It's not clear from your description, is there an acl defined called purge?
Do logs show that the PURGE request actually came from the IP range you expect? ---- Stefan Caunter ScaleEngine Inc. E: [email protected] Skype: stefan.caunter Toll Free Direct: +1 800 280 6042 Toronto Canada On Tue, Feb 25, 2014 at 11:31 AM, Andrew Langhorn <[email protected]> wrote: > Hi all, > > I have joined this list hoping that someone can help me with an issue I have > with restricting Varnish HTTP purges to a defined ACL of IPs. > > Our CDN provider use Varnish 2.x (not 3), so I've been following this > tutorial on implementing restrictions on HTTP Purges: > https://www.varnish-cache.org/docs/2.1/tutorial/purging.html. > > The section that Varnish seems to trip up on is: > > if (req.request == "PURGE" ) { > if (!client.ip ~ purge) { > error 403 "Forbidden"; > } > return (lookup); > } > > When trying to purge the cache via the API from an IP outside of the ACL, it > is still accepted and purged. The second line of this block - if (!client.ip > ~ purge) { - seems to be the logic that isn't accepted properly. I thought > that including the bang outside of the brackets might fix the issue, but it > doesn't. > > I've only used Varnish a few times beforehand, so would appreciate any > assistance anyone can provide. > > Thanks in advance. > > Kind regards, > > Andrew Langhorn > Web Operations > Government Digital Service > > e: [email protected] > t: +44 (0)7810 737375 > a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
