Best method for blocking IP ranges

8 posts / 0 new
Last post
nwlinux
nwlinux's picture
Best method for blocking IP ranges

I block around half a dozen countries from viewing content on my servers using the expensive .htaccess files. Is Varnish going to be up to the task using an acl_forbidden? Thoughts?

perbu
perbu's picture

Absolutely. 

The ACLs are really fast so I can't imagine that being a problem.

Also, you might want to have a look at loading the GeoIP module and letting it do the work - only available for 2.1 at the moment. This might be easier if the list changes somewhat.

--
Varnish Software http://www.varnish-software.com/

nwlinux
nwlinux's picture

Many Thanks perbu. 

Mark Moore

http://nwlinux.com

WA State, USA

david
david's picture

Hey Mark,

I asked my engineer, Lee, to create a geoip module for Varnish 3. You can download it here:

https://github.com/leed25d/geoip-vmod

This may allow you to block specific countries. You just need to install the GeoIP package on your system. On CentOS: yum -y install GeoIP GeoIP-data

Hope this helps! It's also a great example for anyone else writing a vmod.

 

Regards,

-david

nwlinux
nwlinux's picture

you are on top of it david! thanks to you and Lee for coding this mod.

Mark Moore

http://nwlinux.com

WA State, USA

david
david's picture

We found a bug in the module. We will get it fixed and updated. Don't use it just yet. :)

perbu
perbu's picture

Awesome! We were just about to start porting. Let me know when it is done and I'll list it in the module list.

--
Varnish Software http://www.varnish-software.com/

david
david's picture

The GeoIP module works in my production environment. Varnish Software graciously helped us fix the bug!

I suggest trying it out if you need GeoIP features in Varnish.

Regards,

-david