On Tue, Feb 15, 2011 at 11:53 AM, alexus <[email protected]> wrote:
> probably would... but I'm at that point where I want to block certain
> agents and not just necessarily IP, so Varnish gives me much more
> flexibility vs iptables
>
Create the acls containing the list of ip addresses or networks:
acl forbidden {
"192.168.168.0"/24;
"10.10.10.0"/24;
}
acl useragents {
"192.168.200.0"/24;
"10.10.9.0"/24;
}
Then add the following / modify as appropriate under sub vcl_recv
sub vcl_recv {
# Block access from these hosts
if (client.ip ~ forbidden) {
error 403 "Forbidden";
}
# Block Access from these user agents
if (req.http.User-Agent ~ "Wget" {
error 403 "Forbidden";
}
return (lookup);
}
Joseph
_______________________________________________
varnish-misc mailing list
[email protected]
http://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
