[Varnish] #1312: Single IP in acl definition with overlapping subnet causes issue
Varnish
varnish-bugs at varnish-cache.org
Mon Jun 3 12:28:45 CEST 2013
#1312: Single IP in acl definition with overlapping subnet causes issue
---------------------+--------------------
Reporter: Niels_C | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: trunk | Severity: normal
Keywords: |
---------------------+--------------------
I have encountered a situation where a client IP is not matched against my
ACL, despite an including range being listed.
The client IP in question is 88.83.67.140, which is not being matched
against the range "88.83.64.0"/19;
On IRC, we narrowed the problem down to the fact that another, single, IP
address that is also in the range is present in the ACL (88.83.67.182).
When the single IP is removed, the ACL works as expected.
The order of the IPs in the ACL does not appear to matter.
Files being included with this bug report:
default.vcl
okko.vcl
waoo.vcl
varnishlog of the rejection occuring
In other words, if I remove the single IP entry, "88.83.67.182";, from the
ACL, 88.83.67.140 is matched as expected. But as soon as the 88.83.67.182
entry is included, 88.83.67.140 is no longer matched and requests are
rejected.
Note that I have obfuscated the backend server IPs but everything else is
exactly as running config.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1312>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list