Issues restricting HTTP purges based on an ACL

Andrew Langhorn andrew.langhorn at
Tue Feb 25 17:31:34 CET 2014

Hi all,

I have joined this list hoping that someone can help me with an issue I
have with restricting Varnish HTTP purges to a defined ACL of IPs.

Our CDN provider use Varnish 2.x (not 3), so I've been following this
tutorial on implementing restrictions on HTTP Purges:

The section that Varnish seems to trip up on is:

  if (req.request == "PURGE" ) {
     if (!client.ip ~ purge) {
        error 403 "Forbidden";
     return (lookup);

When trying to purge the cache via the API from an IP outside of the ACL,
it is still accepted and purged. The second line of this block - if
(!client.ip ~ purge) { - seems to be the logic that isn't accepted
properly. I thought that including the bang outside of the brackets might
fix the issue, but it doesn't.

I've only used Varnish a few times beforehand, so would appreciate any
assistance anyone can provide.

Thanks in advance.

Kind regards,

Andrew Langhorn
Web Operations
Government Digital Service

e: andrew.langhorn at
t: +44 (0)7810 737375
a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the varnish-misc mailing list