I am facing an issue where varnish is not sending Intermediary proxy IP or Public IP in a particular case. Scenario is as below :
Some Hotel / Company has squid proxy configured and all traffic for Internet is routed via Squid.
User accessing my company's site first hits the Load Balancer then Varnish & then Apache
Problem :
In Apache logs (Configured to log X-Forwarded-IP) I see that Users Private IP & then My Load Balancers Private IP.
172.10.5.10, LoadBalancerIP - - [.......]
In Apache logs (Configured to log X-Forwarded-IP) I see that Users Private IP and then his Public IP is also logged.
172.10.5.10, PublicIP - - [.......]
My Varnish Config is as below.
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
PS: I've already Google'd all links I could find and every link gives the following Varnish Config
For now to get this issue resolved, I had to bypass varnish and now website traffic is directly hitting Apache but I need to get Varnish back in place to server content from Cache and Speedy delivery.
Will appreciate if someone can guide me to how resolve this issue.
Thanks!
The above mentioned issue has been resolved. Credit goes to Mithrandir @ Varnish IRC Channel. Thanks! Below mentioned changes were required to resolve the issue.
At the start of the default.vcl add :
import std;
Below " if (req.http.x-forwarded-for) " add :
std.collect(req.http.x-forwarded-for);
Do varnish configtest & reload. This should start showing the Public IP.
Below is the explanation from the documentation of vmod_std :
collect
Prototype collect(HEADER header) Return value Void Description Collapses the header, joining the headers into one. Example std.collect(req.http.cookie); This will collapse several Cookie: headers into one, long cookie header.