How To Forward IP Header Varnish Apache

From wiki.mikejung.biz
Jump to: navigation, search

Example of logging problem[edit]

If you have Apache logs that look like this, and are frustrated by the lack of information due to the same IP being logged every time, then you have come to the right place. Below is an example of what my logs looked like before I applied the changes listed below.

127.0.0.1 - - [01/Dec/2014:12:54:46 -0500] "GET /skins/lol31.png HTTP/1.1" 200 4200 "http://biz.biz/index.php?title=Load_Balancing" "Mozilla/5.0"


Varnish 4.0 Forward IP Header to Apache VCL[edit]

You will need to modify Varnish default.vcl . This should be all you need to do to configure Varnish to pass along the original IP to Apache. If you don't do this then all your apache logs will have 127.0.0.1 in them and not the actual IP making the request.

vim /etc/varnish/default.vcl

Add this under vcl_recv

sub vcl_recv {
    # Happens before we check if we have this in cache already.
    #
    # Typically you clean up the request here, removing cookies you don't need,
    # rewriting the request, etc.

if (req.restarts == 0) {
    if (req.http.X-Forwarded-For) {
        set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
    } else {
        set req.http.X-Forwarded-For = client.ip;
    }
}
}

Apache mod_remoteip Configuration[edit]

For a cPanel server you would edit this file: /usr/local/apache/conf/includes/pre_virtualhost_global.conf'. If you are not using cPanel then just add this to the includes file you are using, or create a new one and add the location in the main httpd.conf file. If you run Apache and Varnish on the same server then use 127.0.0.1, if Varnish is listening on a different server then enter in the IP that apache uses to serve requests to varnish.

<IfModule mod_remoteip.c>
   RemoteIPHeader X-Forwarded-For
   RemoteIPInternalProxy 127.0.0.1
</IfModule>

Apache Logging Configuration for forwarded IP headers[edit]

You can either update the "combined" log format, or just create a new format, give it a name, then update the CustomLog to use the new name.

    LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combinedvarnish
    CustomLog /usr/local/apache/domlogs/$domain.biz combinedvarnish

It is not working