[Varnish] #1329: Option to respect X-Forwarded-For header in varnishncsa
Varnish
varnish-bugs at varnish-cache.org
Mon Jul 22 14:24:09 CEST 2013
#1329: Option to respect X-Forwarded-For header in varnishncsa
-------------------------+--------------------
Reporter: mhelmich | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: varnishncsa | Version: 3.0.4
Severity: minor | Resolution:
Keywords: |
-------------------------+--------------------
Comment (by mhelmich):
For us the "-f" switch (with the patched behaviour) has proven itself
quite useful. In our case, we handle both requests with and without X
-Forwarded-For header (and currently I don't see how to handle this with
the -F switch alone).
Some more background on this:[[BR]]
We operate varnish behind a loadbalancing system that operates on an
IPv4/IPv6 dual-stack. The internal network is IPv4-only. For native IPv4
requests, the client IP contains the actual IP address; for translated
IPv6 request however, varnish sees only the IPv4 address of our
loadbalancing system (which -- in this case -- sets the X-Forwarded-For
header with the forwarded IPv6 address).
One possible (and more general) use case might be, when you are running
varnish behind another reverse proxy as SSL terminator. When you have
varnish listening on port 80, and an nginx on port 443, you will probably
also have both request with and without an X-Forwarded-For header.
This allows us to just use the "%h" parameter in the log line format and
to have it replaced with the X-Forwarded-For header if present, or the
actual client ip otherwise.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1329#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list