Issues restricting HTTP purges based on an ACL

Per Buer perbu at varnish-software.com
Wed Feb 26 16:57:32 CET 2014 

Hi,

You're on 2.1. That ancient and I would not recommend running it. !~ was
introduced in 3.0. Try the suggestion from Thomas if you must stay on 2.1.


   if (req.request == "PURGE" ) {
      if (client.ip ~ purge) {
         return (lookup);
      }
      error 403 "Forbidden";
   }

Per.


On Wed, Feb 26, 2014 at 4:46 PM, Andrew Langhorn <
andrew.langhorn at digital.cabinet-office.gov.uk> wrote:

> The VCC compiler doesn't like that syntax, I'm afraid, Per.
>
>
>
> Message from VCC-compiler:
> Invalid condition '!~' on IP number variable
>   only '==', '!=' and '~' are legal
> (input Line 121 Pos 21)
>       if (client.ip !~ purge) {
> --------------------##---------
> Running VCC-compiler failed, exit 1VCL compilation failed
>
>
>
> On 26 February 2014 15:39, Andrew Langhorn <
> andrew.langhorn at digital.cabinet-office.gov.uk> wrote:
>
>> Thanks Per. I'll give that a go.
>> I was using a tutorial at
>> https://www.varnish-cache.org/docs/2.1/tutorial/purging.html - maybe
>> that needs to be updated if it's wrong?
>>
>> I'll let you all know how I get on.
>>
>>
>> On 26 February 2014 15:33, Per Buer <perbu at varnish-software.com> wrote:
>>
>>> Hi,
>>>
>>> I see quite a lot of answers but for some reason noone has noticed the
>>> obvious error here. :-)
>>>
>>> On Tue, Feb 25, 2014 at 5:31 PM, Andrew Langhorn <
>>> andrew.langhorn at digital.cabinet-office.gov.uk> wrote:
>>>
>>>> Hi all,
>>>>
>>>>
>>>>  The section that Varnish seems to trip up on is:
>>>>
>>>>   if (req.request == "PURGE" ) {
>>>>      if (!client.ip ~ purge) {
>>>>         error 403 "Forbidden";
>>>>      }
>>>>      return (lookup);
>>>>   }
>>>>
>>>
>>> What I'm guessing you are trying to say is
>>>  if (client.ip !~ purge) {
>>>         error 403 "Forbidden";
>>>  }
>>>
>>> "!client.ip" doesn't make sense in my book as client.ip isn't boolean.
>>>
>>>
>>> --
>>>  <http://www.varnish-software.com/> *Per Buer*
>>> CTO | Varnish Software
>>> Phone: +47 958 39 117 | Skype: per.buer
>>> We Make Websites Fly!
>>>
>>> Winner of the Red Herring Top 100 Global Award 2013
>>>
>>>
>>>
>>
>>
>> --
>> Kind regards,
>>
>> Andrew Langhorn
>> Web Operations
>> Government Digital Service
>>
>> e: andrew.langhorn at digital.cabinet-office.gov.uk
>> t: +44 (0)7810 737375
>> a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH
>>
>
>
>
> --
> Kind regards,
>
> Andrew Langhorn
> Web Operations
> Government Digital Service
>
> e: andrew.langhorn at digital.cabinet-office.gov.uk
> t: +44 (0)7810 737375
> a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH
>



-- 
 <http://www.varnish-software.com/> *Per Buer*
CTO | Varnish Software
Phone: +47 958 39 117 | Skype: per.buer
We Make Websites Fly!

Winner of the Red Herring Top 100 Global Award 2013
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20140226/f42f0236/attachment.html>

More information about the varnish-misc mailing list