 "Access denied";
> }
> # Add a unique header containing the client address
> remove req.http.X-Forwarded-For;
> set req.http.X-Forwarded-For = client.ip;
> ..
> }
>
>
> But when I look in my varnishncsa log, I still see successful requests
> being passed:
>
> e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 73 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.007832050 miss
> e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200
> 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
> 0.665360928 miss
> e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 74 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.006700993 miss
> e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1"
> 200 163794 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.241801977 miss
> e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 75 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.006364822 miss
> e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/north-charleston/comfort-inn-coliseum/hotel/informatie
> HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.625963926 miss
>
> --
>
>
> With kind regards,
>
>
> Angelo Höngens
>
> Systems Administrator
>
> ------------------------------------------
> NetMatch
> tourism internet software solutions
>
> Ringbaan Oost 2b
> 5013 CA Tilburg
> T: +31 (0)13 5811088
> F: +31 (0)13 5821239
>
> mailto:A.Hongens at netmatch.nl
> http://www.netmatch.nl
> ------------------------------------------
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
More information about the varnish-misc
mailing list