How do I block an IP address or network block with Varnish VCL?
How does one block either IP address of network range inside of Varnish's VCL file?
Solution 1:
acl unwanted {
"69.60.116.0"/24;
"69.90.119.207";
}
sub vcl_recv {
if (client.ip ~ unwanted) {
error 410;
}
...
}
Solution 2:
Since Varnish 4, the syntax has changed!
Instead of:
error 403;
you need to use:
return(synth(403, "Access denied"));
Using alexus' example:
acl unwanted {
"69.60.116.0"/24;
"69.90.119.207";
}
sub vcl_recv {
if (client.ip ~ unwanted) {
return(synth(403, "Access denied"));
}
}