Is it possible to compare an ACL list to a specific header?
Poul-Henning Kamp
phk at phk.freebsd.dk
Thu Jan 15 09:37:17 CET 2009
In message <749CACF29BDFB64E9F80189ECD778688043CD81C at jermail1.atomant.net>, "Na
ama Bamberger" writes:
>I want to block some IPs, but cannot use
>if (client.ip ~ blocked_ips),
>since all the requests go through a load balancer.
>
>The original user IP is stored by the load balancer in a custom header.
>I tried something like if (req.http.X-My-Custom-Header ~ blocked_ips),
>but trying to compile it causes a segfault.
A segfault would be a bug, but I can't reproduce that.
The problem is twofold, the ACL comparison only works on objects
of type IP and none of the http headers are that.
The other problem is that obviouly, we should be able to pick
the client IP from a header but currently we have no way to.
--
Poul-Henning Kamp | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG | TCP/IP since RFC 956
FreeBSD committer | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.
More information about the varnish-misc
mailing list