varnish-misc Digest, Vol 88, Issue 17
Puneet
puneet.arora at insticator.com
Mon Jul 29 16:13:00 CEST 2013
Hi Richard,
I am able to do have the desired functionality.
I was missing a piece. The issue is resolved.
Thanks
Puneet
From: varnish-misc-bounces+puneet.arora=insticator.com at varnish-cache.org
[mailto:varnish-misc-bounces+puneet.arora=insticator.com at varnish-cache.org]
On Behalf Of Lane, Richard
Sent: Monday, July 29, 2013 8:30 AM
To: varnish-misc at varnish-cache.org
Subject: Re: varnish-misc Digest, Vol 88, Issue 17
I am not sure if it is my email but it looks like you are passing HTML in
the REDIRECT URL.
The REDIRECT URL should be just a URL. Try a simple URL like
http://www.yahoo.com first. Then work on your regsub statement to set the
right URL.
On Sat, Jul 27, 2013 at 9:38 PM, <varnish-misc-request at varnish-cache.org
<mailto:varnish-misc-request at varnish-cache.org> > wrote:
Send varnish-misc mailing list submissions to
varnish-misc at varnish-cache.org
<mailto:varnish-misc at varnish-cache.org>
To subscribe or unsubscribe via the World Wide Web, visit
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
or, via email, send a message with subject or body 'help' to
varnish-misc-request at varnish-cache.org
<mailto:varnish-misc-request at varnish-cache.org>
You can reach the person managing the list at
varnish-misc-owner at varnish-cache.org
<mailto:varnish-misc-owner at varnish-cache.org>
When replying, please edit your Subject line so it is more specific
than "Re: Contents of varnish-misc digest..."
Today's Topics:
1. Re: Stop users accessing website via IP address
(Hugo Cisneiros (Eitch))
2. Re: Stop users accessing website via IP address (Travis Crowder)
3. RE: Stop users accessing website via IP address (Puneet)
----------------------------------------------------------------------
Message: 1
Date: Sat, 27 Jul 2013 18:28:57 -0300
From: "Hugo Cisneiros (Eitch)" <hugo.cisneiros at gmail.com
<mailto:hugo.cisneiros at gmail.com> >
To: "varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
" <varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org> >
Subject: Re: Stop users accessing website via IP address
Message-ID:
<CA+KACLkCCfpK2XmM4-vaxOW2b=XBL-nbgadgt7FE3XejfWA6cw at mail.gmail.com
<mailto:XBL-nbgadgt7FE3XejfWA6cw at mail.gmail.com> >
Content-Type: text/plain; charset="iso-8859-1"
On Sat, Jul 27, 2013 at 5:48 PM, Puneet <puneet.arora at insticator.com
<mailto:puneet.arora at insticator.com> > wrote:
> I want to stop the users accessing my website via IP address.
>
> I am using varnish as cache.
> I have the following code in place but it is not working.
>
> In vcl_recv() {
> if(req.url ~ "XX.XX.XXX.XXX") {
> error 750 "Moved Permanently";
> } }
>
In vcl_recv, you're comparting the IP address with the request URL
(req.url), which is wrong. You should compare with client.ip, as it
represents the user's IP address.
Anyway, a much better approach in my opinion is the code:
# list of forbidden ips
acl forbidden {
"192.168.0.1",
"192.168.0.2",
"XXX.XXX.XXX.XXX"
}
sub vcl_recv {
if (client.ip ~ forbidden) {
error 301 "http://mywebsite.com";
}
}
sub vcl_error {
set obj.http.Content-Type = "text/html; charset=utf-8";
set obj.http.Retry-After = "5";
# we deal with redirects here
if (obj.status == 301) {
set obj.http.Location = obj.response;
set obj.response = "Moved Temporarily";
return (deliver);
}
if (obj.status == 301){
set obj.http.Location = obj.response;
set obj.response = "Moved Permanently";
return (deliver);
}
}
This way you can update the ACL to multiple IP addresses and they'll be all
redirected to mywebsite.com <http://mywebsite.com> .
