add req.http.x-forwarded-for header

Andreas Götzfried revirii at
Thu Jan 31 15:02:09 CET 2013

i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (
https: nginx (public ip:443) -> proxy_pass to same varnish instance ->
nginx-backend (

When varnish receives the requests proxied by nginx (https), varnish
sees as source, and there seems to be no solution getting
varnish see the real ip. But, as you might guess, i want the public ip
(need it for performance reasons) of the user.

For https i found a solution. nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But i'm not able to set this header when nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip;

My intention was: if this header isn't set (and it shouldn't when
varnish is accessed directly via https), set it with the value of the
client ip. I've tried a couple of variations, but in the end the value
in the varnishncsa log is always empty. Well... what am i doing wrong?
Where's the error?


More information about the varnish-misc mailing list