How do I block an IP address or network block with Varnish VCL?

How does one block either IP address of network range inside of Varnish's VCL file?


Solution 1:

acl unwanted {
    "69.60.116.0"/24;
    "69.90.119.207";
}

sub vcl_recv {
    if (client.ip ~ unwanted) {
        error 410;
    }
...
}

Solution 2:

Since Varnish 4, the syntax has changed!

Instead of:

error 403;

you need to use:

return(synth(403, "Access denied"));

Using alexus' example:

acl unwanted {
    "69.60.116.0"/24;
    "69.90.119.207";
}

sub vcl_recv {
    if (client.ip ~ unwanted) {
        return(synth(403, "Access denied"));
    }
}