Securing access to certain URLs

This is how I've secured the vital webapps on a typical Escenic Content Engine installation:

acl staff {

sub vcl_recv {
  if (!client.ip ~ staff &&
     (req.url ~ "^/escenic" ||
      req.url ~ "^/studio" ||
      req.url ~ "^/webservice" ||
      req.url ~ "^/escenic-admin")) {
    error 405 "Not allowed.";

If you've got Apache in the mix, you could of course do this there as well, but I like doing it in Varnish regardless of having Apache in the architecture or not; the VCL syntax is so easy to read and write and the Varnish configuration (files) are just "tighter" overall than Apache's .conf files.

Licensed under CC BY Creative Commons License ~ ✉ torstein.k.johansen @ gmail ~ 🐘 ~ 🐦 @torsteinkrause