add req.http.x-forwarded-for header

Rangel, Raul Raul.Rangel at disney.com
Thu May 2 16:19:09 CEST 2013 

The default vcl_recv will handle setting the X-Forwarded-For header. You can see the default here: https://www.varnish-cache.org/trac/browser/bin/varnishd/default.vcl?rev=3.0

Do you have a return(XXX); in your vcl_recv? If you do then it will never execute the default vcl_recv which sets the X-Forwarded-For. Your other option is to just copy/paste the X-Forwarded-For code from the default.vcl into your vcl_recv.

Raul

-----Original Message-----
From: varnish-misc-bounces at varnish-cache.org [mailto:varnish-misc-bounces at varnish-cache.org] On Behalf Of Andreas Götzfried
Sent: Thursday, January 31, 2013 7:02 AM
To: varnish-misc at varnish-cache.org
Subject: add req.http.x-forwarded-for header

Hello,
i use varnish (3.0.2) and nginx (1.2.1), and i have a special setup:

http: varnish (listens on *.80) -> nginx-backend (127.0.0.1:81)
https: nginx (public ip:443) -> proxy_pass to same varnish instance -> nginx-backend (127.0.0.1:81)

When varnish receives the requests proxied by nginx (https), varnish sees 127.0.0.1 as source, and there seems to be no solution getting varnish see the real ip. But, as you might guess, i want the public ip (need it for performance reasons) of the user.

For https i found a solution. nginx is able to pass the real ip in a header:

proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;

By customizing the varnishncsa log format i'm able to see the users'
ip address passed by nginx. So far, so good.

But i'm not able to set this header when nginx isn't involved. I tried this:

At the beginning of 'sub vcl_recv':

if (!req.http.X-Forwarded-For) {
    set req.http.X-Forwarded-For = client.ip; }

My intention was: if this header isn't set (and it shouldn't when varnish is accessed directly via https), set it with the value of the client ip. I've tried a couple of variations, but in the end the value in the varnishncsa log is always empty. Well... what am i doing wrong?
Where's the error?


thx
Andreas

_______________________________________________
varnish-misc mailing list
varnish-misc at varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list