VSF Rule for general spammy hackers

Paul Armstrong varnish-cache at otoh.org
Sun Mar 13 18:46:00 CET 2016

At 2016-03-14T00:33+0930, Garry Hill wrote:
> I still have loosers scanning my web sites with like
> http://website.com/index.php?option=com_user
> <http://website.com/index.php?option=com_user&task=register> &task=register
> that are having a random go at breaking into Joomla or Worpress that I have
> neither of so they just waste my bandwidth
> I can't find much info on VSF out there and the forum is closed to posting
> can you help me?
> sub vcl_recv {
> if (the URL requested contains "?option=com_user&task=register") {
> Tell him to bugger off }
> }
> Can you please show me how to do something like that? 

G'Day Garry.

I've not used VSF, but it looks like it's just VCL.
This will almost certainly work in the VSF ruleset, but if it chokes,
just put it in your main ruleset.

sub vcl_recv {
  if (req.url ~ "\?option=com_user&task=register") {
    return (synth(403));

If the synthetic 403 is too large and you just want to return a minimal
page for such attacks:

sub vcl_synth {
  if (req.url ~ "\?option=com_user&task=register") {
    unset resp.http.X-Varnish;


More information about the varnish-misc mailing list