add req.http.x-forwarded-for header

Rangel, Raul Raul.Rangel at disney.com
Wed Feb 6 16:01:26 CET 2013


The default.vcl included with varnish sets the X-Forwarded-For header or even appends to it if it exists. I'm assuming your vcl_recv has a return statement that is preventing the default from running.

Raul

-----Original Message-----
From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-bounces at varnish-cache.org] On Behalf Of Andreas Götzfried
Sent: Wednesday, February 06, 2013 5:20 AM
To: varnish-misc at varnish-cache.org
Subject: add req.http.x-forwarded-for header

Hello,
i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (127.0.0.1:81)
https: nginx (public ip:443) -> proxy_pass to same varnish instance -> nginx-backend (127.0.0.1:81)

When varnish receives the requests proxied by nginx (https), varnish sees 127.0.0.1 as source, and there seems to be no solution getting varnish see the real ip. But, as you might guess, i want the public ip (need it for performance reasons) of the user. But i found a solution
- nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But for http (managed by varnish) i'm not able to set this header when nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip; }

My intention was: if this header isn't set (and it shouldn't when varnish directly receives requests via http), set it with the value of the client ip. I've tried a couple of variations, but in the end the value in the varnishncsa log is always empty. Well... what am i doing wrong? Where's the error?


thx
Andreas

_______________________________________________
varnish-misc mailing list
varnish-misc at varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc



More information about the varnish-misc mailing list