blocking not working

Angelo Höngens A.Hongens at netmatch.nl
Wed Dec 22 13:22:53 CET 2010 

I just added another Bad Guy to my balancer's block list, and I want them to see a 403 access denied instead of content. It worked in the past (at least back in the 2.0.x age), but now it does not seem to work anymore.

Perhaps some syntax changed in 2.1.x regarding this?

I'm running 2.1.4 on CentOS 5.5 x64. 

Here's some of my VCL:


acl block {
"a.b.91.19"; /* 20100301 making dummy requests */
"c.d.40.34"; /* 20100618 There are quite many invalid requests to our RSS  */
"e.f.195.11"; /* 20101221 scraping */
}

sub vcl_recv {
  if ( client.ip ~ block ) {
    error 403 "Access denied";
  }
  # Add a unique header containing the client address
  remove req.http.X-Forwarded-For;
  set req.http.X-Forwarded-For = client.ip;
  ..
}


But when I look in my varnishncsa log, I still see successful requests being passed:

e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197473 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.007832050 miss
e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.665360928 miss
e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197474 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006700993 miss
e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1" 200 163794 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.241801977 miss
e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197475 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006364822 miss
e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/north-charleston/comfort-inn-coliseum/hotel/informatie HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.625963926 miss

-- 

 
With kind regards,
 
 
Angelo Höngens
 
Systems Administrator
 
------------------------------------------
NetMatch
tourism internet software solutions
 
Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239
 
mailto:A.Hongens at netmatch.nl
http://www.netmatch.nl
------------------------------------------

More information about the varnish-misc mailing list