Hi Dridi, Unfortunately, I see no references to the purge method being actioned in the varnishlog. I would have thought I would see it there, but it appears not. Perhaps this means the purge isn't being completed successfully?
Andrew On 25 February 2014 17:05, Dridi Boukelmoune <[email protected]>wrote: > On Tue, Feb 25, 2014 at 5:31 PM, Andrew Langhorn > <[email protected]> wrote: > > Hi all, > > > > I have joined this list hoping that someone can help me with an issue I > have > > with restricting Varnish HTTP purges to a defined ACL of IPs. > > > > Our CDN provider use Varnish 2.x (not 3), so I've been following this > > tutorial on implementing restrictions on HTTP Purges: > > https://www.varnish-cache.org/docs/2.1/tutorial/purging.html. > > Hi, > > If you issue an https request, the value of client.ip belongs to your > ssl/tls endpoint, which may be allowed by your ACL. You should maybe > rely on the X-Forwarded-For header instead (I believe you can trust > the XFF header sent by your CDN provider). > > What do you see in varnishlog ? > > Best Regards, > Dridi > > > The section that Varnish seems to trip up on is: > > > > if (req.request == "PURGE" ) { > > if (!client.ip ~ purge) { > > error 403 "Forbidden"; > > } > > return (lookup); > > } > > > > When trying to purge the cache via the API from an IP outside of the > ACL, it > > is still accepted and purged. The second line of this block - if > (!client.ip > > ~ purge) { - seems to be the logic that isn't accepted properly. I > thought > > that including the bang outside of the brackets might fix the issue, but > it > > doesn't. > > > > I've only used Varnish a few times beforehand, so would appreciate any > > assistance anyone can provide. > > > > Thanks in advance. > > > > Kind regards, > > > > Andrew Langhorn > > Web Operations > > Government Digital Service > > > > e: [email protected] > > t: +44 (0)7810 737375 > > a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH > > > > _______________________________________________ > > varnish-misc mailing list > > [email protected] > > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > -- Kind regards, Andrew Langhorn Web Operations Government Digital Service e: [email protected] t: +44 (0)7810 737375 a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
