Issues restricting HTTP purges based on an ACL
Andrew Langhorn
andrew.langhorn at digital.cabinet-office.gov.uk
Tue Feb 25 17:31:34 CET 2014
Hi all,
I have joined this list hoping that someone can help me with an issue I
have with restricting Varnish HTTP purges to a defined ACL of IPs.
Our CDN provider use Varnish 2.x (not 3), so I've been following this
tutorial on implementing restrictions on HTTP Purges:
https://www.varnish-cache.org/docs/2.1/tutorial/purging.html.
The section that Varnish seems to trip up on is:
if (req.request == "PURGE" ) {
if (!client.ip ~ purge) {
error 403 "Forbidden";
}
return (lookup);
}
When trying to purge the cache via the API from an IP outside of the ACL,
it is still accepted and purged. The second line of this block - if
(!client.ip ~ purge) { - seems to be the logic that isn't accepted
properly. I thought that including the bang outside of the brackets might
fix the issue, but it doesn't.
I've only used Varnish a few times beforehand, so would appreciate any
assistance anyone can provide.
Thanks in advance.
Kind regards,
Andrew Langhorn
Web Operations
Government Digital Service
e: andrew.langhorn at digital.cabinet-office.gov.uk
t: +44 (0)7810 737375
a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20140225/605018ec/attachment.html>
More information about the varnish-misc
mailing list