--
[]'s
Hugo
www.devin.com.br <http://www.devin.com.br>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/2013
0727/8ceb19b3/attachment-0001.html>
------------------------------
Message: 2
Date: Sat, 27 Jul 2013 18:53:11 -0500
From: Travis Crowder <travis.crowder at spechal.com
<mailto:travis.crowder at spechal.com> >
To: Puneet <puneet.arora at insticator.com <mailto:puneet.arora at insticator.com>
>
Cc: varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
Subject: Re: Stop users accessing website via IP address
Message-ID: <A89915AA-A7FE-432D-90CD-E8B6BF12A105 at spechal.com
<mailto:A89915AA-A7FE-432D-90CD-E8B6BF12A105 at spechal.com> >
Content-Type: text/plain; charset="us-ascii"
Check against req.http.Host
In vcl_recv:
if(req.http.Host ~ "8.8.8.8") {
error 750;
}
-Travis Crowder
On Jul 27, 2013, at 3:48 PM, Puneet <puneet.arora at insticator.com
<mailto:puneet.arora at insticator.com> > wrote:
> Hi all,
>
> I want to stop the users accessing my website via IP address.
> I am using varnish as cache.
> I have the following code in place but it is not working.
>
> In vcl_recv() {
> if(req.url ~ "XX.XX.XXX.XXX") {
> error 750 "Moved Permanently";
> } }
>
> And in vcl_error()
> sub vcl_error {
> if (obj.status == 750) {
> set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+",
"http://mywebsite.com");
> set obj.http.Location = req.http.X-REDIRURL;
> set obj.status = 301;
> unset req.http.X-REDIRURL;
> return(deliver);
> }
>
> But this does not redirect the user to the website, instead it delivers
the page.
> Can anyone tell what I am missing?
>
> Thanks
> Puneet
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/2013
0727/da02d31d/attachment-0001.html>
------------------------------
Message: 3
Date: Sat, 27 Jul 2013 22:38:24 -0400
From: Puneet <puneet.arora at insticator.com
<mailto:puneet.arora at insticator.com> >
To: "'Travis Crowder'" <travis.crowder at spechal.com
<mailto:travis.crowder at spechal.com> >
Cc: varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
Subject: RE: Stop users accessing website via IP address
Message-ID: <005701ce8b3b$88e6ee10$9ab4ca30$@insticator.com
<http://insticator.com> >
Content-Type: text/plain; charset="us-ascii"
HI Travis,
Thanks for the reply.
I think that should work.
Just one question.
In sub vcl_error() should I also change the
set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+", "
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
qRF&_t=tracking_anet> &urlhash=5
qRF&_t=tracking_anet> http://mywebsite.com");
TO : -->
set req.http.X-REDIRURL = regsub(req.http.host,"https?://[^/$]+", "
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
qRF&_t=tracking_anet> &urlhash=5
qRF&_t=tracking_anet> http://mywebsite.com");
?
Because when replace req.url with req.http.host, It again stops working.
And If I don't do it, the bowser gives an error "Too many redirects"
Thanks
Puneet
From: Travis Crowder [mailto:travis.crowder at spechal.com
<mailto:travis.crowder at spechal.com> ]
Sent: Saturday, July 27, 2013 7:53 PM
To: Puneet
Cc: varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
Subject: Re: Stop users accessing website via IP address
Check against req.http.Host
In vcl_recv:
if(req.http.Host ~ "8.8.8.8") {
error 750;
}
-Travis Crowder
On Jul 27, 2013, at 3:48 PM, Puneet <puneet.arora at insticator.com
<mailto:puneet.arora at insticator.com>
<mailto:puneet.arora at insticator.com <mailto:puneet.arora at insticator.com> > >
wrote:
Hi all,
I want to stop the users accessing my website via IP address.
I am using varnish as cache.
I have the following code in place but it is not working.
In vcl_recv() {
if(req.url ~ "XX.XX.XXX.XXX") {
error 750 "Moved Permanently";
} }
And in vcl_error()
sub vcl_error {
if (obj.status == 750) {
set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+", "
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
qRF&_t=tracking_anet> &urlhash=5
qRF&_t=tracking_anet> http://mywebsite.com");
set obj.http.Location = req.http.X-REDIRURL;
set obj.status = 301;
unset req.http.X-REDIRURL;
return(deliver);
}
But this does not redirect the user to the website, instead it delivers the
page.
Can anyone tell what I am missing?
Thanks
Puneet
_______________________________________________
varnish-misc mailing list
<mailto:varnish-misc at varnish-cache.org
<mailto:varnish-misc at varnish-cache.org> > varnish-misc at varnish-cache.org
<mailto:varnish-misc at varnish-cache.org>
<https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/2013
0727/21c9f677/attachment.html>
------------------------------
_______________________________________________
varnish-misc mailing list
varnish-misc at varnish-cache.org <mailto:varnish-misc at varnish-cache.org>
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
End of varnish-misc Digest, Vol 88, Issue 17
********************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130729/58693394/attachment-0001.html>
More information about the varnish-misc
mailing list