[Varnish] #1329: Option to respect X-Forwarded-For header in varnishncsa

Varnish varnish-bugs at varnish-cache.org
Mon Jul 22 14:24:09 CEST 2013

#1329: Option to respect X-Forwarded-For header in varnishncsa
 Reporter:  mhelmich     |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:
Component:  varnishncsa  |     Version:  3.0.4
 Severity:  minor        |  Resolution:
 Keywords:               |

Comment (by mhelmich):

 For us the "-f" switch (with the patched behaviour) has proven itself
 quite useful. In our case, we handle both requests with and without X
 -Forwarded-For header (and currently I don't see how to handle this with
 the -F switch alone).

 Some more background on this:[[BR]]
 We operate varnish behind a loadbalancing system that operates on an
 IPv4/IPv6 dual-stack. The internal network is IPv4-only. For native IPv4
 requests, the client IP contains the actual IP address; for translated
 IPv6 request however, varnish sees only the IPv4 address of our
 loadbalancing system (which -- in this case -- sets the X-Forwarded-For
 header with the forwarded IPv6 address).

 One possible (and more general) use case might be, when you are running
 varnish behind another reverse proxy as SSL terminator. When you have
 varnish listening on port 80, and an nginx on port 443, you will probably
 also have both request with and without an X-Forwarded-For header.

 This allows us to just use the "%h" parameter in the log line format and
 to have it replaced with the X-Forwarded-For header if present, or the
 actual client ip otherwise.

Ticket URL: <https://www.varnish-cache.org/trac/ticket/1329#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator

More information about the varnish-bugs mailing list