- English
- 日本語
Manually creating access control lists
Last updated 2019-11-12
Varnish allows you to use access control lists (ACLs), a feature that enables fast matching of a client's IP address against a list of defined IP addresses. An ACL looks like this:
123456
# Who is allowed access ...acl local { "localhost"; "192.0.2.0"/24; /* and everyone on the local network */ ! "192.0.2.1"/32; /* except for the dial-in router */}
Defining an ACL
Using ACLs requires you to create and add custom VCL to Fastly's boilerplate VCL. To define an ACL in your Fastly configuration:
Read about how to mix and match custom VCL with Fastly VCL.
Create a custom VCL file with your ACL definitions included in the appropriate location. Use the example shown below as a guide. You can reference the ACL in your configuration (
vcl_recv
) using a match operation that can be located above or below#FASTLY recv
. The placement only matters for the order of operations within Varnish's execution of your configuration.12345678910111213141516# If you are using the "include" keywordinclude "myACL1.vcl";# And/or if you are using an actual ACL blockacl local {"localhost";"192.0.2.0"/24; /* and everyone on the local network */! "192.0.2.1"/32; /* except for the dial-in router */}sub vcl_recv {# block any requests to Admin pages not from local IPsif (req.url ~ "^/admin" && req.http.Fastly-Client-IP !~ local) {error 403 "Forbidden";}}Upload the file in the Varnish Configuration area of your service.
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.