cli bans

eric.m.vandenhout at kpn.com eric.m.vandenhout at kpn.com
Thu Aug 22 08:06:50 UTC 2019


Hi,

Just a smal question. Is it possible to temporarily send  a specific http  errorcode back (e.g. http 429) to an  ip from varnish using the commandline client (or by any other means) without restarting varnish?
Consider this scenario:
A varnish cluster is running nicely. Among other things it also gives access to a set of developer api’s.
Not all programmers are equally skilled so sometimes it happens that a programmer creates a loop that is flooding the platform.
At this moment I use fail2ban to just block it in iptables and unblock it after 10 minutes.
However I would prefer instead of blocking it that I can just reroute the requests of this ip temporarily to an errorpage which returns http 429 (which as statuscode also should be returned bij Varnish)
Important with this is than that no varnish restarts are required.

Any ideas?

Met vriendelijke groet/Kind Regards
Eric van den Hout

Devops Engineer / Technical administrator
Cluster Klant & Content  / AAB

[cid:image001.png at 01D558CE.2907C520]

Stationsstraat 115
3811 MH  Amersfoort
Mofo: +31 6 83569993
Email: aab at kpn.com<mailto:aab at kpn.com>
         eric.m.vandenhout at kpn.com<mailto:eric.m.vandenhout at kpn.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20190822/7d2e572b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 10891 bytes
Desc: image001.png
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20190822/7d2e572b/attachment-0001.png>


More information about the varnish-misc mailing list