varnish security

Poul-Henning Kamp phk at
Mon Jul 12 10:37:23 CEST 2010

In message <4C3AD22C.6010709 at>, Chris Hecker writes:

>It looks like all users can access the log shared memory for varnishd 
>(so they can run varnishlog, varnishstat, varnishncsa, etc.).  Is there 
>a way to prevent that?  It's not a huge priority for my current setup, 
>but I was just surprised.

Yes: Protect the directory you specify with the -n argument.

>I noticed there was a thread about the vcl.load interface on 
>securityfocus as well:

I pressume you also bothered to read the vendor response ?

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe    
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-misc mailing list