Hi Mark, you need to use std.ip() from the std vmod. Also, I highly recommend using the PROXY protocol (Varnish, HAProxy and Nginx, at least support it), it will allow you to use client.ip directly and not bother with this.
-- Guillaume Quintard On Fri, Mar 31, 2017 at 11:44 AM, Mark Hanford <[email protected]> wrote: > Hi folks. > > Because my varnish nodes are behind two different proxies, I can't really > use client.ip within my VCL. What I have is a header "X-Real-Ip" instead, > which is populated automatically by one proxy, and by me derived from the > "X-Forwarded-For" for the other. > > What this means is that where I would usually use ACL to block access to a > resource: > > if (req.http.host == "test.mydomain.com") { > if (client.ip ~ trustedips) { > # allow access > } else { > return (synth(405, "Not allowed"); > } > } > > But this doesn't work if I replace client.ip with a non-IP typed field. > > Message from VCC-compiler: > Expected CSTR got 'purgers' > (program line 1193), at > ('default.vcl' Line 339 Pos 34) > if (req.http.X-Real-Ip ~ trustedips) { > ---------------------------------##########--- > > Is there any way I can get the same result as this but without using > client.ip? > > thanks, > > Mark > > _______________________________________________ > varnish-misc mailing list > [email protected] > https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc >
_______________________________________________ varnish-misc mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
