ipaclvarnishsubnet

What is the correct IP syntax to block an IP range (subnet) with Varnish acl unwanted?


Trying to configure my Varnish .vcl file as I need to block a bot accessing my site and messing up my Analytics weekly.

This is what I have, but it's not working.

I need to block all subnet IP. This syntax used to work before I installed Varnish in .htaccess. Can someone please point me to the IP syntax that works for Varnish?

acl unwanted {
 "45.32"/24;
 "45.76"/24;
 "45.77";
}

sub vcl_recv {
    if (client.ip ~ unwanted) {
        return(synth(403, "Access denied"));
    }
}

Solution

  • This should be the VCL you need to ban these subnets:

    acl unwanted {
     "45.32.0.0"/16;
     "45.76.0.0"/16
     "45.77.0.0"/16
    }
    
    sub vcl_recv {
        if (client.ip ~ unwanted) {
            return(synth(403, "Access denied"));
        }
    }