Monday, January 10, 2011

Varnish Cache , Blocked Proxy access to your Server / IP Address

Varnish is one great reverse-proxy to cache and accelerate your web application. If you deployed one varnish instance which is facing internet. you may expose some kind of security threats.
i.e somebody will try to use your instance as a regular proxy. or send junk url to the backend.

you can simply disable those junk request.

sub vcl_recv {
//only allow IP address for Global DNS based Loadbalancing Or your hostname
if(!req.http.host ~ "yourwebsite" && !req.http.host ~"([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})\.([0-9]{1,3})" )
{
set req.http.host = “yourwebsite";
set req.url="/" ; //redirect to home page. instead of forward to the backend
}

No comments:

 
Locations of visitors to this page