如何禁用varnish X Forwarded For header

heb*_*878 4 nginx varnish apache-2.2

我正在使用 nginx <=> 清漆 <=> apache

我正在通过 nginx proxy_set_header X-Forwarded-For $remote_addr将客户端 IP 传递给 varnish

但是清漆也将 X-Forwarded-For 添加为 127.0.0.1,因此 apache 显示基于逗号的 2 个 IP。

我只需要 nginx 发送 IP 我想禁用添加 127.0.0.1 的清漆

这里的清漆版本 3.0.0 是 default.vcl

后端默认 { .host = "204.29.58.4"; .port = "80"; } sub vcl_recv { if (req.http.Range) { return(pipe); } }

Sha*_*den 7

默认vcl_recv函数(附加到您的函数中)包含以下内容:

 if (req.restarts == 0) {
   if (req.http.x-forwarded-for) {
       set req.http.X-Forwarded-For =
           req.http.X-Forwarded-For + ", " + client.ip;
   } else {
       set req.http.X-Forwarded-For = client.ip;
   }
 }
Run Code Online (Sandbox Code Playgroud)

..这是修改标题。为了防止这种情况发生,您应该将您的vcl_recv实现作为一个始终返回的完整函数,而不是依赖于包含您不想要的配置的默认行为的附加。像这样的东西:

sub vcl_recv {
    if (req.http.Range) {
      return(pipe);
    }
    if (req.request != "GET" &&
      req.request != "HEAD" &&
      req.request != "PUT" &&
      req.request != "POST" &&
      req.request != "TRACE" &&
      req.request != "OPTIONS" &&
      req.request != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
    }
    if (req.request != "GET" && req.request != "HEAD") {
        /* We only deal with GET and HEAD by default */
        return (pass);
    }
    if (req.http.Authorization || req.http.Cookie) {
        /* Not cacheable by default */
        return (pass);
    }
    return (lookup);
}
Run Code Online (Sandbox Code Playgroud)