how to disable varnish X Forwarded For header

i am using nginx <=> varnish <=> apache

i am passing client IP to varnish via nginx proxy_set_header X-Forwarded-For $remote_addr;

but varnish also adding X-Forwarded-For as 127.0.0.1 so apache showing 2 IPs comma based.

i need IP send by nginx only i want to disable varnish adding 127.0.0.1

varnish version 3.0.0 here is default.vcl

backend default { .host = "204.29.58.4"; .port = "80"; } sub vcl_recv { if (req.http.Range) { return(pipe); } }


Solution 1:

The default vcl_recv function (which is appended to yours) contains this:

 if (req.restarts == 0) {
   if (req.http.x-forwarded-for) {
       set req.http.X-Forwarded-For =
           req.http.X-Forwarded-For + ", " + client.ip;
   } else {
       set req.http.X-Forwarded-For = client.ip;
   }
 }

..which is modifying the header. To prevent this from happening, you should have your vcl_recv implemented as a full function that always returns, instead of depending on the appending of the default behavior, which contains config that you don't want. Something like this:

sub vcl_recv {
    if (req.http.Range) {
      return(pipe);
    }
    if (req.request != "GET" &&
      req.request != "HEAD" &&
      req.request != "PUT" &&
      req.request != "POST" &&
      req.request != "TRACE" &&
      req.request != "OPTIONS" &&
      req.request != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
    }
    if (req.request != "GET" && req.request != "HEAD") {
        /* We only deal with GET and HEAD by default */
        return (pass);
    }
    if (req.http.Authorization || req.http.Cookie) {
        /* Not cacheable by default */
        return (pass);
    }
    return (lookup);
}