varnish-bugs at varnish-cache
Jul 22, 2013, 5:24 AM
Post #3 of 4
(45 views)
Permalink
|
|
Re: #1329: Option to respect X-Forwarded-For header in varnishncsa
[In reply to]
|
|
#1329: Option to respect X-Forwarded-For header in varnishncsa
-------------------------+--------------------
Reporter: mhelmich | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: varnishncsa | Version: 3.0.4
Severity: minor | Resolution:
Keywords: |
-------------------------+--------------------
Comment (by mhelmich):
For us the "-f" switch (with the patched behaviour) has proven itself
quite useful. In our case, we handle both requests with and without X
-Forwarded-For header (and currently I don't see how to handle this with
the -F switch alone).
Some more background on this:[[BR]]
We operate varnish behind a loadbalancing system that operates on an
IPv4/IPv6 dual-stack. The internal network is IPv4-only. For native IPv4
requests, the client IP contains the actual IP address; for translated
IPv6 request however, varnish sees only the IPv4 address of our
loadbalancing system (which -- in this case -- sets the X-Forwarded-For
header with the forwarded IPv6 address).
One possible (and more general) use case might be, when you are running
varnish behind another reverse proxy as SSL terminator. When you have
varnish listening on port 80, and an nginx on port 443, you will probably
also have both request with and without an X-Forwarded-For header.
This allows us to just use the "%h" parameter in the log line format and
to have it replaced with the X-Forwarded-For header if present, or the
actual client ip otherwise.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1329#comment:2>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
_______________________________________________
varnish-bugs mailing list
varnish-bugs [at] varnish-cache
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-bugs
|
