cd
yum install -y ncurses-devel libedit-devel readline-devel ksh varnish-libs-devel libtool automake rpm-build pcre-devel python-docutils
ln -s /bin/ksh /usr/bin/

wget http://repo.varnish-cache.org/redhat/varnish-3.0/el6/src/varnish/varnish-3.0.5-1.el6.src.rpm
rpm -ivh varnish-3.0.5-1.el6.src.rpm
rpmbuild -ba ~/rpmbuild/SPECS/varnish.spec
rpm -ivh ~/rpmbuild/RPMS/x86_64/varnish-*.rpm

wget https://github.com/lkarsten/libvmod-ipcast/archive/master.zip
mkdir ~/Build/
cd ~/Build/
unzip ~/master.zip
cd ~/Build/libvmod-ipcast-master/
./autogen.sh
./configure VARNISHSRC=~/rpmbuild/BUILD/varnish-3.0.5
make
make install
make check

vi /etc/varnish/default.vcl

# Varnish & redirecting countries / by country blocking
# Allow nz ACL to localhost:8080, redirect others to localhost:81
# Pound listens at 443 and connects to varnish listening at localhost:8081
# Pound.cfg has
#    ListenHTTPS
#        HeadRemove "X-Forwarded-Proto"
#        AddHeader "X-Forwarded-Proto: https"

# NOTE Sequencing below matters.  Think C function prototypes

import ipcast;

acl nz {
    "10.0.0.0"/8;
    "172.16.0.0"/12;
    "192.168.0.0"/16;
}

backend worldserver {
    .host = "127.0.0.1";
    .port = "81";
}

sub vcl_recv {
    if (req.http.X-Forwarded-For !~ ",") {
        set req.http.xff = req.http.X-Forwarded-For;
    } else {
        set req.http.xff = regsub(req.http.X-Forwarded-For,
                "^[^,]+.?.?(.*)$", "\1");
    }

    if (ipcast.clientip(req.http.xff) != 0) {
        error 400 "Bad request";
    }

    if (client.ip !~ nz) {
           # error 403 "Forbidden";
        set req.backend = worldserver;
    }
}

backend default {
  .host = "127.0.0.1";
  .port = "8080";
}