LOG IN SIGN UP
Documentation

Manually creating access control lists

  Last updated June 24, 2019

Varnish allows you to use access control lists (ACLs), a feature that enables fast matching of a client's IP address against a list of defined IP addresses. An ACL looks like this:

1
2
3
4
5
6
# Who is allowed access ...
acl local {
  "localhost";
  "192.0.2.0"/24; /* and everyone on the local network */
  ! "192.0.2.1"/24; /* except for the dial-in router */
}

Defining an ACL

Using ACLs requires you to create and add custom VCL to Fastly's boilerplate VCL. To define an ACL in your Fastly configuration:

  1. Read about how to mix and match custom VCL with Fastly's VCL.
  2. Create a custom VCL file with your ACL definitions included in the appropriate location. Use the example shown below as a guide. You can reference the ACL in your configuration (vcl_recv) using a match operation that can be located above or below #FASTLY recv. The placement only matters for the order of operations within Varnish's execution of your configuration.

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    
     # If you are using the "include" keyword
     include "myACL1.vcl";
    
     # And/or if you are using an actual ACL block
     acl local {
       "localhost";
       "192.0.2.0"/24; /* and everyone on the local network */
       ! "192.0.2.1"/24; /* except for the dial-in router */
     }
    
     sub vcl_recv {
       # block any requests to Admin pages not from local IPs
       if (req.url ~ "^/admin" && req.http.Fastly-Client-IP !~ local) {
         error 403 "Forbidden";
       }
     }
    
  3. Upload the file in the Varnish Configuration area of your service.

Back to Top