Using ACL with non-IP fields
Mark Hanford
mark at hanfordonline.co.uk
Fri Mar 31 11:44:32 CEST 2017
Hi folks.
Because my varnish nodes are behind two different proxies, I can't really
use client.ip within my VCL. What I have is a header "X-Real-Ip" instead,
which is populated automatically by one proxy, and by me derived from the
"X-Forwarded-For" for the other.
What this means is that where I would usually use ACL to block access to a
resource:
if (req.http.host == "test.mydomain.com") {
if (client.ip ~ trustedips) {
# allow access
} else {
return (synth(405, "Not allowed");
}
}
But this doesn't work if I replace client.ip with a non-IP typed field.
Message from VCC-compiler:
Expected CSTR got 'purgers'
(program line 1193), at
('default.vcl' Line 339 Pos 34)
if (req.http.X-Real-Ip ~ trustedips) {
---------------------------------##########---
Is there any way I can get the same result as this but without using
client.ip?
thanks,
Mark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20170331/f735812f/attachment.html>
More information about the varnish-misc
mailing list