Block IP with Varnish
Joseph Begumisa
j.begumisa at gmail.com
Tue Feb 15 21:14:47 CET 2011
On Tue, Feb 15, 2011 at 11:53 AM, alexus <alexus at gmail.com> wrote:
> probably would... but I'm at that point where I want to block certain
> agents and not just necessarily IP, so Varnish gives me much more
> flexibility vs iptables
>
Create the acls containing the list of ip addresses or networks:
acl forbidden {
"192.168.168.0"/24;
"10.10.10.0"/24;
}
acl useragents {
"192.168.200.0"/24;
"10.10.9.0"/24;
}
Then add the following / modify as appropriate under sub vcl_recv
sub vcl_recv {
# Block access from these hosts
if (client.ip ~ forbidden) {
error 403 "Forbidden";
}
# Block Access from these user agents
if (req.http.User-Agent ~ "Wget" {
error 403 "Forbidden";
}
return (lookup);
}
Joseph
More information about the varnish-misc
mailing list