Manually creating access control lists
Last updated 2019-11-12
Varnish allows you to use access control lists (ACLs), a feature that enables fast matching of a client's IP address against a list of defined IP addresses. An ACL looks like this:
1
2
3
4
5
6
# Who is allowed access ...
acl local {
"localhost";
"192.0.2.0"/24; /* and everyone on the local network */
! "192.0.2.1"/32; /* except for the dial-in router */
}
Defining an ACL
Using ACLs requires you to create and add custom VCL to Fastly's boilerplate VCL. To define an ACL in your Fastly configuration:
- Read about how to mix and match custom VCL with Fastly VCL.
-
Create a custom VCL file with your ACL definitions included in the appropriate location. Use the example shown below as a guide. You can reference the ACL in your configuration (
vcl_recv
) using a match operation that can be located above or below#FASTLY recv
. The placement only matters for the order of operations within Varnish's execution of your configuration.1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
# If you are using the "include" keyword include "myACL1.vcl"; # And/or if you are using an actual ACL block acl local { "localhost"; "192.0.2.0"/24; /* and everyone on the local network */ ! "192.0.2.1"/32; /* except for the dial-in router */ } sub vcl_recv { # block any requests to Admin pages not from local IPs if (req.url ~ "^/admin" && req.http.Fastly-Client-IP !~ local) { error 403 "Forbidden"; } }
- Upload the file in the Varnish Configuration area of your service.