Skip to content

Commit

Permalink
Fix missing denylist in datagovuk vcl_recv.
Browse files Browse the repository at this point in the history
  • Loading branch information
sengi committed Apr 2, 2024
1 parent a639c85 commit e76402d
Showing 1 changed file with 6 additions and 1 deletion.
7 changes: 6 additions & 1 deletion modules/datagovuk/datagovuk.vcl.tftpl
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,11 @@ backend F_cname_find_eks_${environment}_govuk_digital {
sub vcl_recv {
${indent(2, file("${module_path}/../shared/_boundary_headers.vcl.tftpl"))}

# Serve 404 if source IP/netblock is denylisted.
if (table.lookup(ip_address_denylist, client.ip)) {
error 404 "Not Found";
}

# Require authentication for PURGE requests
set req.http.Fastly-Purge-Requires-Auth = "1";

Expand Down Expand Up @@ -204,4 +209,4 @@ sub vcl_error {

sub vcl_pass {
#FASTLY pass
}
}

0 comments on commit e76402d

Please sign in to comment.