<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Urg, can't believe I didn't figure this out originally... my varnish server is behind an LB and it wasn't seeing the true IP of the client request.<br><br>--<br>Chad<br><br><div><div id="SkyDrivePlaceholder"></div><hr id="stopSpelling">From: chadaustin@outlook.com<br>To: varnish-misc@varnish-cache.org<br>Subject: purge ACL not being enforced<br>Date: Thu, 11 Apr 2013 17:25:47 -0700<br><br>
<div dir="ltr">
<style><!--
.ExternalClass .ecxhmmessage P {
padding:0px;
}
.ExternalClass body.ecxhmmessage {
font-size:12pt;
font-family:Calibri;
}
--></style>
<div dir="ltr">We're running 3.0.3 and our config is set up to enforce an ACL for purges, but I recently discovered that it has no effect - purges are successful regardless of the origin IP. The config is using the example from the documentation and I've been unable to determine why it's not working. Any help would be appreciated; VCL is below.<br><br>Thanks,<br>Chad<br><br>acl purge {<br> "localhost";<br> "10.0.0.0"/16;<br>}<br><br>backend sc {<br> .host = "39.22.194.41";<br> .port = "80";<br>}<br><br>backend scstatic {<br> .host = "10.0.2.109";<br> .port = "80";<br>}<br><br>backend ecommerce_ext {<br> .host = "39.22.194.40";<br> .port = "80";<br>}<br><br>sub vcl_recv {<br><br> if (req.request != "GET" &&<br> req.request != "HEAD" &&<br> req.request != "PUT" &&<br> req.request != "POST" &&<br> req.request != "TRACE" &&<br> req.request != "OPTIONS" &&<br> req.request != "PURGE" &&<br> req.request != "DELETE") {<br> /* Non-RFC2616 or CONNECT which is weird. */<br> return (pipe);<br> }<br><br> if (req.request == "PURGE") {<br> if (!client.ip ~ purge) {<br> error 405 "Not allowed.";<br> }<br> } else if (req.request != "GET" && req.request != "HEAD") {<br> /* We only deal with GET and HEAD by default */<br> #return (pass);<br> error 500 "Unknown method.";<br> }<br> #if (req.http.Authorization || req.http.Cookie) {<br> # /* Not cacheable by default */<br> # return (pass);<br> #}<br><br> if (req.url == "/sc_status.php") {<br> error 200 "okay."; <br> }<br><br> # remove cookies for all static content<br> unset req.http.Cookie;<br><br> if (req.http.Host == "static.pub-ecommerce.somecompany.com") {<br> set req.backend = ecommerce_ext;<br> set req.http.Host = "pub-ecommerce.somecompany.com";<br> } else if (req.http.Host ~ "static.(.*\.)?somecompany.com") {<br> set req.backend = scstatic;<br> set req.http.Host = "www.somecompany.com";<br> } else if (req.http.Host ~ "somecompany.com(:[0-9]+)?$") {<br> set req.backend = sc;<br> set req.http.Host = "www.somecompany.com";<br> } else {<br> error 404 "Unknown virtual host.";<br> }<br><br> return (lookup);<br>}<br><br>sub vcl_fetch {<br> unset beresp.http.Set-Cookie;<br> <br> # cache 404's for 2 minutes<br> if (beresp.status >= 400 && beresp.status < 500) {<br> set beresp.ttl = 30s;<br> } else if (beresp.status >=500 && beresp.status < 600) {<br> set beresp.ttl = 30s;<br> }<br>}<br><br>sub vcl_deliver {<br> set resp.http.X-Backend = server.identity;<br>}<br><br>sub vcl_hit {<br> if (req.request == "PURGE") {<br> purge;<br> error 200 "Purged HIT.";<br> }<br>}<br><br>sub vcl_miss {<br> if (req.request == "PURGE") {<br> purge;<br> error 200 "Purged MISS.";<br> }<br>}<br><br></div>
</div>
<br>_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc</div> </div></body>
</html>