Ticket #540 (closed defect: fixed)

Opened 7 months ago

Last modified 2 months ago

X-Forwarded-For created and not appended.

Reported by: bmfurtado Owned by:
Priority: normal Milestone:
Component: build Version: trunk
Severity: normal Keywords:
Cc:

Description

Cheers,

On our infrastructure we have a reverse-proxy/connection multiplexer (Juniper DX3600) in front of our varnish cluster.

Today I was trying to figure out why the X-Forwarded-For our backend servers were getting was not including the original client's ip...

After some debugging I discovered that Varnish was in fact ignoring the previously existing X-Forwarded-For header and adding a new one of its own...

I have attached the output of 1 request taken from "varnishlog -b" and as you can see, on line 13 we have the X-Forwarded-For header coming from the DX and on line 15 the one varnish added.

I don't think this is the expected behaviour...

Thanks in advance.

Attachments

varnishlog Download (1.5 KB) - added by bmfurtado 7 months ago.

Change History

Changed 7 months ago by bmfurtado

Changed 7 months ago by bmfurtado

Sorry... it seems I added the ticket on the wrong component... please change it to varnishd when possible.

Thanks

Changed 4 months ago by stewsnooze

We have this also on Economist.com. We get two HTTP X-Forwarded-For headers instead of an edited original.

Changed 2 months ago by David Strauss

I've posted a workaround here for users of Pressflow:

 https://wiki.fourkitchens.com/display/PF/Workaround+for+Varnish+X-Forwarded-For+bug

Changed 2 months ago by phk

  • status changed from new to closed
  • resolution set to fixed

(In [4467]) Produce the X-Forwarded-For: header in vcl_recv, so people can tweak as they want.

Append to already existing header if possible.

NB: If you return early from your own vcl_recv, without pasting these lines in top of your vcl_recv, your backend gets no X-F-F header.

Fixes #601 Fixes #540

Note: See TracTickets for help on using tickets.