<div dir="ltr"><div>Hi all,</div><div><br></div><div>I have joined this list hoping that someone can help me with an issue I have with restricting Varnish HTTP purges to a defined ACL of IPs.</div><div><br></div><div>Our CDN provider use Varnish 2.x (not 3), so I've been following this tutorial on implementing restrictions on HTTP Purges: <a href="https://www.varnish-cache.org/docs/2.1/tutorial/purging.html">https://www.varnish-cache.org/docs/2.1/tutorial/purging.html</a>.</div>
<div><br></div><div>The section that Varnish seems to trip up on is:</div><div><br></div><div> if (req.request == "PURGE" ) {<br></div><div><div> if (!client.ip ~ purge) {</div><div> error 403 "Forbidden";</div>
<div> }</div><div> return (lookup);</div><div> }</div></div><div><br></div><div>When trying to purge the cache via the API from an IP outside of the ACL, it is still accepted and purged. The second line of this block - if (!client.ip ~ purge) { - seems to be the logic that isn't accepted properly. I thought that including the bang outside of the brackets might fix the issue, but it doesn't.</div>
<div><br></div><div>I've only used Varnish a few times beforehand, so would appreciate any assistance anyone can provide.</div><div><br></div><div>Thanks in advance.</div><div><br></div><div dir="ltr">Kind regards,<div>
<br></div><div>Andrew Langhorn</div><div>Web Operations</div><div>Government Digital Service</div><div><br></div><div>e: <a href="mailto:andrew.langhorn@digital.cabinet-office.gov.uk" target="_blank">andrew.langhorn@digital.cabinet-office.gov.uk</a></div>
<div>t: +44 (0)7810 737375</div><div>a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH</div></div>
</div>