Set up a purge ACL


How do I set up an access control list so that only people in my office network can purge files on Fastly?

Intro to using curl with Fastly

First of all you define the ACL:

acl office {
    ""/24; /* if you're lucky enough to have a whole /24 assigned */
    "";   /* if your whole office is just behind a single NAT IP */

Then in vcl_recv you put:

    if (req.request == "FASTLYPURGE" /* check that the request is a purge */
        && !(client.ip ~ office)) {  /* and that the requesting IP is not within the ACL */
        error 403 "Access Denied";

The reason to not just do an else with return(lookup) is that there might be changes to the request made in vcl_recv further down, and if you skip those the purge will fail.