Varnish client IP address not display
Geoff Simmons
geoff at uplex.de
Mon Mar 19 09:17:34 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 3/19/12 9:00 AM, Michael Alger wrote:
>> On Mon, Mar 19, 2012 at 4:36 PM, Jewel Nuruddin wrote:
>>> My varnish is run on 10.70.18.22 server and my web server run
>>> back end 10.70.18.30 When client browse through varnish in my
>>> web server it always show varnish IP(10.70.18.22) But I want my
>>> web server should display client IP address. I use the
>>> following configuration
>> Sorry I the configuration is bellow, please ignore my previous
>> configuration.
>>
>> sub vcl_recv { remove req.http.X-Forwarded-For; set
>> req.http.X-Forwarded-For = client.ip;
>>
>> }
>>
>> But still it did not work for me !!!
>
> The above code adds a new header "X-Forwarded-For" which will
> contain the IP address of the client, as seen by Varnish. You can
> modify the backend server to utilise this header rather than the
> address of the connection itself, if you wish to
> display/store/etc. the client's IP address. This is fairly easy if
> you're displaying this information in your own server-side code
> (PHP, ASP, etc.).
Should add to this that in vcl_recv(), we don't know if the request
will be seen by a backend at all -- it depends on whether or not
Varnish decides to deliver a cached object. If backends generate
responses that include a client IP obtained from X-Forwarded-For, and
those responses are cached, then when Varnish returns the cached
object, it will have whatever client IP was included when the backend
generated it. That very likely *won't* be the IP of the client who
sent the current request.
If you want Varnish to return responses that include the current
client IP every time, then it is almost certainly impossible to have
Varnish cache those responses. There might be some sort of trick here,
perhaps some kind of black magic with ESI, but I doubt it.
Is this is a problem you could solve some other way? Having the
current client IP in every response and caching with Varnish are two
goals that are in conflict with one another.
Best,
Geoff
- --
UPLEX Systemoptimierung
Schwanenwik 24
22087 Hamburg
http://uplex.de/
Mob: +49-176-63690917
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBCAAGBQJPZuudAAoJEOUwvh9pJNUReZoP/jTCsZB1HNE3s9nv5ybtrTOR
2KWLmGlkF5ZoO7GAVfy+20FwP2RoeBphAl6k8N2Wve3a5bP5ZgUZT3dtlHUh1u9l
LGuW2qBtU76yNnHpGWbQXifTN26DZ6e24MuWkr+mpMbPe0kAFSxEukvmVSBZGwgW
IVbsIW025AnkNL3DHUvE3NcBYnw/zuGuvBWF2NyT7a+hC/jJfE9KUv2GVGRKhK8o
UtTl8TiyWZsKIWLGGJuWg4pNMKxLoGyXiHuY4FAs32u96m14yrvIc27/IB1N6rJw
x7Od8oNYPYrUp9sI5o/KIVqAM7kg1kqlAy7/HdZ647JyXMODQqf4HxjURa+1NpJl
STNrLh9VTgNBIMHiGBpyq54tBm1Hr43qh/JN9T8OegkuCbf1Jpmb2nwP+S4mt6hu
CH3qbWm6HDdX20c5s9n9Pq+m2NCz7pKkWv0QJmtVHigriiZBaQEcTRynAboctbGD
DcgJkkCvVfNYpSPJvHQndkHUj7vXoilN7wUXUQm3mB111RpqeiZ5BaocgeJ+iXHf
FScApUGhYDxI/FbCkSj9tHo5RSpydorNqwkQREFLgzre1pUBBt4Xu6vg5eEdQt1l
ialnhCXYZeS0zxq+3QFQvs3mpKJZ60HFZEcjBqPPzKcAqxhKe1y057PjHoyY+GFp
FEQBlT1LfpQVu9pTutcU
=nJcZ
-----END PGP SIGNATURE-----
More information about the varnish-misc
mailing list