Stop users accessing website via IP address
Hugo Cisneiros (Eitch)
hugo.cisneiros at gmail.com
Sat Jul 27 23:28:57 CEST 2013
On Sat, Jul 27, 2013 at 5:48 PM, Puneet <puneet.arora at insticator.com> wrote:
> I want to stop the users accessing my website via IP address.
>
> I am using varnish as cache.
> I have the following code in place but it is not working.
>
> In vcl_recv() {
> if(req.url ~ "XX.XX.XXX.XXX") {
> error 750 "Moved Permanently";
> } }
>
In vcl_recv, you're comparting the IP address with the request URL
(req.url), which is wrong. You should compare with client.ip, as it
represents the user's IP address.
Anyway, a much better approach in my opinion is the code:
# list of forbidden ips
acl forbidden {
"192.168.0.1",
"192.168.0.2",
"XXX.XXX.XXX.XXX"
}
sub vcl_recv {
if (client.ip ~ forbidden) {
error 301 "http://mywebsite.com";
}
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
# we deal with redirects here
if (obj.status == 301) {
set obj.http.Location = obj.response;
set obj.response = "Moved Temporarily";
return (deliver);
}
if (obj.status == 301){
set obj.http.Location = obj.response;
set obj.response = "Moved Permanently";
return (deliver);
}
}
This way you can update the ACL to multiple IP addresses and they'll be all
redirected to mywebsite.com.
--
[]'s
Hugo
www.devin.com.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130727/8ceb19b3/attachment.html>
More information about the varnish-misc
mailing list