varnish-misc Digest, Vol 88, Issue 17

Mon Jul 29 14:30:21 CEST 2013

I am not sure if it is my email but it looks like you are passing HTML in
the REDIRECT URL.

The REDIRECT URL should be just a URL. Try a simple URL like
http://www.yahoo.com first. Then work on your regsub statement to set the
right URL.

On Sat, Jul 27, 2013 at 9:38 PM, <varnish-misc-request at varnish-cache.org>wrote:

> Send varnish-misc mailing list submissions to
>         varnish-misc at varnish-cache.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> or, via email, send a message with subject or body 'help' to
>         varnish-misc-request at varnish-cache.org
>
> You can reach the person managing the list at
>         varnish-misc-owner at varnish-cache.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of varnish-misc digest..."
>
>
> Today's Topics:
>
>    1. Re: Stop users accessing website via IP address
>       (Hugo Cisneiros (Eitch))
>    2. Re: Stop users accessing website via IP address (Travis Crowder)
>    3. RE: Stop users accessing website via IP address (Puneet)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 27 Jul 2013 18:28:57 -0300
> From: "Hugo Cisneiros (Eitch)" <hugo.cisneiros at gmail.com>
> To: "varnish-misc at varnish-cache.org" <varnish-misc at varnish-cache.org>
> Subject: Re: Stop users accessing website via IP address
> Message-ID:
>         <CA+KACLkCCfpK2XmM4-vaxOW2b=
> XBL-nbgadgt7FE3XejfWA6cw at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> On Sat, Jul 27, 2013 at 5:48 PM, Puneet <puneet.arora at insticator.com>
> wrote:
>
> > I want to stop the users accessing my website via IP address.
> >
> > I am using varnish as cache.
> > I have the following code in place but it is not working.
> >
> > In vcl_recv() {
> >      if(req.url ~ "XX.XX.XXX.XXX") {
> >      error 750 "Moved Permanently";
> >   } }
> >
>
> In vcl_recv, you're comparting the IP address with the request URL
> (req.url), which is wrong. You should compare with client.ip, as it
> represents the user's IP address.
>
> Anyway, a much better approach in my opinion is the code:
>
> # list of forbidden ips
> acl forbidden {
>   "192.168.0.1",
>   "192.168.0.2",
>   "XXX.XXX.XXX.XXX"
> }
>
> sub vcl_recv {
>   if (client.ip ~ forbidden) {
>     error 301 "http://mywebsite.com";
>   }
> }
>
> sub vcl_error {
>   set obj.http.Content-Type = "text/html; charset=utf-8";
>   set obj.http.Retry-After = "5";
>
>   # we deal with redirects here
>   if (obj.status == 301) {
>     set obj.http.Location = obj.response;
>     set obj.response = "Moved Temporarily";
>     return (deliver);
>   }
>
>   if (obj.status == 301){
>     set obj.http.Location = obj.response;
>     set obj.response = "Moved Permanently";
>     return (deliver);
>   }
> }
>
> This way you can update the ACL to multiple IP addresses and they'll be all
> redirected to mywebsite.com.
>
> --
> []'s
> Hugo
> www.devin.com.br
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130727/8ceb19b3/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 27 Jul 2013 18:53:11 -0500
> From: Travis Crowder <travis.crowder at spechal.com>
> To: Puneet <puneet.arora at insticator.com>
> Cc: varnish-misc at varnish-cache.org
> Subject: Re: Stop users accessing website via IP address
> Message-ID: <A89915AA-A7FE-432D-90CD-E8B6BF12A105 at spechal.com>
> Content-Type: text/plain; charset="us-ascii"
>
> Check against req.http.Host
>
> In vcl_recv:
>
>      if(req.http.Host ~ "8.8.8.8") {
>          error 750;
>      }
>
> -Travis Crowder
>
> On Jul 27, 2013, at 3:48 PM, Puneet <puneet.arora at insticator.com> wrote:
>
> > Hi all,
> >
> > I want to stop the users accessing my website via IP address.
> > I am using varnish as cache.
