ACL handling and IPv6
Kenneth Rørvik
Kenneth.Rorvik at hio.no
Tue Mar 11 15:59:09 CET 2008
Hi folks. I have a rather wellbehaving varnish running.
However, I need to do some matching against an ACL on client IP address,
including our local ipv6-space.
However, it seems the acl does not actually MATCH the ip6 spec, given as:
acl hio {
#snip
"128.39.89.0"/24;
"2001:700:700::/48";
}
Test in vcl_recv is:
if(req.http.host ~ "^(www.)?hio.no$" && req.url == "/" && !
req.http.Referer ~ "^http://www\.hio\.no" && client.ip ~ hio) {
Example log response partial:
18 SessionOpen c 2001:700:700:5:21d:9ff:fe10:caac 48995
18 VCL_acl c NO_MATCH hio
18 VCL_acl c NO_MATCH hio
18 ReqStart c 2001:700:700:5:21d:9ff:fe10:caac 48995 2045281282
18 RxRequest c GET
18 RxURL c /
So it seems that either my ip6-spec is wrong, or varnish actually does
not handle it correctly. This is Red Hat package varnish-1.1.2-5el5.
Any pointers or ideas?
Kenneth.
More information about the varnish-misc
mailing list