Issues restricting HTTP purges based on an ACL
    Thomas Lecomte 
    thomas.lecomte at virtual-expo.com
       
    Wed Feb 26 16:12:35 CET 2014
    
    
  
On Tue, Feb 25, 2014 at 04:31:34PM +0000, Andrew Langhorn wrote:
> The section that Varnish seems to trip up on is:
> 
>   if (req.request == "PURGE" ) {
>      if (!client.ip ~ purge) {
>         error 403 "Forbidden";
>      }
>      return (lookup);
>   }
> 
> When trying to purge the cache via the API from an IP outside of the ACL,
> it is still accepted and purged. The second line of this block - if
> (!client.ip ~ purge) { - seems to be the logic that isn't accepted
> properly. I thought that including the bang outside of the brackets might
> fix the issue, but it doesn't.
Hello,
Have you tried doing it the other way?
i.e.:
   if (req.request == "PURGE" ) {
      if (client.ip ~ purge) {
         return (lookup);
      }
      error 403 "Forbidden";
   }
Regards,
-- 
Thomas Lecomte / +33 4 86 13 48 65
Sysadmin / Virtual Expo / Marseille
    
    
More information about the varnish-misc
mailing list