blocking not working

Thu Dec 23 15:27:48 CET 2010

Reply to my own post: I was being stupid. The vcl was correct, but my script that loads the vcl into varnish was not working correctly, and I did not read my script output as I should have :(

-- 

With kind regards,

Angelo Höngens

Systems Administrator

------------------------------------------
NetMatch
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
T: +31 (0)13 5811088
F: +31 (0)13 5821239

mailto:A.Hongens at netmatch.nl
http://www.netmatch.nl
------------------------------------------

> -----Original Message-----
> From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-
> bounces at varnish-cache.org] On Behalf Of Angelo Höngens
> Sent: woensdag 22 december 2010 13:23
> To: 'varnish-misc at varnish-cache.org'
> Subject: blocking not working
> 
> 
> I just added another Bad Guy to my balancer's block list, and I want
> them to see a 403 access denied instead of content. It worked in the
> past (at least back in the 2.0.x age), but now it does not seem to work
> anymore.
> 
> Perhaps some syntax changed in 2.1.x regarding this?
> 
> I'm running 2.1.4 on CentOS 5.5 x64.
> 
> Here's some of my VCL:
> 
> 
> acl block {
> "a.b.91.19"; /* 20100301 making dummy requests */
> "c.d.40.34"; /* 20100618 There are quite many invalid requests to our
> RSS  */
> "e.f.195.11"; /* 20101221 scraping */
> }
> 
> sub vcl_recv {
>   if ( client.ip ~ block ) {
>     error 403 "Access denied";
>   }
>   # Add a unique header containing the client address
>   remove req.http.X-Forwarded-For;
>   set req.http.X-Forwarded-For = client.ip;
>   ..
> }
> 
> 
> But when I look in my varnishncsa log, I still see successful requests
> being passed:
> 
> e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 73 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.007832050 miss
> e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200
> 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)"
> 0.665360928 miss
> e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 74 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.006700993 miss
> e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1"
> 200 163794 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.241801977 miss
> e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET
> http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974
> 75 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.006364822 miss
> e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET
> http://www.example.com/verenigde-staten-van-amerika/south-
> carolina/north-charleston/comfort-inn-coliseum/hotel/informatie
> HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32;
> WinHttp.WinHttpRequest.5)" 0.625963926 miss
> 
> --
> 
> 
> With kind regards,
> 
> 
> Angelo Höngens
> 
> Systems Administrator
> 
> ------------------------------------------
> NetMatch
> tourism internet software solutions
> 
> Ringbaan Oost 2b
> 5013 CA Tilburg
> T: +31 (0)13 5811088
> F: +31 (0)13 5821239
> 
> mailto:A.Hongens at netmatch.nl
> http://www.netmatch.nl
> ------------------------------------------
> 
> 
> 
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc