x-forwarded-for problems since 2.1
Angelo Höngens
a.hongens at netmatch.nl
Tue Apr 13 08:50:39 CEST 2010
On 13-4-2010 8:42, Poul-Henning Kamp wrote:
> In message <2903443B3710364B814B820238DDEF2CA761B637 at TIL-EXCH-01.netmatch.local
>> , =?iso-8859-1?Q?Angelo_H=F6ngens?= writes:
>>
>> In my vcl_recv I have:
>>
>> remove req.http.X-Forwarded-For;
>> set req.http.X-Forwarded-For = req.http.rlnclientipaddr;
>>
>> Since I upgraded to 2.1 yesterday, the header is no longer sent to backends
>> .. Any ideas?
>
> In 2.1 we have moved X-F-F processing to the default VCL, you need
> to make sure you do not hit that code if you want to do you own
> X-F-F processing.
>
> Poul-Henning
>
> PS: I wonder if we should change the default.vcl to not touch an
> existing X-F-F header by default ? Input from the list ?
>
I don't think that was the problem here, I did handle the header in my
vcl_recv (as per http://varnish-cache.org/wiki/VCLExampleAlexc), but
suddenly the header was missing. Now I changed the value being set from
req.http.rlnclientipaddr to client.ip, and now it's setting the header
again.
I don't want to use the default handling of the header, because I want
to specifically remove all xff headers te client requests come with, not
just add mine.
However, I think the default behaviour you describe in
http://varnish-cache.org/changeset/4467, adding an xff header to an
existing one if there is one, is exactly what I expect a proxy to do
(and squid does this in the same way).
--
With kind regards,
Angelo Höngens
systems administrator
MCSE on Windows 2003
MCSE on Windows 2000
MS Small Business Specialist
------------------------------------------
NetMatch
tourism internet software solutions
Ringbaan Oost 2b
5013 CA Tilburg
+31 (0)13 5811088
+31 (0)13 5821239
A.Hongens at netmatch.nl
www.netmatch.nl
------------------------------------------
More information about the varnish-misc
mailing list