VMOD

NAME
SYNOPSIS
DESCRIPTION
EXAMPLE
COPYRIGHT

NAME

VMOD remoteip - Return probable IP address based on request headers

SYNOPSIS

import remoteip [as name] [from "path"]

VOID init(STRING trusted)

STRING get(STRING header)

DESCRIPTION

This modules is for Varnish Cache what mod_remoteip is for Apache. It determines the actual client IP address for the connection, using the useragent IP address list presented by a proxies or a load balancer via the request headers and a preconfigred list of trusted IP addresses. For example, if your Varnish server works behind a load balancer or yet another reverse proxy (such as pound or haproxy to handle the TLS connection), you can use this module to get the real incoming connection IP address from the X-Forwarded-For header.

VOID init(STRING trusted)
Description

Initializes the module. The trusted argument is a string containing comma-separated list of IP addresses of hosts which are trusted to correctly set the value of the X-Forwarded-For header (or other header whose value is used as argument in the remoteip.get call, which is described below). Arbitrary amount of whitespace is allowed to surround each address. Each address cna be a valid IPv4 or IPv6 address, optionally followed by a slash and the netmask or netmask length.

STRING get(STRING header)
Description

The header argument is the value of the X-Forwarded-For or a similar header, i.e. a comma-delimited list of useragent IP addresses with optional whitespace around them. The function scans this list from right to left, comparing each address with the trusted IP address list, configured with a prior call to init. Processing halts when the IP address is not found in that list or when the list is exhausted. In the latter case, the first address from the header list is returned.

EXAMPLE

sub vcl_init {
    remoteip.init("192.0.2.1, 127.0.0.0/8");
}


sub vcl_recv {
    set resp.http.x-real-ip = remoteip.get(resp.http.X-Forwarded-For);
    ...
}

COPYRIGHT

Copyright (C) Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.


Manpage server at man.gnu.org.ua.

Powered by mansrv 1.1