varnish cache banning with pattern matching

Question

Right, I'm going to be honest, I don't know varnish vcl, I can work out some basic stuff but I don't know it very well which is obviously why I'm having issue's.

I'm trying to set up cache banning via a http request, however the request can't come in via the DNS but rather through the IP address of the varnish box otherwise I can't be sure that every varnish box cache will have the target flushed; this is because we have several varnish boxes all behind an ELB so you can't guarantee that a ban request will not go to the same box twice, hence doing this via IPs.

I'm using this to insure that only the allowed IP's are allowed to ban but this isn't working:

sub vcl_hit {
    if (req.request == "BAN") {
        ban("req.url ==" + req.url);
        error 200 "Purged";
    }
}

I don't really know what to do to get this working and I've looked but most of the tutorials I've found seem to be for full URLS rather than just ip + pattern_to_purge

Answer 1

from your config example i expect you use varnish 3 you can add a list of ips that is allowed to do the purge as followed

acl ban_allowed_ip {
    "127.0.0.1";
    "127.0.0.2";
}

inside your if(req.request =="BAN") add the following

if (!client.ip ~ ban_allowed_ip) {
    error 405 "Not allowed.";
}

Answer 2

The answer is to use:

 if (req.request == "BAN") {
    if (req.http.X-Debug != "True") {   
      error 405 "Not allowed.";
    }
    ban("obj.http.x-url ~ " + req.url);
    error 200 "ban added";
  }

Whilst this will return 200 regardless if the item in the cache exists or not, it does add the ban.