Fixing REMOTE_ADDR when behind a proxy/varnish server

I had an annoyance where varnish proxy infront of a LAMP server and the LAMP server therefore thought all clients were from the varnish proxy – rather than the client’s real IP address – i.e. $_SERVER['REMOTE_ADDR'] was set to the IP address of the Varnish proxy and not that of the client’s actual IP address.

Obviously, Varnish adds the X_HTTP_FORWARDED_FOR HTTP header in when a connection comes through it; so my initial thought was to just overwrite PHP’s $_SERVER['REMOTE_ADDR'] setting. A bit of a hack and annoying – as I’d need to fix all sites, or have some sort of global prepend file (which is horrible).

I then discovered something which sorts the problem out  - RPAF

  • apt-get install libapache2-mod-rpaf
  • Edit /etc/apache2/mods-enabled/rpaf.conf and ensure your proxy server’s IP address is listed on the RPAFproxy_ips line (e.g. RPAFproxy_ips 89.16.176.x).
  • Restart Apache, and you’ll then find that the $_SERVER['REMOTE_ADDR'] value will be correct.



5 thoughts on “Fixing REMOTE_ADDR when behind a proxy/varnish server

  1. Hello

    I am planning to configure Varnish on my server to hide me server ip
    consider my server ip is and I want to configure varnish in such a way, when anyone tries to locate my server ip using any dns checker tool, it should show
    to users.

    can you tell me how can i do this. I tried alot and alot but no result.

    help needed.


  2. is a bad example as it implies that you’re trying to hide the IP from the end user.

    If you take e.g.

    Web server IP is :
    Varnish box is :

    Then you’d configure DNS for to resolve to

    You’d configure Varnish on the Varnish box to listen on and have as a backend. You can either do this through the /etc/varnish/default.vcl file, or by editing e.g. /etc/default/varnish (on Debian) and specifying something in DAEMON_OPTS (the comments should be sufficient to give you an idea of what to do)

  3. for some reasons this solution is not working
    I did as explained but remote_addr is still my cache server ip.
    x forwarded is client ip though

  4. Hi Hassan,

    I suspect you’ve not modified (e.g. /etc/apache2/mods-enabled/rpaf.conf) and specified something like :

    RPAFenable On
    RPAFsethostname On
    RPAFproxy_ips your.proxy.ip.address

    Remember to restart Apache after doing the above.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>