Securing access to certain URLs

This is how I've secured the vital webapps on a typical Escenic Content Engine installation:

acl staff {
  "1.2.3.4";
  "1.2.3.5";
}

sub vcl_recv {
  if (!client.ip ~ staff &&
     (req.url ~ "^/escenic" ||
      req.url ~ "^/studio" ||
      req.url ~ "^/webservice" ||
      req.url ~ "^/escenic-admin")) {
    error 405 "Not allowed.";
  }
}

If you've got Apache in the mix, you could of course do this there as well, but I like doing it in Varnish regardless of having Apache in the architecture or not; the VCL syntax is so easy to read and write and the Varnish configuration (files) are just "tighter" overall than Apache's .conf files.

~ /home 🏠 ~ talks 💬 ~ bash ~ craftsmanship ~ db ~ dongxi ~ emacs ~ escenic ~ iam ~ java ~ js ~ language ~ latex ~ ldap ~ life ~ linux ~ llm ~ mac-os-x ~ mt-foo ~ network ~ norsk ~ python ~ quotes ~ running ~ security ~ travel ~ unix ~ various ~ vcs ~ webdesign ~ windows ~ discoveries ~ cv 🧙 ~
Licensed under CC BY Creative Commons License ~ 📡 RSS feed ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🎥 youtube.com/@skybert