Wednesday, March 30, 2011

How can I log the client IP address on the backend in Varnish?

All I see is the IP address of the varnish server. How can I log the client IP address?

We will need to add the IP address to a header used for the backend request, and configure the backend to log the content of this header instead of the address of the connecting client (which is the varnish server).

Varnish configuration:

sub vcl_recv {
# Add a unique header containing the client address remove
req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
# [...] }

For the apache configuration, we copy the “combined” log format to a new one we call “varnishcombined”, for instance, and change the client IP field to use the content of the variable we set in the varnish configuration:

LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" varnishcombined

And so, in our virtualhost, you need to specify this format instead of “combined” (or “common”, or whatever else you use):

 ServerName www.example.com 
# [...]

CustomLog /var/log/apache2/www.example.com/access.log varnishcombined

# [...]



Reference: Varnish Website

No comments: