{"id":1013,"date":"2012-04-13T02:16:41","date_gmt":"2012-04-12T17:16:41","guid":{"rendered":"http:\/\/blog.xcir.net\/?p=1013"},"modified":"2012-04-13T02:16:41","modified_gmt":"2012-04-12T17:16:41","slug":"perform-an-acl-match-to-x-forwarded-for-varnish","status":"publish","type":"post","link":"https:\/\/blog.xcir.net\/?p=1013","title":{"rendered":"Perform an ACL match to X-Forwarded-For (varnish)"},"content":{"rendered":"

How do ACL match to req.http.X-Forwarded-For? (this is string!!)
\nI tried to make a vmod.<\/p>\n

inet_pton(BOOL ipv6 , STRING str , STRING defaultstr)<\/p>\n

example 1<\/h4>\n
\n\r\nimport campur_xcir;\r\n\r\nset resp.http.v6 = campur_xcir.inet_pton(true,"2001:0db8:bd05:01d2:288a:1fc0:0001:10ee","1982:db8:20:3:1000:100:20:3");\r\nset resp.http.v4 = campur_xcir.inet_pton(false,"1.1.1.1","2.2.2.2");\r\nset resp.http.v6ng = campur_xcir.inet_pton(true,"2001:0db8:bd05:01d2:288a:1fc0:0001:10eeHOGE","1982:db8:20:3:1000:100:20:3");\/\/NG pattern\r\nset resp.http.v4ng = campur_xcir.inet_pton(false,"1.1.1.1HOGE","2.2.2.2");\/\/NG pattern\r\n\r\n\/\/result\r\nv6: 2001:db8:bd05:1d2:288a:1fc0:1:10ee\r\nv4: 1.1.1.1\r\nv6ng: 1982:db8:20:3:1000:100:20:3\r\nv4ng: 2.2.2.2\r\n\n<\/pre>\n
example 2<\/h4>\n
\n\r\nimport campur_xcir;\r\n\r\n\/\/acl\r\nacl local {\r\n    "192.168.1.0"\/24;\r\n    !"0.0.0.0";\r\n}\r\n\r\nsub vcl_recv{\r\n  if(campur_xcir.inet_pton(false , req.http.X-Forwarded-For , "0.0.0.0") ~ local){\r\n      \/\/acl ok\r\n      ...\r\n  }\r\n}\r\n\n<\/pre>\n
I hope that this code is of help to you.
\nlibvmod-campur_xcir<\/a><\/p>\n
this module is my motley function.
\nOthers, get varnish generated hash etc…<\/p>\n
this vmod’s function is increase at times. \ud83d\ude42<\/p>\n
        
\u3053\u306e\u30a8\u30f3\u30c8\u30ea\u30fc\u3092\u306f\u3066\u306a\u30d6\u30c3\u30af\u30de\u30fc\u30af\u306b\u8ffd\u52a0<\/a><\/div>        
\u306f\u3066\u306a\u30d6\u30c3\u30af\u30de\u30fc\u30af - Perform an ACL match to X-Forwarded-For (varnish)<\/a><\/div>        
Facebook \u306b\u30b7\u30a7\u30a2<\/a><\/div>        
LinkedIn \u306b\u30b7\u30a7\u30a2<\/a><\/div>        
Tweet<\/a><\/div><\/div>\n
\n","protected":false},"excerpt":{"rendered":"
How do ACL match to req.http.X-Forwarded-For? (this is string!!) I tried to make a vmod. inet_pton(BOOL ipv6 , […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24,3],"tags":[5,34,40],"class_list":["post-1013","post","type-post","status-publish","format-standard","hentry","category-english","category-3","tag-varnish","tag-vmod","tag-vmod_campur_xcir","category-24-id","category-3-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1013","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1013"}],"version-history":[{"count":3,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1013\/revisions"}],"predecessor-version":[{"id":1016,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1013\/revisions\/1016"}],"wp:attachment":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1013"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1013"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1013"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}