Reputation: 640
Varnish allow purge from any IPs
I have a varnish cache server. I want to allow only three hosts can Purge a url or domain. I use the following varnish config for purging as the official web sites says:
backend web_servers {
.host = "192.168.1.20";
.port = "80";
.probe = backend_healthcheck;
}
acl purge {
"localhost";
"192.168.1.0"/24;
"PUBLIC_IP";
}
sub vcl_recv {
if (req.method == "PURGE")
{
if (!client.ip ~ purge)
{
return(synth(405,"Not allowed."));
}
return (purge);
}
## Rest of vcl_recv
}
The problem is that I can purge a url from any IP address when executing the following curl command:
curl -X PURGE "domain_name.com"
I want only the IPs listed in purge section can purge a url from the admin port 6082 Not any other IPs from port 80. Any help is appreciated.
Upvotes: 0
Views: 2361
Answers (1)
Reputation: 640
I found the solution to my issue. A stupid mistake. My varnish server is behind a proxy so, all IPs are 127.0.0.1 when I use "client.ip" to check the allowed IP addresses. I removed ACL purge and replaced the following lines :
if (!client.ip ~ purge)
{
return(synth(405,"Not allowed."));
}
return (purge);
with these ones:
if (req.http.X-Forwarded-For == "PUBLIC_IP, 127.0.0.1" || req.http.X-Forwarded-For == "192.168.1.2, 127.0.0.1")
{
return (purge);
}
return(synth(405,"Not allowed."));
and now everything is working just fine.
Upvotes: 5
Related Questions
- Varnish - Bypass Cache for IP Address
- Varnish 4 + Pounds - Bypass cache for specific IP Address
- Purge varnish cache based on request header values
- Purge varnish cache with multiple backends
- PURGE fails in Varnish cache
- Invalidate Varnish cache on multiple instances
- How to send a purge request in varnish
- varnish vcl purging cache selectively
- PURGE on a Varnish 3.0.3 cluster
- Disable caching for certian IP's using varnish