Logging the client IP with Nginx/Varnish/Apache

Rowan @ Jetboy rowan at jetboy.co.uk
Mon Oct 22 18:22:35 CEST 2012


I have Nginx listening on port 443 as an SSL terminator, and proxying
unencrypted traffic to Varnish on the same server. Varnish is handling this
traffic, and traffic coming in directly on port 80. All traffic is passed,
unencrypted, to Apache instances on other servers in the cluster. The Apache
instances use mod_rpaf to replace the logged client IP with the contents of
the X-Forwarded-For header.

 

My problem is that if the traffic is coming via Nginx, while the 'correct'
client IP is getting logged in the VarnishNCSA logs, it looks as if Varnish
is (understandably) replacing Nginx's X-Forwarded-For header with 127.0.0.1
downstream, and this is getting logged with Apache. Is there a nice simple
way to stop Varnish rewriting X-Forwarded-For if it's already populated?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20121022/db7689d0/attachment.html>


More information about the varnish-misc mailing list