Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-15 Thread Uday Kumar
Hello Guillaume, Thank you so much! I'll check it out! Thanks & Regards Uday Kumar On Sun, Oct 15, 2023 at 7:32 AM Guillaume Quintard < guillaume.quint...@gmail.com> wrote: > Hello Uday, > > Quick follow-up as I realize that templating can be a bit scary when > confronted for the first time,

Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-14 Thread Guillaume Quintard
Hello Uday, Quick follow-up as I realize that templating can be a bit scary when confronted for the first time, and you are far from the first one to be curious about, so I've committed this: https://github.com/varnish/toolbox/tree/master/gotemplate-example It probably won't get you very far, but

Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-12 Thread Uday Kumar
> That's mainly how computers work, processing will be linear. You *could* create a vmod that packs ACLs into a hashmap to simplify the apparent logic, but you will pay that price developing the vmod, and for a very modest performance gain. If you have less than 50 sources, or even less than 100, I

Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-12 Thread Guillaume Quintard
> In the above example, if the request URL is source=tablet [for which condition is present at the end], still I have to check all the above conditions. That's mainly how computers work, processing will be linear. You *could* create a vmod that packs ACLs into a hashmap to simplify the apparent lo

Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-12 Thread Uday Kumar
Hi Guillaume, I don't think those are redundant checks, from what you are showing, they are all justified. Sure, there may be a bunch of them, but you have to go through to them. By redundant I meant, I have to write multiple checks for each source and list of IPs associated with it. [which would

Re: Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-12 Thread Guillaume Quintard
Hi Uday, I don't think those are redundant checks, from what you are showing, they are all justified. Sure, there may be a bunch of them, but you have to go through to them. One thing I would do though is to generate the VCL from a source file, like a YAML one: mobile: - IP1 - IP2 - IP3 de

Block Unauthorized Requests at Varnish [Code Optimization]

2023-10-12 Thread Uday Kumar
Hello everyone, We use varnish in our production environment for caching content. Our Requirement: We are trying to block unauthorized requests at varnish based on the source parameter in the URL and the client IP in the request header. For example: Sample URL: www.hostname:port/path?source=m