+1 here as well. -re On 03/04/2015 04:54 PM, Stephen John Smoogen wrote: > > It looks extremely easy to back out and looks correct. +1 > > On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk@xxxxxxxxxx > <mailto:puiterwijk@xxxxxxxxxx>> wrote: > > Hi, > > This should fix tickets like > https://fedorahosted.org/fedora-infrastructure/ticket/4679 from > happening, > since wiki can (and will) send a PURGE request whenever someone > updates a page. > I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg > and their VPN IPs. > > Any +1s? > > > commit 621c373b1714f76b933b5b41253941586ea9136d > Author: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx > <mailto:puiterwijk@xxxxxxxxxx>> > Date: Wed Mar 4 21:31:18 2015 +0000 > > Fix varnish PURGE requests > > These are used by the wiki to purge updated pages > > Signed-off-by: Patrick Uiterwijk <puiterwijk@xxxxxxxxxx > <mailto:puiterwijk@xxxxxxxxxx>> > > diff --git a/roles/varnish/files/proxy.vcl > b/roles/varnish/files/proxy.vcl > index 549d0a1..14e8846 100644 > --- a/roles/varnish/files/proxy.vcl > +++ b/roles/varnish/files/proxy.vcl > @@ -124,33 +124,23 @@ backend mirrormanager2 { > } > > > -#acl purge { > -# "192.168.1.3"; > -# "192.168.1.4"; > -# "192.168.1.5"; > -# "192.168.1.6"; > -# "192.168.1.13"; > -# "192.168.1.24"; > -# "192.168.1.23"; > -# "192.168.1.41"; > -# "10.5.126.31"; > -# "10.5.126.32"; > -# "10.5.126.33"; > -# "10.5.126.34"; > -# "10.5.126.37"; > -# "10.5.126.38"; > -#} > +acl purge { > + "10.5.126.60"; // wiki01.stg > + "10.5.126.63"; // wiki01 > + "10.5.126.73"; // wiki02 > + "10.5.126.23"; // lockbox01 > + "192.168.1.129"; // wiki01.vpn > + "192.168.1.130"; // wiki02.vpn > + "192.168.1.58"; //lockbox01.vpn > +} > > sub vcl_recv { > -# if (req.request == "PURGE") { > -# if (!client.ip ~ purge) { > -# error 405 "Not allowed."; > -# } > -# if (req.url ~ "^http://";) { > -# set req.url = regsub(req.url, "http://localhost:6081","";); > -# } > -# purge_url(req.url); > -# } > + if (req.method == "PURGE") { > + if (!client.ip ~ purge) { > + return (synth(405, "Not allowed")); > + } > + return(purge); > + } > > if (req.url ~ "^/wiki/") { > set req.backend_hint = wiki; > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > <mailto:infrastructure@xxxxxxxxxxxxxxxxxxxxxxx> > https://admin.fedoraproject.org/mailman/listinfo/infrastructure > > > > > -- > Stephen J Smoogen. > > > > _______________________________________________ > infrastructure mailing list > infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/infrastructure >
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
