On Tue, Feb 25, 2014 at 6:32 PM, Andrew Langhorn <[email protected]> wrote: > Hi Dridi, > > Unfortunately, I see no references to the purge method being actioned in the > varnishlog. I would have thought I would see it there, but it appears not. > Perhaps this means the purge isn't being completed successfully?
When in doubt, std.log :) https://www.varnish-cache.org/docs/3.0/reference/vmod_std.html#log > Andrew > > > On 25 February 2014 17:05, Dridi Boukelmoune <[email protected]> > wrote: >> >> On Tue, Feb 25, 2014 at 5:31 PM, Andrew Langhorn >> <[email protected]> wrote: >> > Hi all, >> > >> > I have joined this list hoping that someone can help me with an issue I >> > have >> > with restricting Varnish HTTP purges to a defined ACL of IPs. >> > >> > Our CDN provider use Varnish 2.x (not 3), so I've been following this >> > tutorial on implementing restrictions on HTTP Purges: >> > https://www.varnish-cache.org/docs/2.1/tutorial/purging.html. >> >> Hi, >> >> If you issue an https request, the value of client.ip belongs to your >> ssl/tls endpoint, which may be allowed by your ACL. You should maybe >> rely on the X-Forwarded-For header instead (I believe you can trust >> the XFF header sent by your CDN provider). >> >> What do you see in varnishlog ? >> >> Best Regards, >> Dridi >> >> > The section that Varnish seems to trip up on is: >> > >> > if (req.request == "PURGE" ) { >> > if (!client.ip ~ purge) { >> > error 403 "Forbidden"; >> > } >> > return (lookup); >> > } >> > >> > When trying to purge the cache via the API from an IP outside of the >> > ACL, it >> > is still accepted and purged. The second line of this block - if >> > (!client.ip >> > ~ purge) { - seems to be the logic that isn't accepted properly. I >> > thought >> > that including the bang outside of the brackets might fix the issue, but >> > it >> > doesn't. >> > >> > I've only used Varnish a few times beforehand, so would appreciate any >> > assistance anyone can provide. >> > >> > Thanks in advance. >> > >> > Kind regards, >> > >> > Andrew Langhorn >> > Web Operations >> > Government Digital Service >> > >> > e: [email protected] >> > t: +44 (0)7810 737375 >> > a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH >> > >> > _______________________________________________ >> > varnish-misc mailing list >> > [email protected] >> > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc > > > > > -- > Kind regards, > > Andrew Langhorn > Web Operations > Government Digital Service > > e: [email protected] > t: +44 (0)7810 737375 > a: 6th Floor, Aviation House, 125 Kingsway, London, WC2B 6NH _______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
