Home / Articles / BSD / FreeBSD / Getting real IP through Varnish for Apache and PHP

Getting real IP through Varnish for Apache and PHP

Getting real IP through Varnish for Apache and PHP
Getting real IP through Varnish for Apache and PHP
  • Currently 5 out of 5 Stars.
  • 1
  • 2
  • 3
  • 4
  • 5
Rating: 5/5 (2 votes cast)

Thank you for rating!

You have already rated this page, you can only rate it once!

Your rating has been changed, thanks for rating!

Log in or create a user account to rate this page.


This article explains how to get a real IP for Apache and PHP if Varnish is used for caching site.

A simple way to do this is to define the header X-Forwarded-For via Varnish and to assign the client's IP for this header. It will provide a possibility to read this header by Apache and PHP.

The following examples show how to configure this for FreeBSD operation system. But, the configuration will stay the same for other operation systems except the paths to these configuration files.

To assign client's IP to the header, the next code needs to be added in Varnish config-file (/usr/local/etc/varnish/default.vcl):

sub vcl_recv {
  remove req.http.X-Forwarded-For;
  set req.http.X-Forwarded-For = client.ip;
  # [...]
}

It works only for Varnish version 3, for older versions "client.ip" has to be replaced by "req.http.rlnclientipaddr".

Now Apache has to write a real IP in the log files. Add the following code to VirtualHost config-file. VirtualHost needs to be used here, because varnish can be applied only for some sites on this server, because some of the sites can be without varnish. For example, Varnish can't work with SSL that means pages or sites with HTTPS won't be able to use Varnish, that means they will get the correct client IP.

Usually for FreeBSD VirtualHost config-file is placed here /usr/local/etc/apache22/extra/httpd-vhosts.conf and has to contain the following lines:

<VirtualHost *:8080>
  ServerName www.example.com
  # [...]
  LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b" varnishcombined
  CustomLog /var/log/example.com-access_log varnishcombined
  # [...]
</VirtualHost>

The same thing needs to be done for PHP. After Varnish is configured, the correct client's IP can be read in $_SERVER['HTTP_X_FORWARDED_FOR'] variable. But, by default all CMS and PHP applications read $_SERVER['REMOTE_ADDR'] variable to get the client's IP. So, we need to redefine this variable with correct client's IP. For this we need to do the following steps:

  1. Create PHP file with the code which redefines $_SERVER['REMOTE_ADDR'] variable for the whole site. And place it in system for example in Apache directory: /usr/local/etc/apache22/scripts/varnish_client_ip.php.
  2. Make Apache parse this PHP file every time before Apache parses the main file for sites which use Varnish. It can be set in VirtualHost config-file by PHP configuration directive auto_prepend_file.

Code for /usr/local/etc/apache22/scripts/varnish_client_ip.php file:

<?php

if( isset( $_SERVER[ 'HTTP_X_FORWARDED_FOR' ] ) ) {
  $_SERVER[ 'REMOTE_ADDR' ] = $_SERVER[ 'HTTP_X_FORWARDED_FOR' ];
}

?>

Code for /usr/local/etc/apache22/extra/httpd-vhosts.conf file:

<VirtualHost *:8080>
  ServerName www.example.com
  # [...]
  <Directory "/usr/local/www/example_com">
    php_value auto_prepend_file "/usr/local/etc/apache22/scripts/varnish_client_ip.php"
    # [...]
  </Directory>
  # [...]
</VirtualHost>


Read also

Install Apache in FreeBSD

Install Apache in FreeBSD

Installing PHP and PHP extensions on FreeBSD

Installing PHP and PHP extensions on FreeBSD

Discussion (total 2 comments)

Leandro
May 27, 2014 at 04:13 pm
Hi,
It was very usefull, but to work in joomla, you have to append the varnish_client_ip.php but in the code you sould not close the php file.

This sould be the code
<?php

if( isset( $_SERVER[ 'HTTP_X_FORWARDED_FOR' ] ) ) {
  $_SERVER[ 'REMOTE_ADDR' ] = $_SERVER[ 'HTTP_X_FORWARDED_FOR' ];
}
(without the ?>)

Thanks for the article
Administrator User
Administrator User
May 28, 2014 at 06:17 am
Good! Thanks for info!

Log in or create a user account to post a comment.

easyos.net
117217982212577402640

Quick navigation

General navigation