Set up a purge ACL

Comments

1 comment

  • Rogier Mulhuijzen

    First of all you define the ACL:

    acl office { "203.0.113.0"/24; /* if you're lucky enough to have a whole /24 assigned */ "198.51.100.0"; /* if your whole office is just behind a single NAT IP */ }

    Then in vcl_recv you put:

    if (req.request == "FASTLYPURGE" /* check that the request is a purge */ && !(client.ip ~ office)) { /* and that the requesting IP is not within the ACL */ error 403 "Access Denied"; }

    The reason to not just do an else with return(lookup) is that there might be changes to the request made in vcl_recv further down, and if you skip those the purge will fail.

Please sign in to leave a comment.