I had an annoyance where varnish proxy infront of a LAMP server and the LAMP server therefore thought all clients were from the varnish proxy – rather than the client’s real IP address – i.e. $_SERVER[‘REMOTE_ADDR’] was set to the IP address of the Varnish proxy and not that of the client’s actual IP address.
Obviously, Varnish adds the X_HTTP_FORWARDED_FOR HTTP header in when a connection comes through it; so my initial thought was to just overwrite PHP’s $_SERVER[‘REMOTE_ADDR’] setting. A bit of a hack and annoying – as I’d need to fix all sites, or have some sort of global prepend file (which is horrible).
I then discovered something which sorts the problem out – RPAF
- apt-get install libapache2-mod-rpaf
- Edit /etc/apache2/mods-enabled/rpaf.conf and ensure your proxy server’s IP address is listed on the RPAFproxy_ips line (e.g. RPAFproxy_ips 127.0.0.1 89.16.176.x).
- Restart Apache, and you’ll then find that the $_SERVER[‘REMOTE_ADDR’] value will be correct.
Hello
I am planning to configure Varnish on my server to hide me server ip
consider my server ip is 66.66.66.66 and I want to configure varnish in such a way, when anyone tries to locate my server ip using any dns checker tool, it should show 127.0.0.1
to users.
can you tell me how can i do this. I tried alot and alot but no result.
help needed.
Thanks
Yatin
127.0.0.1 is a bad example as it implies that you’re trying to hide the IP from the end user.
If you take e.g.
Web server IP is : 6.6.6.6
Varnish box is : 7.7.7.7
Then you’d configure DNS for your.domain.com to resolve to 7.7.7.7
You’d configure Varnish on the Varnish box to listen on 7.7.7.7 and have 6.6.6.6 as a backend. You can either do this through the /etc/varnish/default.vcl file, or by editing e.g. /etc/default/varnish (on Debian) and specifying something in DAEMON_OPTS (the comments should be sufficient to give you an idea of what to do)
for some reasons this solution is not working
I did as explained but remote_addr is still my cache server ip.
x forwarded is client ip though
Hi Hassan,
I suspect you’ve not modified (e.g. /etc/apache2/mods-enabled/rpaf.conf) and specified something like :
RPAFenable OnRPAFsethostname On
RPAFproxy_ips your.proxy.ip.address
Remember to restart Apache after doing the above.
Thanks for your blog post. Was working fine and helped to terminate some problems with payment providers in magento + varnish.
Hello david,
Like Yatin asked, I also want to hide my ip from hacker..
can you help with the same. I gone through your answer which you gave to Yatin…
“Web server IP is : 6.6.6.6
Varnish box is : 7.7.7.7
Then you’d configure DNS for your.domain.com to resolve to 7.7.7.7
You’d configure Varnish on the Varnish box to listen on 7.7.7.7 and have 6.6.6.6 as a backend. You can either do this through the /etc/varnish/default.vcl file, or by editing e.g. /etc/default/varnish (on Debian) and specifying something in DAEMON_OPTS ”
But as I am new to varnish, I am not sure how to configure this..
Please help.
Read/Edit the file /etc/default/varnish – on Debian there is sufficient documentation within the file and commented out examples to get you set on your way.