enable 'PURGE' request on vcl_recv, then execute purge directly on recv, ignore if it exists or not, this is irrelevant to purge process
if (client.ip ~ purge && req.request == "PURGE" ){ purge; error 999; return(error)}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
set req.http.xpass="PASS_header";
return (pass);
}
many times varnish don't receive the real requester IP(some non transparent proxy from your provider, like amazon load balancer), so forget client.ip ACL and do a regular expression on req.http.x-forwarded-for to match purge allowed ips... it is not secure... but may be the only simplistic alternative
sorry the poor english