varnish security

Chris Hecker checker at
Mon Jul 12 10:28:28 CEST 2010

It looks like all users can access the log shared memory for varnishd 
(so they can run varnishlog, varnishstat, varnishncsa, etc.).  Is there 
a way to prevent that?  It's not a huge priority for my current setup, 
but I was just surprised.

I noticed there was a thread about the vcl.load interface on 
securityfocus as well:


More information about the varnish-misc mailing list