Freeze break request: Fixing varnish purge requests
Ricky Elrod
codeblock at elrod.me
Wed Mar 4 22:03:21 UTC 2015
+1 here as well.
-re
On 03/04/2015 04:54 PM, Stephen John Smoogen wrote:
>
> It looks extremely easy to back out and looks correct. +1
>
> On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk at redhat.com
> <mailto:puiterwijk at redhat.com>> wrote:
>
> Hi,
>
> This should fix tickets like
> https://fedorahosted.org/fedora-infrastructure/ticket/4679 from
> happening,
> since wiki can (and will) send a PURGE request whenever someone
> updates a page.
> I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg
> and their VPN IPs.
>
> Any +1s?
>
>
> commit 621c373b1714f76b933b5b41253941586ea9136d
> Author: Patrick Uiterwijk <puiterwijk at redhat.com
> <mailto:puiterwijk at redhat.com>>
> Date: Wed Mar 4 21:31:18 2015 +0000
>
> Fix varnish PURGE requests
>
> These are used by the wiki to purge updated pages
>
> Signed-off-by: Patrick Uiterwijk <puiterwijk at redhat.com
> <mailto:puiterwijk at redhat.com>>
>
> diff --git a/roles/varnish/files/proxy.vcl
> b/roles/varnish/files/proxy.vcl
> index 549d0a1..14e8846 100644
> --- a/roles/varnish/files/proxy.vcl
> +++ b/roles/varnish/files/proxy.vcl
> @@ -124,33 +124,23 @@ backend mirrormanager2 {
> }
>
>
> -#acl purge {
> -# "192.168.1.3";
> -# "192.168.1.4";
> -# "192.168.1.5";
> -# "192.168.1.6";
> -# "192.168.1.13";
> -# "192.168.1.24";
> -# "192.168.1.23";
> -# "192.168.1.41";
> -# "10.5.126.31";
> -# "10.5.126.32";
> -# "10.5.126.33";
> -# "10.5.126.34";
> -# "10.5.126.37";
> -# "10.5.126.38";
> -#}
> +acl purge {
> + "10.5.126.60"; // wiki01.stg
> + "10.5.126.63"; // wiki01
> + "10.5.126.73"; // wiki02
> + "10.5.126.23"; // lockbox01
> + "192.168.1.129"; // wiki01.vpn
> + "192.168.1.130"; // wiki02.vpn
> + "192.168.1.58"; //lockbox01.vpn
> +}
>
> sub vcl_recv {
> -# if (req.request == "PURGE") {
> -# if (!client.ip ~ purge) {
> -# error 405 "Not allowed.";
> -# }
> -# if (req.url ~ "^http://") {
> -# set req.url = regsub(req.url, "http://localhost:6081","");
> -# }
> -# purge_url(req.url);
> -# }
> + if (req.method == "PURGE") {
> + if (!client.ip ~ purge) {
> + return (synth(405, "Not allowed"));
> + }
> + return(purge);
> + }
>
> if (req.url ~ "^/wiki/") {
> set req.backend_hint = wiki;
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> <mailto:infrastructure at lists.fedoraproject.org>
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
>
>
>
> --
> Stephen J Smoogen.
>
>
>
> _______________________________________________
> infrastructure mailing list
> infrastructure at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20150304/09382904/attachment.sig>
More information about the infrastructure
mailing list