Hi, This should fix tickets like https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening, since wiki can (and will) send a PURGE request whenever someone updates a page. I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and their VPN IPs. Any +1s? commit 621c373b1714f76b933b5b41253941586ea9136d Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> Date: Wed Mar 4 21:31:18 2015 +0000 Fix varnish PURGE requests These are used by the wiki to purge updated pages Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl index 549d0a1..14e8846 100644 --- a/roles/varnish/files/proxy.vcl +++ b/roles/varnish/files/proxy.vcl @@ -124,33 +124,23 @@ backend mirrormanager2 { } -#acl purge { -# "192.168.1.3"; -# "192.168.1.4"; -# "192.168.1.5"; -# "192.168.1.6"; -# "192.168.1.13"; -# "192.168.1.24"; -# "192.168.1.23"; -# "192.168.1.41"; -# "10.5.126.31"; -# "10.5.126.32"; -# "10.5.126.33"; -# "10.5.126.34"; -# "10.5.126.37"; -# "10.5.126.38"; -#} +acl purge { + "10.5.126.60"; // wiki01.stg + "10.5.126.63"; // wiki01 + "10.5.126.73"; // wiki02 + "10.5.126.23"; // lockbox01 + "192.168.1.129"; // wiki01.vpn + "192.168.1.130"; // wiki02.vpn + "192.168.1.58"; //lockbox01.vpn +} sub vcl_recv { -# if (req.request == "PURGE") { -# if (!client.ip ~ purge) { -# error 405 "Not allowed."; -# } -# if (req.url ~ "^http://";) { -# set req.url = regsub(req.url, "http://localhost:6081","";); -# } -# purge_url(req.url); -# } + if (req.method == "PURGE") { + if (!client.ip ~ purge) { + return (synth(405, "Not allowed")); + } + return(purge); + } if (req.url ~ "^/wiki/") { set req.backend_hint = wiki; _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
