[PATCH] Implement std.ip() to simplify ACL checking in VCL

Federico Schwindt fgsch at lodoss.net
Fri Aug 2 04:02:29 CEST 2013


On Thu, Aug 1, 2013 at 4:21 PM, Leif Pedersen <bilbo at hobbiton.org> wrote:

> On Thu, Aug 1, 2013 at 5:41 AM, Lasse Karstensen <
> lkarsten at varnish-software.com> wrote:
>
>> On Thu, Aug 01, 2013 at 02:03:14AM +0100, Federico Schwindt wrote:
>> > On Wed, Jul 31, 2013 at 2:46 PM, Lasse Karstensen <
>> lkarsten at varnish-software.com> wrote:
>>
>> > - Using VCL_IP for the fallback parameter restricts what you can use to
>> > client.ip or server.ip. This might or might not be a problem.
>> > I wrote a similar function a while ago that was using a STRING
>> parameter as
>> > suggested by Tollef. Not sure if this is still required.
>>
>> You can of course nest them to get an arbitrary fallback:
>>         std.ip(req.http.X-Forwarded-For, std.ip("127.255.255.255"));
>>
>>
> I've noticed that client.ip and server.ip can be used implicitly as
> strings. (Is this without caveats?) So if std.ip accepts a string as the
> fall-back, then the VCL never need specify the conversion explicitly, which
> would make VCL code more succinct. That is, by accepting a string, both of
> these would work, which I think would be helpful:
>
> std.ip(req.http.X-Forwarded-For, "127.255.255.255");
> std.ip(req.http.X-Forwarded-For, client.ip);
>
 [..]
>

Explicit conversion won't happen in the case above. That'd need to be
implemented first if fallback would change to STRING.

f.-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-dev/attachments/20130802/340e1cb5/attachment.html>


More information about the varnish-dev mailing list