Varnish purge using HTTP and REGEX

StackOverflow https://stackoverflow.com/questions/11119786

  •  15-06-2021
  •  | 
  •  

Question

I want to purge Elements of my varnish using HTTP. This http call is triggered from a backend server behind the varnish itself, so the backend server has not other access but HTTP.

I have implemented the following purging rules with the according ACL which work fine for 

curl -X PURGE http://www.example.com/image/123/photo-100-150.jpg

but I want to be able to purge an URL via HTTP using Regex

curl -X PURGE http://www.example.com/image/123/*.jpg

That way I want to clear all scaled version of this image once a new has been uploaded. Is there a way?

Was it helpful?

Solution

try this:

if varnish 3.0 and up. 

vcl_recv {
    if (req.request == "PURGE") {
             if (!client.ip ~purge){
                     error 405 "Not allowed";
             }
     ban("req.http.host == " +req.http.host+" && req.url ~ "+req.url);
     error 200 "Ban added";

    }

OTHER TIPS

Firstly define a whitelist of who can use the purge, then add the purger stanza in your VCL.

acl purge {
"127.0.0.1";
"10.22.0.0"/16;
}


sub vcl_recv {


if (req.http.X-Purge-Regex) {
        if (!client.ip ~ purge) {
            error 405 "Varnish says nope, not allowed.";
        }
        ban_url(req.http.X-Purge-Regex);
        error 200 "The URL has been Banned.";
}

Varnish will use the value of the header X-Purge-Regex to create a ban.

So then you can ban things like this:

curl -v -X PURGE -H 'X-Purge-Regex: ^/assets/*.css' varnishserver:6081

or

curl -v -X PURGE -H 'X-Purge-Regex: ^/images/*' varnishserver:6081

varnishserver is the address of your varnish server.

Sure there is.

In VCL you want to use the ban method - documented in "man vcl". It creates a filter on incoming requests. If you're going to use this at a rate of more than 2 times per second I recommend you google "ban luker friendly" and rewrite the expressions accordingly.

Untested code:

sub vcl_recv {
         if (req.method == "PURGERE" and client.ip ~ admin_network) {
            ban("req.http.host == " + req.http.host + " && req.url == " + req.url);
         }

acl purge {
"127.0.0.1";
}

sub vcl_recv {
    if (req.request == "PURGE") {
        if (!client.ip ~ purge) {
            error 405 "IP:" + client.ip + " Not allowed.";
        }
        ban("req.http.host == " + req.http.host + " && req.url ~ " + req.url);
        error 200 "host:" + req.http.host + " url:" + req.url + " Ban added";
    }
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top