ansible/roles/varnish/templates/kojipkgs.vcl.j2

vcl 4.0;

import directors;

#
# These nets/machines are allowed /repo access
#
acl repoallowed {
  "10.5.125.0"/24;
  "10.5.127.0"/24;
  "10.5.129.0"/24;
  "10.5.126.14"/32;
  "10.5.126.223"/32;
  "10.5.126.224"/32;
  "10.5.126.225"/32;
  "10.5.126.226"/32;
}

acl pdc {
  "10.5.126.134"/32;
}

acl proxies {
  "10.5.126.51"/32;
  "10.5.126.52"/32;
}

acl purge {
  "127.0.0.1"/32;
}

backend local-apache { 
  .host = "127.0.0.1"; 
  .port = "8080";
  .probe = { 
      .url = "/"; 
      .interval = 5s; 
      .timeout = 1s;
      .window = 5;
      .threshold = 3; }
}

sub vcl_recv {
    set req.backend_hint = apache-local;
    unset req.http.cookie;
    set req.http.clear-cookies = "yes";

    if (req.method == "PURGE") {
        if (!client.ip ~ purge) {
            return (synth(405, "Not allowed"));
        }
        return(purge);
    }

    if (req.url ~ "^/repo/" && !(client.ip ~ repoallowed)) {
        return(synth(403, "Access denied."));
    }
    if (req.url ~ "^/mash/") {
        return (pipe);
    }
    if (req.url ~ "^/compose/") {
        return (pipe);
    }
    if (req.url ~ "h264") {
        return (pipe);
    }
    return (hash);
}