<div dir="ltr">On Sat, Jul 27, 2013 at 5:48 PM, Puneet <span dir="ltr"><<a href="mailto:puneet.arora@insticator.com" target="_blank">puneet.arora@insticator.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div lang="EN-US" link="#0563C1" vlink="#954F72"><div><p class="">
<span style="font-family:Arial,sans-serif;font-size:10pt">I want to stop the users accessing my website via IP address.</span><br></p><p class=""><span style="font-size:10pt;font-family:Arial,sans-serif"><span style="background-color:white">I am using varnish as cache.</span><br>
<span style="background-color:white">I have the following code in place but it is not working.</span><br><br><span style="background-color:white">In vcl_recv() {</span><br><span style="background-color:white"> if(req.url ~ "XX.XX.XXX.XXX") {</span><br>
<span style="background-color:white"> error 750 "Moved Permanently";</span><br><span style="background-color:white"> } }<span> </span></span></span></p></div></div></blockquote><div><br></div><div style>In vcl_recv, you're comparting the IP address with the request URL (req.url), which is wrong. You should compare with client.ip, as it represents the user's IP address.</div>
<div style><br></div><div style>Anyway, a much better approach in my opinion is the code:</div><div style><br></div><div style># list of forbidden ips</div><div style>acl forbidden {</div><div style> "192.168.0.1",</div>
<div style> "192.168.0.2",</div><div style> "XXX.XXX.XXX.XXX"</div><div style>}</div><div style><br></div><div style>sub vcl_recv {</div><div style> if (client.ip ~ forbidden) {</div><div style> error 301 "<a href="http://mywebsite.com">http://mywebsite.com</a>";</div>
<div style> }</div><div style>}</div><div style><br></div><div style><div>sub vcl_error {</div><div> set obj.http.Content-Type = "text/html; charset=utf-8";</div><div> set obj.http.Retry-After = "5";</div>
<div><br></div><div> # we deal with redirects here</div><div> if (obj.status == 301) {</div><div> set obj.http.Location = obj.response;</div><div> set obj.response = "Moved Temporarily";</div><div> return (deliver);</div>
<div> }</div><div><br></div><div> if (obj.status == 301){</div><div> set obj.http.Location = obj.response;</div><div> set obj.response = "Moved Permanently";</div><div> return (deliver);</div><div> }</div>
<div>}</div></div></div><div class="gmail_extra"><br></div>This way you can update the ACL to multiple IP addresses and they'll be all redirected to <a href="http://mywebsite.com">mywebsite.com</a>.</div><div class="gmail_extra">
<div><br></div>-- <br>[]'s<br>Hugo<br><a href="http://www.devin.com.br">www.devin.com.br</a>
</div></div>