How to return empty response with Varnish?

Question

When a request come on a Varnish server, I would like to return an empty response or simply close the connection, if the requested server name is not known.

For example from nginx (the backend side of Varnish) I did that:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    return 444;
}
server {
    listen 80;
    listen [::]:80;
    server_name my.example.org
}

So, when an user/robot come on this nginx server with an address IP or an unknown host, it got: The connection was reset .

How do I?

---

With this configuration on nginx side and nothing more on Varnish side, if I try to access to the Varnish server with his public IP, I have: Error 503 Backend fetch failed - Backend fetch failed - Guru Meditation .

Perhaps there is a possibility on Varnish side, when response from backend (nginx) is 444, to simply close the connexion.

Answer 1

If Varnish is hosted on the same machine as your Nginx server, Varnish should be listening on port 80 and Nginx on port 8080 .

Once Varnish can reach Nginx, the Backend fetch failed issue will go away.

In Varnish you don't need to configure anything special, whatever Nginx returns, Varnish will handle. However, if you want to handle this in Varnish before Nginx is reached, you could use the following VCL code:

sub vcl_recv {
    if(req.http.Host != "my.example.org") {
        return(synth(403));
    }
}

This assumes that my.example.org is the right Host header. This also assumes that returning a synthetic 403 Forbidden is an acceptable return value.