x-forwarded-for problems since 2.1

Angelo Höngens a.hongens at netmatch.nl
Tue Apr 13 08:50:39 CEST 2010

On 13-4-2010 8:42, Poul-Henning Kamp wrote:
> In message <2903443B3710364B814B820238DDEF2CA761B637 at TIL-EXCH-01.netmatch.local
>> , =?iso-8859-1?Q?Angelo_H=F6ngens?= writes:
>> In my vcl_recv I have:
>> remove req.http.X-Forwarded-For;
>> set    req.http.X-Forwarded-For = req.http.rlnclientipaddr;
>> Since I upgraded to 2.1 yesterday, the header is no longer sent to backends
>> .. Any ideas?
> In 2.1 we have moved X-F-F processing to the default VCL, you need
> to make sure you do not hit that code if you want to do you own
> X-F-F processing.
> Poul-Henning
> PS: I wonder if we should change the default.vcl to not touch an
> existing X-F-F header by default ?  Input from the list ?

I don't think that was the problem here, I did handle the header in my
vcl_recv (as per http://varnish-cache.org/wiki/VCLExampleAlexc), but
suddenly the header was missing. Now I changed the value being set from
req.http.rlnclientipaddr to client.ip, and now it's setting the header

I don't want to use the default handling of the header, because I want
to specifically remove all xff headers te client requests come with, not
just add mine.

However, I think the default behaviour you describe in
http://varnish-cache.org/changeset/4467, adding an xff header to an
existing one if there is one, is exactly what I expect a proxy to do
(and squid does this in the same way).


With kind regards,

Angelo Höngens
systems administrator

MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
tourism internet software solutions

Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239

A.Hongens at netmatch.nl

More information about the varnish-misc mailing list