add req.http.x-forwarded-for header

Rangel, Raul Raul.Rangel at
Wed Feb 6 16:01:26 CET 2013

The default.vcl included with varnish sets the X-Forwarded-For header or even appends to it if it exists. I'm assuming your vcl_recv has a return statement that is preventing the default from running.


-----Original Message-----
From: varnish-misc-bounces at [mailto:varnish-misc-bounces at] On Behalf Of Andreas Götzfried
Sent: Wednesday, February 06, 2013 5:20 AM
To: varnish-misc at
Subject: add req.http.x-forwarded-for header

i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (
https: nginx (public ip:443) -> proxy_pass to same varnish instance -> nginx-backend (

When varnish receives the requests proxied by nginx (https), varnish sees as source, and there seems to be no solution getting varnish see the real ip. But, as you might guess, i want the public ip (need it for performance reasons) of the user. But i found a solution
- nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But for http (managed by varnish) i'm not able to set this header when nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip; }

My intention was: if this header isn't set (and it shouldn't when varnish directly receives requests via http), set it with the value of the client ip. I've tried a couple of variations, but in the end the value in the varnishncsa log is always empty. Well... what am i doing wrong? Where's the error?


varnish-misc mailing list
varnish-misc at

More information about the varnish-misc mailing list