Is it possible to compare an ACL list to a specific header?
Naama Bamberger
naama at answers.com
Mon Jan 5 12:17:27 CET 2009
I want to block some IPs, but cannot use
if (client.ip ~ blocked_ips),
since all the requests go through a load balancer.
The original user IP is stored by the load balancer in a custom header.
I tried something like if (req.http.X-My-Custom-Header ~ blocked_ips),
but trying to compile it causes a segfault.
I also tried to write a C function like this:
sub client_check {
C{
if (match_acl_named_blocked_ips(sp, VRT_GetHdr(sp, HDR_REQ,
"\021X-My-Custom-Header:"))) {
VRT_error(sp, 403, "IP blocked - user denied");
VRT_done(sp, VCL_RET_ERROR);
}
}C
}
It compiled, but I get this on every request:
7 SessionOpen c 10.16.8.5 57600 :80
0 WorkThread - 0x42802c00 start
0 WorkThread - 0x43203c00 start
0 WorkThread - 0x43c04c00 start
0 CLI - Rd vcl.load boot ./vcl.1P9zoqAU.so
0 CLI - Wr 0 200 Loaded "./vcl.1P9zoqAU.so" as "boot"
0 CLI - Rd vcl.use boot
0 CLI - Wr 0 200
0 CLI - Rd start
0 Debug - "Acceptor is epoll"
0 CLI - Wr 0 200
0 WorkThread - 0x45a07c00 start
Thanks,
Naama Bamberger
Engineering, Director
Answers.com
naama at answers.com
http://www.answers.com
http://wiki.answers.com
More information about the varnish-misc
mailing list