blob: e1c81f6fb2cb2e4cc3d166ec213f24860daf00f6 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
|
$Module remoteip 3 "Return probable IP address based on request headers"
DESCRIPTION
===========
This module is for Varnish Cache what mod_remoteip is for Apache. It
determines the actual client IP address for the connection, using the
useragent IP address list presented by a proxies or a load balancer
via the request headers and a preconfigred list of trusted IP
addresses. For example, if your Varnish server works behind a load
balancer or yet another reverse proxy (such as pound or haproxy to
handle the TLS connection), you can use this module to get the real
incoming connection IP address from the **X-Forwarded-For** header.
$Function STRING get(ACL acl, STRING header)
Description
The **header** argument is the value of the **X-Forwarded-For**
or a similar header, i.e. a comma-delimited list of useragent
IP addresses with optional whitespace around them. The
function scans this list from right to left, comparing each
address with the trusted IPs from the *acl* argument. Processing
halts when the IP address is not found in that list or when the
list is exhausted. In the latter case, the first address from the
**header** list is returned.
EXAMPLE
=======
::
acl trusted {
"192.0.2.1";
"127.0.0.0/8";
}
sub vcl_recv {
set req.http.x-real-ip = remoteip.get(acl, req.http.X-Forwarded-For);
...
}
COPYRIGHT
=========
| Copyright (C) Sergey Poznyakoff
| License GPLv3+: GNU GPL version 3 or later
| <http://gnu.org/licenses/gpl.html>
| This is free software: you are free to change and redistribute it.
| There is NO WARRANTY, to the extent permitted by law.
|
