Stefan Caunter

If varnishd is now started with a -S secret-file argument, user connections are authenticated.

This solves the wide openness of the management access point to varnish. Usual workaround is to simply ssh to a shell on a restricted machine, but if you are running varnish on a system where there is shell access, any user can telnet to the management port and, well, manage varnish (by design).

This solution prevents that situation for hosting providers, and should allow wider deployments on multi-use non-dedicated servers.

http://varnish.projects.linpro.no/wiki/CLI