> > I have the following code in place but it is not working.
> >
> > In vcl_recv() {
> >      if(req.url ~ "XX.XX.XXX.XXX") {
> >      error 750 "Moved Permanently";
> >   } }
> >
> > And in vcl_error()
> > sub vcl_error {
> >     if (obj.status == 750) {
> >     set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+", "
> http://mywebsite.com");
> >     set obj.http.Location = req.http.X-REDIRURL;
> >     set obj.status = 301;
> >     unset req.http.X-REDIRURL;
> >     return(deliver);
> > }
> >
> > But this does not redirect the user to the website, instead it delivers
> the page.
> > Can anyone tell what I am missing?
> >
> > Thanks
> > Puneet
> > _______________________________________________
> > varnish-misc mailing list
> > varnish-misc at varnish-cache.org
> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130727/da02d31d/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Sat, 27 Jul 2013 22:38:24 -0400
> From: Puneet <puneet.arora at insticator.com>
> To: "'Travis Crowder'" <travis.crowder at spechal.com>
> Cc: varnish-misc at varnish-cache.org
> Subject: RE: Stop users accessing website via IP address
> Message-ID: <005701ce8b3b$88e6ee10$9ab4ca30$@insticator.com>
> Content-Type: text/plain; charset="us-ascii"
>
> HI Travis,
>
>
>
> Thanks for the reply.
>
> I think that should work.
>
>
>
> Just one question.
>
> In sub vcl_error() should I also change the
>
>
>
> set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+", "
> <
> http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
> qRF&_t=tracking_anet> http://mywebsite.com");
>
> TO : -->
>
> set req.http.X-REDIRURL = regsub(req.http.host,"https?://[^/$]+", "
> <
> http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
> qRF&_t=tracking_anet> http://mywebsite.com");
>
> ?
>
>
>
> Because when replace req.url with req.http.host, It again stops working.
>
> And If I don't do it, the bowser gives an error "Too many redirects"
>
>
>
> Thanks
>
> Puneet
>
>
>
> From: Travis Crowder [mailto:travis.crowder at spechal.com]
> Sent: Saturday, July 27, 2013 7:53 PM
> To: Puneet
> Cc: varnish-misc at varnish-cache.org
> Subject: Re: Stop users accessing website via IP address
>
>
>
> Check against req.http.Host
>
>
>
> In vcl_recv:
>
>
>
>      if(req.http.Host ~ "8.8.8.8") {
>
>          error 750;
>
>      }
>
>
>
> -Travis Crowder
>
>
>
> On Jul 27, 2013, at 3:48 PM, Puneet <puneet.arora at insticator.com
> <mailto:puneet.arora at insticator.com> > wrote:
>
>
>
>
>
> Hi all,
>
>
> I want to stop the users accessing my website via IP address.
> I am using varnish as cache.
> I have the following code in place but it is not working.
>
> In vcl_recv() {
>      if(req.url ~ "XX.XX.XXX.XXX") {
>      error 750 "Moved Permanently";
>   } }
>
> And in vcl_error()
> sub vcl_error {
>     if (obj.status == 750) {
>     set req.http.X-REDIRURL = regsub(req.url,"https?://[^/$]+", "
> <
> http://www.linkedin.com/redirect?url=http%3A%2F%2Fmywebsite%2Ecom&urlhash=5
> qRF&_t=tracking_anet> http://mywebsite.com");
>     set obj.http.Location = req.http.X-REDIRURL;
>     set obj.status = 301;
>     unset req.http.X-REDIRURL;
>     return(deliver);
> }
>
> But this does not redirect the user to the website, instead it delivers the
> page.
> Can anyone tell what I am missing?
>
>
>
> Thanks
>
> Puneet
>
> _______________________________________________
> varnish-misc mailing list
>  <mailto:varnish-misc at varnish-cache.org> varnish-misc at varnish-cache.org
>  <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130727/21c9f677/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
> End of varnish-misc Digest, Vol 88, Issue 17
> ********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20130729/ea504e3d/attachment.html>