Logging the client IP with Nginx/Varnish/Apache

david raistrick drais at icantclick.org
Mon Oct 22 18:34:55 CEST 2012

On Mon, 22 Oct 2012, Rowan @ Jetboy wrote:

> My problem is that if the traffic is coming via Nginx, while the 'correct'
> client IP is getting logged in the VarnishNCSA logs, it looks as if Varnish
> is (understandably) replacing Nginx's X-Forwarded-For header with
> downstream, and this is getting logged with Apache. Is there a nice simple
> way to stop Varnish rewriting X-Forwarded-For if it's already populated?

choose your own adventure.

in vcl_recv:

         if (req.http.x-forwarded-for) {
             # remove req.http.X-Forwarded-For;
             # set req.http.X-Forwarded-For = client.ip;
             #retain x-forwarded-for data and append
             set req.http.X-Forwarded-For = req.http.X-Forwarded-For "," client.ip;
         } else {
             set req.http.X-Forwarded-For = client.ip;

(noting that I use 2.1...)

david raistrick        http://www.netmeister.org/news/learn2quote.html
drais at icantclick.org       ascii ribbon campaign - stop html mail

More information about the varnish-misc mailing list