Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Wordpress Permalinks - CentoOS 7 Question Question
WP Super Cache - CentOS 7 Question Question

Question

Real client IP from varnish in apache

Posted September 23, 2015 18.6k views
ApacheWordPressLAMP Stack

Hi DO Community,

I have 2 droplet,

serverA - varnish
serverB - LAMP (wordpress)

My LAMP show serverA private IP instead of real client IP. How I can get real client IP in this situation?

Thank you.

Add a comment
toyen
By:
toyen

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Wordpress Permalinks - CentoOS 7 Question Question
WP Super Cache - CentOS 7 Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
asb June 16, 2016

In order to have Varnish pass on the real client IP to your Apache access log, you’ll need to edit your Varnish configuration (/etc/varnish/default.vcl on Ubuntu) to add an X-Forwarded-For header. Find the vcl_recv section and added the following:

sub vcl_recv {
  unset req.http.X-Forwarded-For;
  set req.http.X-Forwarded-For = client.ip;
}

(Note: If you are using Varnish < 4.0 change unset to remove as the syntax is different.)

Than, in your Apache Virtual Host, set a CustomLog format:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{User-agent}i\"" varnishcombined
CustomLog ${APACHE_LOG_DIR}/access.log varnishcombined

Finally, restart both Apache and Varnish for the changes to take effect:

  • sudo service varnish restart

  • sudo service apache2 restart
Reply Report
  • shadowxgws June 20, 2017

    Very useful, but…

    What about error.log? If I have to be more specific, what about basic authentication errors, such as: [auth_basic:error] [pid 23784] [client 127.0.0.1:46904] AH01618: user foo not found: /phpmyadmin/

    They still show 127.0.0.1 and fail2ban apache jail is useless.

    Reply Report

Related

Looking for something else?

Ask a new question Search for more help