Change client.ip based on x-forwaded-for headers?

Stephen Wood smwood4 at
Mon Aug 5 23:05:05 CEST 2013

Is there a way to change client.ip?

For example, I would like to set up an ACL to block certain IPs, but since
the instances are behind a load balancer the only thing I have to work with
is the x-forwarded-for header. I've tried something like this:

sub vcl_recv {
  if (req.http.X-Forwarded-For) {
    set client.ip = req.http.X-Forwarded-For;

But of course that kind of thing doesn't compile.

Can someone please advise me on this issue or the broader question about
implementing ACLs via x-forwarded-for headers for those of us stuck behind
another load balancer?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the varnish-misc mailing list