Reply to my own post: I was being stupid. The vcl was correct, but my script that loads the vcl into varnish was not working correctly, and I did not read my script output as I should have :(
-- With kind regards, Angelo Höngens Systems Administrator ------------------------------------------ NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg T: +31 (0)13 5811088 F: +31 (0)13 5821239 mailto:[email protected] http://www.netmatch.nl ------------------------------------------ > -----Original Message----- > From: [email protected] [mailto:varnish-misc- > [email protected]] On Behalf Of Angelo Höngens > Sent: woensdag 22 december 2010 13:23 > To: '[email protected]' > Subject: blocking not working > > > I just added another Bad Guy to my balancer's block list, and I want > them to see a 403 access denied instead of content. It worked in the > past (at least back in the 2.0.x age), but now it does not seem to work > anymore. > > Perhaps some syntax changed in 2.1.x regarding this? > > I'm running 2.1.4 on CentOS 5.5 x64. > > Here's some of my VCL: > > > acl block { > "a.b.91.19"; /* 20100301 making dummy requests */ > "c.d.40.34"; /* 20100618 There are quite many invalid requests to our > RSS */ > "e.f.195.11"; /* 20101221 scraping */ > } > > sub vcl_recv { > if ( client.ip ~ block ) { > error 403 "Access denied"; > } > # Add a unique header containing the client address > remove req.http.X-Forwarded-For; > set req.http.X-Forwarded-For = client.ip; > .. > } > > > But when I look in my varnishncsa log, I still see successful requests > being passed: > > e.f.195.11 - - [22/Dec/2010:13:19:02 +0100] "GET > http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974 > 73 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; > WinHttp.WinHttpRequest.5)" 0.007832050 miss > e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET > http://www.example.com/verenigde-staten-van-amerika/south- > carolina/charleston/charleston-marriott/hotel/informatie HTTP/1.1" 200 > 176281 "-" "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" > 0.665360928 miss > e.f.195.11 - - [22/Dec/2010:13:19:04 +0100] "GET > http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974 > 74 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; > WinHttp.WinHttpRequest.5)" 0.006700993 miss > e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET > http://www.example.com/verenigde-staten-van-amerika/south- > carolina/charleston/church-street-inn/appartement/informatie HTTP/1.1" > 200 163794 "-" "Mozilla/4.0 (compatible; Win32; > WinHttp.WinHttpRequest.5)" 0.241801977 miss > e.f.195.11 - - [22/Dec/2010:13:19:05 +0100] "GET > http://www.example.com/accommodation/accoinfo.aspx?accommodationId=1974 > 75 HTTP/1.1" 301 0 "-" "Mozilla/4.0 (compatible; Win32; > WinHttp.WinHttpRequest.5)" 0.006364822 miss > e.f.195.11 - - [22/Dec/2010:13:19:06 +0100] "GET > http://www.example.com/verenigde-staten-van-amerika/south- > carolina/north-charleston/comfort-inn-coliseum/hotel/informatie > HTTP/1.1" 200 171431 "-" "Mozilla/4.0 (compatible; Win32; > WinHttp.WinHttpRequest.5)" 0.625963926 miss > > -- > > > With kind regards, > > > Angelo Höngens > > Systems Administrator > > ------------------------------------------ > NetMatch > tourism internet software solutions > > Ringbaan Oost 2b > 5013 CA Tilburg > T: +31 (0)13 5811088 > F: +31 (0)13 5821239 > > mailto:[email protected] > http://www.netmatch.nl > ------------------------------------------ > > > > _______________________________________________ > varnish-misc mailing list > [email protected] > http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc _______________________________________________ varnish-misc mailing list [email protected] http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
