Loggin ip adress of visitors with Varnish3 and Apache2 as a backend
Par alex sbille le lundi 24 mars 2014, 14:40 - System Administration Linux - Lien permanent
It is natural to find varnish public ip in apache logs but not very secure in my context, so I'll need to configure Varnish 3 using req.http.X-Forwarded-For and apache2 with mod_rpaf
With a debian like:
On the backend server
apt-get install libapache2-mod-rpaf nano /etc/apache2/mods-enabled/rpaf.conf
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header and
# update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 5.39.38.60 127.0.0.1 ::1
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
RPAFheader X-Forwarded-For
</IfModule>
service apache2 reload
On the reverse proxy / varnish server:
Insert after the start of sub vcl_recv :
if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
Then reload the configuration and verify a2 logs.
