Freeze break request: Fixing varnish purge requests

Stephen John Smoogen smooge at gmail.com
Wed Mar 4 21:54:15 UTC 2015 

It looks extremely easy to back out and looks correct. +1

On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk at redhat.com> wrote:

> Hi,
>
> This should fix tickets like
> https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening,
> since wiki can (and will) send a PURGE request whenever someone updates a
> page.
> I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and
> their VPN IPs.
>
> Any +1s?
>
>
> commit 621c373b1714f76b933b5b41253941586ea9136d
> Author: Patrick Uiterwijk <puiterwijk at redhat.com>
> Date:   Wed Mar 4 21:31:18 2015 +0000
>
>     Fix varnish PURGE requests
>
>     These are used by the wiki to purge updated pages
>
>     Signed-off-by: Patrick Uiterwijk <puiterwijk at redhat.com>
>
> diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl
> index 549d0a1..14e8846 100644
> --- a/roles/varnish/files/proxy.vcl
> +++ b/roles/varnish/files/proxy.vcl
> @@ -124,33 +124,23 @@ backend mirrormanager2 {
>  }
>
>
> -#acl purge {
> -#    "192.168.1.3";
> -#    "192.168.1.4";
> -#    "192.168.1.5";
> -#    "192.168.1.6";
> -#    "192.168.1.13";
> -#    "192.168.1.24";
> -#    "192.168.1.23";
> -#    "192.168.1.41";
> -#    "10.5.126.31";
> -#    "10.5.126.32";
> -#    "10.5.126.33";
> -#    "10.5.126.34";
> -#    "10.5.126.37";
> -#    "10.5.126.38";
> -#}
> +acl purge {
> +    "10.5.126.60"; // wiki01.stg
> +    "10.5.126.63"; // wiki01
> +    "10.5.126.73"; // wiki02
> +    "10.5.126.23"; // lockbox01
> +    "192.168.1.129"; // wiki01.vpn
> +    "192.168.1.130"; // wiki02.vpn
> +    "192.168.1.58"; //lockbox01.vpn
> +}
>
>  sub vcl_recv {
> -#    if (req.request == "PURGE") {
> -#        if (!client.ip ~ purge) {
> -#            error 405 "Not allowed.";
> -#        }
> -#        if (req.url ~ "^http://") {
> -#            set req.url = regsub(req.url, "http://localhost:6081","");
> -#        }
> -#        purge_url(req.url);
> -#    }
> +    if (req.method == "PURGE") {
> +        if (!client.ip ~ purge) {
> +            return (synth(405, "Not allowed"));
> +        }
> +        return(purge);
> +    }
>
>      if (req.url ~ "^/wiki/") {
>          set req.backend_hint = wiki;
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure




-- 
Stephen J Smoogen.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150304/e7d178ca/attachment-0001.html>

More information about the infrastructure mailing list