I'm seeing 301 responses, do you have a redirect rule that is getting executed first?
Stefan Caunter :: Senior Systems Administrator :: TOPS e: [email protected] :: m: (416) 561-4871 www.thestar.com www.topscms.com -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Angelo Höngens Sent: December-22-10 7:23 AM To: '[email protected]' Subject: blocking not working I just added another Bad Guy to my balancer's block list, and I want them to see a 403 access denied instead of content. It worked in the past (at least back in the 2.0.x age), but now it does not seem to work anymore. Perhaps some syntax changed in 2.1.x regarding this? I'm running 2.1.4 on CentOS 5.5 x64. Here's some of my VCL: acl block { "a.b.91.19"; /* 20100301 making dummy requests */ "c.d.40.34"; /* 20100618 There are quite many invalid requests to our RSS */ "e.f.195.11"; /* 20101221 scraping */ } sub vcl_recv { if ( client.ip ~ block ) { error 403 "Access denied"; } # Add a unique header containing the client address remove req.http.X-Forwarded-For; set req.http.X-Forwarded-For = client.ip; .. } But when I look in my varnishncsa log, I still see successful requests being passed: e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197473 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.007832050 miss e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.665360928 miss e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197474 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006700993 miss e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1" 200 163794 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.241801977 miss e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET http://www.example.com/accommodation/accoinfo.aspx?accommodationId=197475 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.006364822 miss e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET http://www.example.com/verenigde-staten-van-amerika/south-carolina/north-charleston/comfort-inn-coliseum/hotel/informatie HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" 0.625963926 miss -- With kind regards, Angelo Höngens Systems Administrator ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg T: +31 (0)13 5811088 F: +31 (0)13 5821239 mailto:[email protected] http://www.netmatch.nl ------------------------------------------ _______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
