How do I block an IP address or network block with Varnish VCL?

Question

How does one block either IP address of network range inside of Varnish's VCL file?

alexus · Accepted Answer · 2014-05-14T14:53:44.147

7

acl unwanted {
    "69.60.116.0"/24;
    "69.90.119.207";
}

sub vcl_recv {
    if (client.ip ~ unwanted) {
        error 410;
    }
...
}

edited May 14 '14 at 14:53

answered Feb 15 '11 at 18:59

alexus

12,342
27
115
173

1

im using varnish version 4 and i got error this one when reloading vcl config: Message from VCC-compiler: Expected an action, 'if', '{' or '}' ('input' Line 40 Pos 1) error 410; #####----- – risnandar Jul 28 '15 at 05:37
Same her, trying to figure it out. Will report back – Eirik H Oct 29 '15 at 09:36
@risnandar this is version 3 syntax. Since version 4, there is a new one, see my answer. – Totor Jan 23 '17 at 17:06

score 2 · Answer 2 · answered Jan 23 '17 at 16:47

Since Varnish 4, the syntax has changed!

Instead of:

error 403;

you need to use:

return(synth(403, "Access denied"));

Using alexus' example:

acl unwanted {
    "69.60.116.0"/24;
    "69.90.119.207";
}

sub vcl_recv {
    if (client.ip ~ unwanted) {
        return(synth(403, "Access denied"));
    }
}

How do I block an IP address or network block with Varnish VCL?

2 Answers2