Setting Up Varnish Security Firewall

Varnish can add a extra layer of security as well as HTTP accelerator. https://github.com/comotion/VSF is a Web Application Firewall (WAF) written using the Varnish Control Language (VCL) and a sprinkling of Varnish Modules (vmods). If you want to know how to install vmod go to http://blog.jambura.com/2014/09/28/building-a-varnish-vmod/

To install Varnish Security Firewall we need to install 4 different

If you varnish version is 3.x.x then use https://github.com/fastly/libvmod-urlcode/tree/varnish-3 for libvmod-urlcode.

After you setup all 4 vmods then download the https://github.com/comotion/VSF. I am assuming you are following http://blog.jambura.com/2014/09/28/building-a-varnish-vmod/.

git clone https://github.com/comotion/VSF.git

So the path to VSF’s vcl is /root/varnish/VSF/vcl/. now symlink the vcl directory into /etc/varnish/security

cd /etc/varnish && ln -s /root/varnish/VSF/vcl security

then you edit your default.vcl and add this line near the top:

include "/etc/varnish/security/vsf.vcl";

after that restart varnish.

service varnish restart

About Zakir Hyder

This entry was written by .

01. October 2014 by Zakir Hyder
Categories: Ubuntu, Varnish | Tags: , , , , , , | Comments

Comments

  1. […] Setting Up Varnish Security Firewall  […]

  2. […] Notification Service Agent” in access log. But there were no records. I figure out that VSF was blocking the […]