Help with IP Detection when using SSL

Lukas Tribus luky-37 at hotmail.com
Tue Dec 31 00:29:56 CET 2013 

Hi,


> I am having problems with detecting the genuine IP address of users
> connecting to the system. The $_SERVER["REMOTE_ADDR"] shows the IP
> address of the load balancer/cache and not of the user visiting the
> site. 

Your description suggests that varnish doesn't see the actual content,
because its only relaying encrypted traffic towards your backends, but
that doesn't make any sense.

I suspect that your design is different, please elaborate.



> I have a nginx / varnish which acts as a load balancer and cache

What does "I have a nginx / varnish" mean? Either one or the other, if they
are both in use, please explain what *the individual instance does*.

Is nginx acting as load balancer, with varnish between your apache backend
and the nginx frontend acting as cache?



> Unfortunately due to strict security requirements we are not able to
> offload SSL onto the load balancer/cache it has to go to apache. 

So you don't need varnish at all, given that SSL is terminated on your
final backend and varnish can not magically cache the encrypted payload.



> Has anyone got any ideas on how we could detect the IP address, when
> using SSL?

I don't understand your configuration, but usually this kind of problem
can be workaround'ed:

a) using a frontent proxy in transparent mode as your default gateway
   (haproxy can do this)

b) using a proprietary protocol, like HAProxy's PROXY protocol. Patch
   is available for varnish [1], nginx [2]; Amazon ELB supports it
   already [3].

The former is complicated and messy. The latter requires software support.




Regards,

Lukas


[1] http://comments.gmane.org/gmane.comp.web.haproxy/14599
[2] http://trac.nginx.org/nginx/ticket/355
[3] http://aws.typepad.com/aws/2013/07/elastic-load-balancing-adds-support-for-proxy-protocol.html 		 	   		  
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_senor_pinchy.png
Type: image/png
Size: 4332 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature2_12.jpg
Type: image/jpeg
Size: 1244 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0002.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_oncommerce_logo.png
Type: image/png
Size: 5758 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_footer_twitter.png
Type: image/png
Size: 3575 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_footer_facebook.png
Type: image/png
Size: 2802 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_footer_google.png
Type: image/png
Size: 2856 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_onbuy.png
Type: image/png
Size: 5216 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0013.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_onrecycle_logo.png
Type: image/png
Size: 6416 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0014.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature2_13.jpg
Type: image/jpeg
Size: 1298 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0003.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: onbay_email_centerprise_logo.png
Type: image/png
Size: 9852 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0015.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spacer.gif
Type: image/gif
Size: 13126 bytes
Desc: not available
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20131231/2a60894e/attachment-0001.gif>

More information about the varnish-misc mailing list