Stop users accessing website via IP address

Hugo Cisneiros (Eitch) hugo.cisneiros at gmail.com
Sat Jul 27 23:28:57 CEST 2013


On Sat, Jul 27, 2013 at 5:48 PM, Puneet <puneet.arora at insticator.com> wrote:

> I want to stop the users accessing my website via IP address.
>
> I am using varnish as cache.
> I have the following code in place but it is not working.
>
> In vcl_recv() {
>      if(req.url ~ "XX.XX.XXX.XXX") {
>      error 750 "Moved Permanently";
>   } }
>

In vcl_recv, you're comparting the IP address with the request URL
(req.url), which is wrong. You should compare with client.ip, as it
represents the user's IP address.

Anyway, a much better approach in my opinion is the code:

# list of forbidden ips
acl forbidden {
  "192.168.0.1",
  "192.168.0.2",
  "XXX.XXX.XXX.XXX"
}

sub vcl_recv {
  if (client.ip ~ forbidden) {
    error 301 "http://mywebsite.com";
  }
}

sub vcl_error {
  set obj.http.Content-Type = "text/html; charset=utf-8";
  set obj.http.Retry-After = "5";

  # we deal with redirects here
  if (obj.status == 301) {
    set obj.http.Location = obj.response;
    set obj.response = "Moved Temporarily";
    return (deliver);
  }

  if (obj.status == 301){
    set obj.http.Location = obj.response;
    set obj.response = "Moved Permanently";
    return (deliver);
  }
}

This way you can update the ACL to multiple IP addresses and they'll be all
redirected to mywebsite.com.

-- 
[]'s
Hugo
www.devin.com.br
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130727/8ceb19b3/attachment.html>


More information about the varnish-misc mailing list