I want to block some IPs, but cannot use if (client.ip ~ blocked_ips), since all the requests go through a load balancer.
The original user IP is stored by the load balancer in a custom header. I tried something like if (req.http.X-My-Custom-Header ~ blocked_ips), but trying to compile it causes a segfault. I also tried to write a C function like this: sub client_check { C{ if (match_acl_named_blocked_ips(sp, VRT_GetHdr(sp, HDR_REQ, "\021X-My-Custom-Header:"))) { VRT_error(sp, 403, "IP blocked - user denied"); VRT_done(sp, VCL_RET_ERROR); } }C } It compiled, but I get this on every request: 7 SessionOpen c 10.16.8.5 57600 :80 0 WorkThread - 0x42802c00 start 0 WorkThread - 0x43203c00 start 0 WorkThread - 0x43c04c00 start 0 CLI - Rd vcl.load boot ./vcl.1P9zoqAU.so 0 CLI - Wr 0 200 Loaded "./vcl.1P9zoqAU.so" as "boot" 0 CLI - Rd vcl.use boot 0 CLI - Wr 0 200 0 CLI - Rd start 0 Debug - "Acceptor is epoll" 0 CLI - Wr 0 200 0 WorkThread - 0x45a07c00 start Thanks, Naama Bamberger Engineering, Director Answers.com na...@answers.com http://www.answers.com http://wiki.answers.com _______________________________________________ varnish-misc mailing list varnish-misc@projects.linpro.no http://projects.linpro.no/mailman/listinfo/varnish-misc