I have Varnish up and running and every thing works just fine.
But I am using esi <esi:include src="/esi/cache/temp.phtml?id=1"/> and well it works fine but I want to prevent that external resources can access the esi directory.
Now I have it working by setting a header in varnish with the req.esi_level. It will be 0 if you access a esi directly and well otherwise it will be n+1
The only issue with this is that is will hit the back end will I think/hope Varnish it self can prevent access to the esi directory.
tl;dr how can you prevent external access to an esi directory with varnish
In your VCL, instead of setting a header with the value of request.esi_level, just short circuit requests for those resources with esi_level of 0.
pseudo-vcl:
if (req.esi_level == 0 && req.url ~ "^/esi/.*") {
error (403);
}