It looks extremely easy to back out and looks correct. +1
On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk(a)redhat.com
<mailto:puiterwijk@redhat.com>> wrote:
Hi,
This should fix tickets like
https://fedorahosted.org/fedora-infrastructure/ticket/4679 from
happening,
since wiki can (and will) send a PURGE request whenever someone
updates a page.
I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg
and their VPN IPs.
Any +1s?
commit 621c373b1714f76b933b5b41253941586ea9136d
Author: Patrick Uiterwijk <puiterwijk(a)redhat.com
<mailto:puiterwijk@redhat.com>>
Date: Wed Mar 4 21:31:18 2015 +0000
Fix varnish PURGE requests
These are used by the wiki to purge updated pages
Signed-off-by: Patrick Uiterwijk <puiterwijk(a)redhat.com
<mailto:puiterwijk@redhat.com>>
diff --git a/roles/varnish/files/proxy.vcl
b/roles/varnish/files/proxy.vcl
index 549d0a1..14e8846 100644
--- a/roles/varnish/files/proxy.vcl
+++ b/roles/varnish/files/proxy.vcl
@@ -124,33 +124,23 @@ backend mirrormanager2 {
}
-#acl purge {
-# "192.168.1.3";
-# "192.168.1.4";
-# "192.168.1.5";
-# "192.168.1.6";
-# "192.168.1.13";
-# "192.168.1.24";
-# "192.168.1.23";
-# "192.168.1.41";
-# "10.5.126.31";
-# "10.5.126.32";
-# "10.5.126.33";
-# "10.5.126.34";
-# "10.5.126.37";
-# "10.5.126.38";
-#}
+acl purge {
+ "10.5.126.60"; // wiki01.stg
+ "10.5.126.63"; // wiki01
+ "10.5.126.73"; // wiki02
+ "10.5.126.23"; // lockbox01
+ "192.168.1.129"; // wiki01.vpn
+ "192.168.1.130"; // wiki02.vpn
+ "192.168.1.58"; //lockbox01.vpn
+}
sub vcl_recv {
-# if (req.request == "PURGE") {
-# if (!client.ip ~ purge) {
-# error 405 "Not allowed.";
-# }
-# if (req.url ~ "^http://") {
-# set req.url = regsub(req.url,
"http://localhost:6081","");
-# }
-# purge_url(req.url);
-# }
+ if (req.method == "PURGE") {
+ if (!client.ip ~ purge) {
+ return (synth(405, "Not allowed"));
+ }
+ return(purge);
+ }
if (req.url ~ "^/wiki/") {
set req.backend_hint = wiki;
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
<mailto:infrastructure@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
--
Stephen J Smoogen.
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure