Hi folks.
Because my varnish nodes are behind two different proxies, I can't really
use client.ip within my VCL. What I have is a header "X-Real-Ip" instead,
which is populated automatically by one proxy, and by me derived from the
"X-Forwarded-For" for the other.
What this means is that where I would usually use ACL to block access to a
resource:
if (req.http.host == "test.mydomain.com") {
if (client.ip ~ trustedips) {
# allow access
} else {
return (synth(405, "Not allowed");
}
}
But this doesn't work if I replace client.ip with a non-IP typed field.
Message from VCC-compiler:
Expected CSTR got 'purgers'
(program line 1193), at
('default.vcl' Line 339 Pos 34)
if (req.http.X-Real-Ip ~ trustedips) {
---------------------------------##########---
Is there any way I can get the same result as this but without using
client.ip?
thanks,
Mark
Because my varnish nodes are behind two different proxies, I can't really
use client.ip within my VCL. What I have is a header "X-Real-Ip" instead,
which is populated automatically by one proxy, and by me derived from the
"X-Forwarded-For" for the other.
What this means is that where I would usually use ACL to block access to a
resource:
if (req.http.host == "test.mydomain.com") {
if (client.ip ~ trustedips) {
# allow access
} else {
return (synth(405, "Not allowed");
}
}
But this doesn't work if I replace client.ip with a non-IP typed field.
Message from VCC-compiler:
Expected CSTR got 'purgers'
(program line 1193), at
('default.vcl' Line 339 Pos 34)
if (req.http.X-Real-Ip ~ trustedips) {
---------------------------------##########---
Is there any way I can get the same result as this but without using
client.ip?
thanks,
Mark