Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

add header restriction to cache purging

Browse Source
This commit is contained in:
Thomas Lynch
2024-11-12 20:33:04 +11:00
parent ad659aa1c5
commit bd8079743f
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
varnish/default.vcl
View File

@ -1,6 +1,10 @@
vcl 4.1; vcl 4.1;
import std; import std;
sub vcl_init {
set purge_secret_key = "CHANGEME_YOUR_SECRET_KEY";
}
# backend pointing to HAProxy # backend pointing to HAProxy
backend haproxy { backend haproxy {
.path = "/shared-sockets/varnish-to-haproxy-internal.sock"; .path = "/shared-sockets/varnish-to-haproxy-internal.sock";
@ -14,7 +18,7 @@ acl purge_allowed {
sub vcl_recv { sub vcl_recv {
# handle PURGE requests # handle PURGE requests
if (req.method == "PURGE") { if (req.method == "PURGE" && req.http.X-BasedFlare-Varnish-Key == secret_key) {
if (req.http.X-Forwarded-For) { if (req.http.X-Forwarded-For) {
set req.http.X-Real-IP = regsub(req.http.X-Forwarded-For, ",.*", ""); set req.http.X-Real-IP = regsub(req.http.X-Forwarded-For, ",.*", "");
} else { } else {