add req.http.x-forwarded-for header

Andreas Götzfried revirii at googlemail.com
Thu Jan 31 15:02:09 CET 2013


Hello,
i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (127.0.0.1:81)
https: nginx (public ip:443) -> proxy_pass to same varnish instance ->
nginx-backend (127.0.0.1:81)

When varnish receives the requests proxied by nginx (https), varnish
sees 127.0.0.1 as source, and there seems to be no solution getting
varnish see the real ip. But, as you might guess, i want the public ip
(need it for performance reasons) of the user.

For https i found a solution. nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But i'm not able to set this header when nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip;
}

My intention was: if this header isn't set (and it shouldn't when
varnish is accessed directly via https), set it with the value of the
client ip. I've tried a couple of variations, but in the end the value
in the varnishncsa log is always empty. Well... what am i doing wrong?
Where's the error?


thx
Andreas



More information about the varnish-misc mailing list