pass user IP to file

Stefan Pommerening pom at
Tue Nov 30 11:46:09 CET 2010


please note that for passing the correct X-Forwarded-For header to
your backend webserver you will need to unset the X-Forwarded-For
header in your VCL because any client-side squid will set the same
header resulting in a list of IP addresses contained in one single
X-Forwarded-For header.

sub vcl_recv {
    # Remove incoming X-Forwarded-For header to let
    # Varnish insert a new header useful for Apache logging
    remove req.http.X-Forwarded-For;

Now you can perform any actions (on backend) based on the
setting of the X-Forwarded-For header.

Nevertheless you should ensure that you've configured this
specific file not to be cached in varnish by 'pass' it based on
a regular expression (url based) in your VCL, too.


Am 30.11.2010 09:17, schrieb Wido den Hollander:
> Hi Andy,
> Take a look at mod_extract_forwarded for Apache, this will help you.
> Or mod_rpath does the same.
> Just make sure you pass the correct X-Forwarded-For header in your VCL.
> Wido
> On Mon, 2010-11-29 at 21:48 +0000, Andy Bailey wrote:
>> I have a file on my server that checks a user hasn't accessed it more
>> than 5 times in the past 5 minutes by saving the IP address of every
>> request. Since having varnish installed, the file is denying access to
>> everyone because for some reason the IP address that is being stored
>> is always my server IP. How would I make sure that requests to that
>> file pass the users IP address?
>> hope you can help?

More information about the varnish-misc mailing list