Not always forwarding client ip

Dridi Boukelmoune dridi.boukelmoune at zenika.com
Wed Sep 18 08:12:08 CEST 2013 

Hi,

Setting req.http.X-Forwarded-For in your VCL doesn't help much.
Varnishncsa reads this header from the shared logs, and I believe that
changing a header after you've received the request headers (that is
to say in your VCL) won't  be logged.

However, I have this VMOD that does exactly what you want, it can log
a header and trick varnishncsa into thinking that it genuinely came
from the actual HTTP request:
https://github.com/Dridi/libvmod-logger#example

Best Regards,
Dridi

On Tue, Sep 17, 2013 at 9:35 PM, Jason Ledford <jledford at biltmore.com> wrote:
> I have a new setup of varnish and apache and the apache logs are not
> consistently getting the x-forwarded-for client ip.  It does get them so I
> feel like its working, but its not all the time.  I have googled around and
> believe its setup correct.  Varnish has the following defined in the
>
> set req.http.X-Forwarded-For = client.ip;
>
>
>
> and apache is setup with a custom log file:
>
> LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\"
> \"%{User-Agent}i\"" varnishcombined
>
>
>
> In my logs some entries have my ip and some just have - - - for the ip.
> Here is an example with personal info stripped
>
>
>
> 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_js/jquery.cookie.js
> HTTP/1.1" 200 837 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1"
> 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg
> HTTP/1.1" 200 27355 "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1"
> 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1"
> 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> - - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg HTTP/1.1"
> 304 - "mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
> 10.1.250.30 - - [17/Sep/2013:15:31:14 -0500] "GET /_images/dropdown/file.jpg
> HTTP/1.1" 200 29160 "http://mysiteurl" "Mozilla/5.0 (Windows NT 6.1; WOW64)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.66 Safari/537.36"
>
>
>
>
>
> Any help you can offer would be great.  Without this I can’t limit using an
> htaccess since its not reliable where the source is coming from.  Thanks for
> your help.
>
>
>
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc at varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

More information about the varnish-misc mailing list