Workaround for Varnish X-Forwarded-For bug
- Former user (Deleted)
- Anonymous
Owned by Former user (Deleted)
Varnish currently has a bug that causes it to always add a new X-Forwarded-For header instead of appending when there is an existing one. This causes problems when Varnish is not the closest trusted server to every client. This workaround requires Pressflow 6.15.67 or later.
On the Varnish side
Add the following to your VCL and restart Varnish.
[...]
sub vcl_recv {
// Pipe and backend configuration here.
[...]
// Rename the incoming XFF header to work around a Varnish bug.
if (req.http.X-Forwarded-For) {
// Append the client IP
set req.http.X-Real-Forwarded-For = req.http.X-Forwarded-For ", " regsub(client.ip, ":.*", "");
unset req.http.X-Forwarded-For;
}
else {
// Simply use the client IP
set req.http.X-Real-Forwarded-For = regsub(client.ip, ":.*", "");
}
[...]
// Remaining configuration here.
}
[...]
On the Pressflow side
Add the following to the bottom of your settings.php file.
[...] $conf['x_forwarded_for_header'] = 'X_REAL_FORWARDED_FOR';