[Varnish] #203: X-Forwarded-For handling

Varnish varnish-bugs at projects.linpro.no
Thu Feb 14 10:19:48 CET 2008

#203: X-Forwarded-For handling
 Reporter:  des          |        Owner:  phk  
     Type:  enhancement  |       Status:  new  
 Priority:  normal       |    Milestone:       
Component:  varnishd     |      Version:  trunk
 Severity:  normal       |   Resolution:       
 Keywords:               |  
Comment (by phk):

 I don't think I have ever found any definitive documentation of how X
 -Forwaded-For is supposed to work, as indicated by the X- it may not

 The X-Forwarded-For is added in the filtering step, so it can be removed
 in either of vcl_miss, vcl_pass or vcl_pipe if you do not want to send it
 to the backend (and this should be documented)

 With respect to editing kontra appending, I am not sure if we append an
 extra or overwrite the existing X-Forwarded-For header, the last would be
 a bug I think.  (We have issues in this
 area in general.)

 I'm not particular religious about appending with a comma or adding a new
 line, lacking a standard we should do what is most robust with web-

 Where you write "post mode" above, you mean "pipe" mode.

 We know that the first transaction on a piped connection is a HTTP,
 because otherwise we would never get that far in the first place.
 Inserting, as we do, X-Forwarded-For is perfectly sensible, and I would
 say, required, since we otherwise would deprive the backend of a chance to
 log things correctly.  What happens on the connection after we send the
 HTTP request to the backend is out of our hands.

 Ideally pass should be able to handle all HTTP transactions, also Expect
 etc, but there may be no cost-benefit from doing all that work.

Ticket URL: <http://varnish.projects.linpro.no/ticket/203#comment:2>
Varnish <http://varnish.projects.linpro.no/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list