add req.http.x-forwarded-for header

Andreas Götzfried revirii at
Wed Feb 6 13:19:58 CET 2013

i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (
https: nginx (public ip:443) -> proxy_pass to same varnish instance ->
nginx-backend (

When varnish receives the requests proxied by nginx (https), varnish
sees as source, and there seems to be no solution getting
varnish see the real ip. But, as you might guess, i want the public ip
(need it for performance reasons) of the user. But i found a solution
- nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But for http (managed by varnish) i'm not able to set this header when
nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip;

My intention was: if this header isn't set (and it shouldn't when
varnish directly receives requests via http), set it with the value of
the client ip. I've tried a couple of variations, but in the end the
value in the varnishncsa log is always empty. Well... what am i doing
wrong? Where's the error?


More information about the varnish-misc mailing list