diff --git a/modules/datagovuk/datagovuk.vcl.tftpl b/modules/datagovuk/datagovuk.vcl.tftpl index fb702e3..8abd6a6 100644 --- a/modules/datagovuk/datagovuk.vcl.tftpl +++ b/modules/datagovuk/datagovuk.vcl.tftpl @@ -39,6 +39,11 @@ backend F_cname_find_eks_${environment}_govuk_digital { sub vcl_recv { ${indent(2, file("${module_path}/../shared/_boundary_headers.vcl.tftpl"))} + # Serve 404 if source IP/netblock is denylisted. + if (table.lookup(ip_address_denylist, client.ip)) { + error 404 "Not Found"; + } + # Require authentication for PURGE requests set req.http.Fastly-Purge-Requires-Auth = "1"; @@ -204,4 +209,4 @@ sub vcl_error { sub vcl_pass { #FASTLY pass -} \ No newline at end of file +}