varnish .htaccess IP restrictions

Tobias Florek me at
Mon Mar 24 18:23:25 CET 2014


> our users can enter IP access restrictions in .htaccess files
> e.g .allow from
> deny from 2.3.0
 > [...]
> Is there a way to automagically add and check such restrictions to
> cached objects?

it might be possible to always send a HEAD request first and if it 
succeeds send the cached copy. that adds additional roundtrips of course.

it might be possible to set a header whenever an ip restriction happens 
and inspect that header within varnish (would need a vmod to do 
efficiently without edge cases i suppose).

finally _if_ you can enumerate the htaccess files it might be possible 
to parse them and generate (a fragment of) the varnish vcl from a script 
and reload. use kqueue or inotify to do that automatically, if there is 
any need.

good luck,
  tobias florek

More information about the varnish-misc mailing list