如何禁用 varnish X Forwarded For 标头

如何禁用 varnish X Forwarded For 标头

我正在使用 nginx <=> varnish <=> apache

我正在通过 nginx 将客户端 IP 传递给 varnishproxy_set_header X-Forwarded-For $remote_addr;

但是 varnish 还将 X-Forwarded-For 添加为 127.0.0.1,因此 apache 显示基于逗号的 2 个 IP。

我只需要 nginx 发送 IP,我只想禁用 varnish 添加 127.0.0.1

varnish 版本 3.0.0 这里是 default.vcl

后端默认 { .host = “204.29.58.4”; .port = “80”; } sub vcl_recv { if (req.http.Range) { return(pipe); } }

答案1

默认vcl_recv函数(附加到您的函数)包含以下内容:

 if (req.restarts == 0) {
   if (req.http.x-forwarded-for) {
       set req.http.X-Forwarded-For =
           req.http.X-Forwarded-For + ", " + client.ip;
   } else {
       set req.http.X-Forwarded-For = client.ip;
   }
 }

..这会修改标头。为了防止这种情况发生,您应该将其vcl_recv实现为始终返回的完整函数,而不是依赖于附加默认行为,其中包含您不想要的配置。如下所示:

sub vcl_recv {
    if (req.http.Range) {
      return(pipe);
    }
    if (req.request != "GET" &&
      req.request != "HEAD" &&
      req.request != "PUT" &&
      req.request != "POST" &&
      req.request != "TRACE" &&
      req.request != "OPTIONS" &&
      req.request != "DELETE") {
        /* Non-RFC2616 or CONNECT which is weird. */
        return (pipe);
    }
    if (req.request != "GET" && req.request != "HEAD") {
        /* We only deal with GET and HEAD by default */
        return (pass);
    }
    if (req.http.Authorization || req.http.Cookie) {
        /* Not cacheable by default */
        return (pass);
    }
    return (lookup);
}

相关内容