ansible-inventories/arocom#163 Configure HaProxy and Varnish to also handle BAN requests on port 80

templates/default.vcl

@@ -63,14 +63,29 @@ sub vcl_recv {
   unset req.http.proxy;
 
   # Allow purging
-  if (req.method == "PURGE") {
+  if (req.method == "PURGE" || req.method == "BAN") {
     # Make sure that HaProxy has been setting the header value x-real-ip properly
     if (!std.ip(req.http.x-real-ip, "0.0.0.0") ~ purge) { # purge is the ACL defined at the beginning
       # Not from an allowed IP? Then die with an error.
-      return (synth(405, "This IP is not allowed to send PURGE requests."));
+      return (synth(405, "This IP is not allowed to send PURGE or BAN requests."));
     }
-    # If you got this stage (and didn't error out above), purge the cached result
-    return (purge);
+
+    if (req.method == "PURGE") {
+      # If you got this stage (and didn't error out above), purge the cached result
+      return (purge);
+    }
+
+    # Logic for the ban, using the Purge-Cache-Tags header. For more info
+    # see https://github.com/geerlingguy/drupal-vm/issues/397.
+    if (req.http.Purge-Cache-Tags) {
+      ban("obj.http.Purge-Cache-Tags ~ " + req.http.Purge-Cache-Tags);
+    }
+    else {
+      return (synth(403, "Purge-Cache-Tags header missing."));
+    }
+
+    # Throw a synthetic page so the request won't go to the backend.
+    return (synth(200, "Ban added."));
   }
 
   # Only deal with "normal" types