Varnish client IP address not display

Jewel Nuruddin jewel.nuruddin at eastbeam.co.jp
Thu Mar 22 07:17:20 CET 2012


Hello All,

sorry for not undestand clearly first.

 Now my understandin is the following code is working

sub vcl_recv {

remove req.http.X-Forwarded-For;

set req.http.X-Forwarded-For = client.ip;

}

 and this will create a new header X-Forwarded-For (which valu will be
client IP address)

now this “X-Forwarded-For” value we have to chatch in our back end web
server like apace, IIS, nginx, tomcat, resin-pro etc!

This is what is understand and its work for me.

 Please make me confirm it.

Or is there other way to catch this client IP in back end server ?

(in my case our application is made by java which need huge change if I use
header "X-Forwarded-For" )

 Thanks

Jewel


On Mon, Mar 19, 2012 at 5:17 PM, Geoff Simmons <geoff at uplex.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 3/19/12 9:00 AM, Michael Alger wrote:
> >> On Mon, Mar 19, 2012 at 4:36 PM, Jewel Nuruddin wrote:
> >>> My varnish is run on 10.70.18.22 server and my web server run
> >>> back  end 10.70.18.30 When client browse through varnish in my
> >>> web server it always show varnish IP(10.70.18.22) But I want my
> >>> web server should display client IP address. I use the
> >>> following configuration
> >> Sorry I the configuration is bellow, please ignore my previous
> >> configuration.
> >>
> >> sub vcl_recv { remove req.http.X-Forwarded-For; set
> >> req.http.X-Forwarded-For = client.ip;
> >>
> >> }
> >>
> >> But still it did not work for me !!!
> >
> > The above code adds a new header "X-Forwarded-For" which will
> > contain the IP address of the client, as seen by Varnish. You can
> > modify the backend server to utilise this header rather than the
> > address of the connection itself, if you wish to
> > display/store/etc. the client's IP address. This is fairly easy if
> > you're displaying this information in your own server-side code
> > (PHP, ASP, etc.).
>
> Should add to this that in vcl_recv(), we don't know if the request
> will be seen by a backend at all -- it depends on whether or not
> Varnish decides to deliver a cached object. If backends generate
> responses that include a client IP obtained from X-Forwarded-For, and
> those responses are cached, then when Varnish returns the cached
> object, it will have whatever client IP was included when the backend
> generated it. That very likely *won't* be the IP of the client who
> sent the current request.
>
> If you want Varnish to return responses that include the current
> client IP every time, then it is almost certainly impossible to have
> Varnish cache those responses. There might be some sort of trick here,
> perhaps some kind of black magic with ESI, but I doubt it.
>
> Is this is a problem you could solve some other way? Having the
> current client IP in every response and caching with Varnish are two
> goals that are in conflict with one another.
>
>
> Best,
> Geoff
> - --
> UPLEX Systemoptimierung
> Schwanenwik 24
> 22087 Hamburg
> http://uplex.de/
> Mob: +49-176-63690917
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBCAAGBQJPZuudAAoJEOUwvh9pJNUReZoP/jTCsZB1HNE3s9nv5ybtrTOR
> 2KWLmGlkF5ZoO7GAVfy+20FwP2RoeBphAl6k8N2Wve3a5bP5ZgUZT3dtlHUh1u9l
> LGuW2qBtU76yNnHpGWbQXifTN26DZ6e24MuWkr+mpMbPe0kAFSxEukvmVSBZGwgW
> IVbsIW025AnkNL3DHUvE3NcBYnw/zuGuvBWF2NyT7a+hC/jJfE9KUv2GVGRKhK8o
> UtTl8TiyWZsKIWLGGJuWg4pNMKxLoGyXiHuY4FAs32u96m14yrvIc27/IB1N6rJw
> x7Od8oNYPYrUp9sI5o/KIVqAM7kg1kqlAy7/HdZ647JyXMODQqf4HxjURa+1NpJl
> STNrLh9VTgNBIMHiGBpyq54tBm1Hr43qh/JN9T8OegkuCbf1Jpmb2nwP+S4mt6hu
> CH3qbWm6HDdX20c5s9n9Pq+m2NCz7pKkWv0QJmtVHigriiZBaQEcTRynAboctbGD
> DcgJkkCvVfNYpSPJvHQndkHUj7vXoilN7wUXUQm3mB111RpqeiZ5BaocgeJ+iXHf
> FScApUGhYDxI/FbCkSj9tHo5RSpydorNqwkQREFLgzre1pUBBt4Xu6vg5eEdQt1l
> ialnhCXYZeS0zxq+3QFQvs3mpKJZ60HFZEcjBqPPzKcAqxhKe1y057PjHoyY+GFp
> FEQBlT1LfpQVu9pTutcU
> =nJcZ
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20120322/c165b098/attachment.html>


More information about the varnish-misc mailing list