Hi,
This should fix tickets like https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening, since wiki can (and will) send a PURGE request whenever someone updates a page. I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and their VPN IPs.
Any +1s?
commit 621c373b1714f76b933b5b41253941586ea9136d Author: Patrick Uiterwijk puiterwijk@redhat.com Date: Wed Mar 4 21:31:18 2015 +0000
Fix varnish PURGE requests
These are used by the wiki to purge updated pages
Signed-off-by: Patrick Uiterwijk puiterwijk@redhat.com
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl index 549d0a1..14e8846 100644 --- a/roles/varnish/files/proxy.vcl +++ b/roles/varnish/files/proxy.vcl @@ -124,33 +124,23 @@ backend mirrormanager2 { }
-#acl purge { -# "192.168.1.3"; -# "192.168.1.4"; -# "192.168.1.5"; -# "192.168.1.6"; -# "192.168.1.13"; -# "192.168.1.24"; -# "192.168.1.23"; -# "192.168.1.41"; -# "10.5.126.31"; -# "10.5.126.32"; -# "10.5.126.33"; -# "10.5.126.34"; -# "10.5.126.37"; -# "10.5.126.38"; -#} +acl purge { + "10.5.126.60"; // wiki01.stg + "10.5.126.63"; // wiki01 + "10.5.126.73"; // wiki02 + "10.5.126.23"; // lockbox01 + "192.168.1.129"; // wiki01.vpn + "192.168.1.130"; // wiki02.vpn + "192.168.1.58"; //lockbox01.vpn +}
sub vcl_recv { -# if (req.request == "PURGE") { -# if (!client.ip ~ purge) { -# error 405 "Not allowed."; -# } -# if (req.url ~ "^http://") { -# set req.url = regsub(req.url, "http://localhost:6081",""); -# } -# purge_url(req.url); -# } + if (req.method == "PURGE") { + if (!client.ip ~ purge) { + return (synth(405, "Not allowed")); + } + return(purge); + }
if (req.url ~ "^/wiki/") { set req.backend_hint = wiki;
It looks extremely easy to back out and looks correct. +1
On 4 March 2015 at 14:35, Patrick Uiterwijk puiterwijk@redhat.com wrote:
Hi,
This should fix tickets like https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening, since wiki can (and will) send a PURGE request whenever someone updates a page. I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and their VPN IPs.
Any +1s?
commit 621c373b1714f76b933b5b41253941586ea9136d Author: Patrick Uiterwijk puiterwijk@redhat.com Date: Wed Mar 4 21:31:18 2015 +0000
Fix varnish PURGE requests These are used by the wiki to purge updated pages Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl index 549d0a1..14e8846 100644 --- a/roles/varnish/files/proxy.vcl +++ b/roles/varnish/files/proxy.vcl @@ -124,33 +124,23 @@ backend mirrormanager2 { }
-#acl purge { -# "192.168.1.3"; -# "192.168.1.4"; -# "192.168.1.5"; -# "192.168.1.6"; -# "192.168.1.13"; -# "192.168.1.24"; -# "192.168.1.23"; -# "192.168.1.41"; -# "10.5.126.31"; -# "10.5.126.32"; -# "10.5.126.33"; -# "10.5.126.34"; -# "10.5.126.37"; -# "10.5.126.38"; -#} +acl purge {
- "10.5.126.60"; // wiki01.stg
- "10.5.126.63"; // wiki01
- "10.5.126.73"; // wiki02
- "10.5.126.23"; // lockbox01
- "192.168.1.129"; // wiki01.vpn
- "192.168.1.130"; // wiki02.vpn
- "192.168.1.58"; //lockbox01.vpn
+}
sub vcl_recv { -# if (req.request == "PURGE") { -# if (!client.ip ~ purge) { -# error 405 "Not allowed."; -# } -# if (req.url ~ "^http://") { -# set req.url = regsub(req.url, "http://localhost:6081",""); -# } -# purge_url(req.url); -# }
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return (synth(405, "Not allowed"));
}
return(purge);
}
if (req.url ~ "^/wiki/") { set req.backend_hint = wiki;
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
+1 here as well.
-re
On 03/04/2015 04:54 PM, Stephen John Smoogen wrote:
It looks extremely easy to back out and looks correct. +1
On 4 March 2015 at 14:35, Patrick Uiterwijk <puiterwijk@redhat.com mailto:puiterwijk@redhat.com> wrote:
Hi, This should fix tickets like https://fedorahosted.org/fedora-infrastructure/ticket/4679 from happening, since wiki can (and will) send a PURGE request whenever someone updates a page. I updated the IPs to include wiki01, wiki02, lockbox, and wiki01.stg and their VPN IPs. Any +1s? commit 621c373b1714f76b933b5b41253941586ea9136d Author: Patrick Uiterwijk <puiterwijk@redhat.com <mailto:puiterwijk@redhat.com>> Date: Wed Mar 4 21:31:18 2015 +0000 Fix varnish PURGE requests These are used by the wiki to purge updated pages Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com <mailto:puiterwijk@redhat.com>> diff --git a/roles/varnish/files/proxy.vcl b/roles/varnish/files/proxy.vcl index 549d0a1..14e8846 100644 --- a/roles/varnish/files/proxy.vcl +++ b/roles/varnish/files/proxy.vcl @@ -124,33 +124,23 @@ backend mirrormanager2 { } -#acl purge { -# "192.168.1.3"; -# "192.168.1.4"; -# "192.168.1.5"; -# "192.168.1.6"; -# "192.168.1.13"; -# "192.168.1.24"; -# "192.168.1.23"; -# "192.168.1.41"; -# "10.5.126.31"; -# "10.5.126.32"; -# "10.5.126.33"; -# "10.5.126.34"; -# "10.5.126.37"; -# "10.5.126.38"; -#} +acl purge { + "10.5.126.60"; // wiki01.stg + "10.5.126.63"; // wiki01 + "10.5.126.73"; // wiki02 + "10.5.126.23"; // lockbox01 + "192.168.1.129"; // wiki01.vpn + "192.168.1.130"; // wiki02.vpn + "192.168.1.58"; //lockbox01.vpn +} sub vcl_recv { -# if (req.request == "PURGE") { -# if (!client.ip ~ purge) { -# error 405 "Not allowed."; -# } -# if (req.url ~ "^http://") { -# set req.url = regsub(req.url, "http://localhost:6081",""); -# } -# purge_url(req.url); -# } + if (req.method == "PURGE") { + if (!client.ip ~ purge) { + return (synth(405, "Not allowed")); + } + return(purge); + } if (req.url ~ "^/wiki/") { set req.backend_hint = wiki; _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org <mailto:infrastructure@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
-- Stephen J Smoogen.
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
infrastructure@lists.fedoraproject.org