Varnish, CloudFlare and Apache: Real Client IP

Please contact us if you need support - we're here to help!


Varnish, CloudFlare and Apache: Real Client IP



Getting Varnish, CloudFlare and Apache to play nicely with X-Forwarded-For can be a pain. However not setting this up right can cause serious PHP session problems with HTTPS requests passed through Varnish and CloudFlare to Apache. It also makes it hard to consistently get the real IP of users connecting via HTTP. This tutorial is a quick run-down on getting all of these things to play nicely and relay the real IP.

Now lets move on the Varnish. Edit your /etc/varnish/default.vcl to contain the following:

sub vcl_recv {
remove req.http.X-Forwarded-For;
if (req.http.cf-connecting-ip) {
    set req.http.X-Forwarded-For = req.http.cf-connecting-ip;
    } else {
            set req.http.X-Forwarded-For = client.ip;
        }


Instead of:

sub vcl_recv {
remove req.http.X-Forwarded-For;

set req.http.X-Forwarded-For = client.ip;
}

Those two simple steps will get Varnish to relay the real IP from CloudFlare to Apache in the form of X-Forwarded-For or X-Real-IP consistently over either the HTTP or HTTPS protocol whether or not CloudFlare is enabled for a given website on the server. If you have any thoughts, leave them in the comments below.



Article Name: Varnish, CloudFlare and Apache: Real Client IP
Author:

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article









Powered by WHMCompleteSolution

Knowledgebase

Search our Knowledgebase