VMOD_REMOTEIP
NAMESYNOPSIS
DESCRIPTION
EXAMPLE
COPYRIGHT
NAME
vmod_remoteip - Return probable IP address based on request headers
SYNOPSIS
import remoteip [as name] [from "path"] STRING get(ACL acl, STRING header)
DESCRIPTION
This module is for Varnish Cache what mod_remoteip is for Apache. It determines the actual client IP address for the connection, using the useragent IP address list presented by a proxies or a load balancer via the request headers and a preconfigred list of trusted IP addresses. For example, if your Varnish server works behind a load balancer or yet another reverse proxy (such as pound or haproxy to handle the TLS connection), you can use this module to get the real incoming connection IP address from the X-Forwarded-For header.
STRING
get(ACL acl, STRING header)
Description
The header argument is the value of the X-Forwarded-For or a similar header, i.e. a comma-delimited list of useragent IP addresses with optional whitespace around them. The function scans this list from right to left, comparing each address with the trusted IPs from the acl argument. Processing halts when the IP address is not found in that list or when the list is exhausted. In the latter case, the first address from the header list is returned.
EXAMPLE
acl trusted {
"192.0.2.1";
"127.0.0.0/8";
}
sub vcl_recv {
set req.http.x-real-ip = remoteip.get(acl, req.http.X-Forwarded-For);
...
}
COPYRIGHT
Copyright (C)
Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and
redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Manpage server at man.gnu.org.ua.
Powered by mansrv 1.1