No description, website, or topics provided.
M4 Makefile Shell C
Switch branches/tags
Latest commit 2c11eb5 May 22, 2017 @mbgrydeland mbgrydeland committed on GitHub Update README.rst
Add a note that this vmod will not see further development.

README.rst

vmod_shield

Varnish Shield Module

Author: Martin Blix Grydeland
Date: 2011-12-09
Version: 0.2
Manual section:3

END OF LIFE

This vmod was developed for Varnish 3, and will only work with Varnish 3. No further development will be done to this vmod.

SYNOPSIS

import shield;

DESCRIPTION

This vmod contains some routines that may be useful in guarding against malicious traffic on your Varnish server.

FUNCTIONS

conn_reset

Prototype

conn_reset()

Return value

NONE

Description

Sets SO_LINGER with a zero timeout on the client connection and closes the socket to force a TCP RST. Also sets the restarts counter to max_restarts, to force a vcl_error situation.

Should only be called from vcl_recv{}, and will be a no-op if called anywhere else.

Example

sub vcl_recv {
        if (req.url ~ "i-am-an-attacker") {
                shield.conn_reset();
        }
}

INSTALLATION

Usage

./configure VARNISHSRC=DIR [VMODDIR=DIR]

VARNISHSRC is the directory of the Varnish source tree for which to compile your vmod. Both the VARNISHSRC and VARNISHSRC/include will be added to the include search paths for your module.

Optionally you can also set the vmod install directory by adding VMODDIR=DIR (defaults to the pkg-config discovered directory from your Varnish installation).

Make targets:

  • make - builds the vmod
  • make install - installs your vmod in VMODDIR
  • make check - runs the unit tests in src/tests/*.vtc

In your VCL you could then use this vmod along the following lines:

import shield;

HISTORY

This manual page was released as part of the libvmod-shield package.

COPYRIGHT

This document is licensed under the same license as the libvmod-shield project. See LICENSE for details.

  • Copyright (c) 2011-2014 Varnish Software