Varnish is one great reverse-proxy to cache and accelerate your web application. If you deployed one varnish instance which is facing internet. you may expose some kind of security threats.
i.e somebody will try to use your instance as a regular proxy. or send junk url to the backend.
you can simply disable those junk request.
sub vcl_recv {
//only allow IP address for Global DNS based Loadbalancing Or your hostname
if(!req.http.host ~ "yourwebsite" && !req.http.host ~"([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})" )
{
set req.http.host = “yourwebsite";
set req.url="/" ; //redirect to home page. instead of forward to the backend
}
Monday, January 10, 2011
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment