Mailing List Archive

Hi,

The snippet is legacy code for v3, and it's now useless/counter-productive
in v4.

--
Guillaume Quintard

On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas <Niklas.Donath@lvdigital.de>
wrote:

> Hi there,
>
>
>
> actually, i am in a migration project from varnish 3 to varnish 4.0, and i
> was confused about the x-forwarded-for header settings in varnish 4.0:
>
> in the official doc, it says that x-forwarded-for is automatically set,
> like it is obvious in the source code: https://github.com/
> varnishcache/varnish-cache/blob/4.0/bin/varnishd/cache/
> cache_req_fsm.c#L724
>
>
>
> But a lot of people are adding a snippet for vcl_recv like
>
>
>
> if (req.restarts == 0) {
>
> if (req.http.X-Forwarded-For) {
>
> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " +
> client.ip;
>
> } else {
>
> set req.http.X-Forwarded-For = client.ip;
>
> }
>
> }
>
>
>
> Which, from my point of view, is the same implementation as it already
> should exist as the docs say. I currently do not have a LB/proxy
> infrastructure to test it, so maybe someone can clear this up, if
> x-forwarded-for is automatically set by varnish before executing the
> vcl_recv from my custom .vcl-file, or if the given snippet is required to
> set the real user ip for x-forwarded-for.
>
>
>
> Thank you very much!
>
>
>
> Greetings, Niklas
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Hello,

Why is this part if code useless ?
Is that because this code is in the builtin.vcl ?

Thanks

Le 14 févr. 2017 10:10 AM, "Guillaume Quintard" <
guillaume@varnish-software.com> a écrit :

> Hi,
>
> The snippet is legacy code for v3, and it's now useless/counter-productive
> in v4.
>
> --
> Guillaume Quintard
>
> On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas <
> Niklas.Donath@lvdigital.de> wrote:
>
>> Hi there,
>>
>>
>>
>> actually, i am in a migration project from varnish 3 to varnish 4.0, and
>> i was confused about the x-forwarded-for header settings in varnish 4.0:
>>
>> in the official doc, it says that x-forwarded-for is automatically set,
>> like it is obvious in the source code: https://github.com/varnishcach
>> e/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724
>>
>>
>>
>> But a lot of people are adding a snippet for vcl_recv like
>>
>>
>>
>> if (req.restarts == 0) {
>>
>> if (req.http.X-Forwarded-For) {
>>
>> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " +
>> client.ip;
>>
>> } else {
>>
>> set req.http.X-Forwarded-For = client.ip;
>>
>> }
>>
>> }
>>
>>
>>
>> Which, from my point of view, is the same implementation as it already
>> should exist as the docs say. I currently do not have a LB/proxy
>> infrastructure to test it, so maybe someone can clear this up, if
>> x-forwarded-for is automatically set by varnish before executing the
>> vcl_recv from my custom .vcl-file, or if the given snippet is required to
>> set the real user ip for x-forwarded-for.
>>
>>
>>
>> Thank you very much!
>>
>>
>>
>> Greetings, Niklas
>>
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Hey Nicolas,

This is done before vcl_recv is called in varnishd code:

https://github.com/varnishcache/varnish-cache/blob/varnish-4.0.0/bin/varnishd/cache/cache_req_fsm.c#L719-L728

--
Reza Naghibi
Varnish Software

On Thu, Feb 16, 2017 at 4:42 PM, Nicolas Delmas <colas.delmas@gmail.com>
wrote:

> Hello,
>
> Why is this part if code useless ?
> Is that because this code is in the builtin.vcl ?
>
> Thanks
>
> Le 14 févr. 2017 10:10 AM, "Guillaume Quintard" <
> guillaume@varnish-software.com> a écrit :
>
>> Hi,
>>
>> The snippet is legacy code for v3, and it's now
>> useless/counter-productive in v4.
>>
>> --
>> Guillaume Quintard
>>
>> On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas <
>> Niklas.Donath@lvdigital.de> wrote:
>>
>>> Hi there,
>>>
>>>
>>>
>>> actually, i am in a migration project from varnish 3 to varnish 4.0, and
>>> i was confused about the x-forwarded-for header settings in varnish 4.0:
>>>
>>> in the official doc, it says that x-forwarded-for is automatically set,
>>> like it is obvious in the source code: https://github.com/varnishcach
>>> e/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724
>>>
>>>
>>>
>>> But a lot of people are adding a snippet for vcl_recv like
>>>
>>>
>>>
>>> if (req.restarts == 0) {
>>>
>>> if (req.http.X-Forwarded-For) {
>>>
>>> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " +
>>> client.ip;
>>>
>>> } else {
>>>
>>> set req.http.X-Forwarded-For = client.ip;
>>>
>>> }
>>>
>>> }
>>>
>>>
>>>
>>> Which, from my point of view, is the same implementation as it already
>>> should exist as the docs say. I currently do not have a LB/proxy
>>> infrastructure to test it, so maybe someone can clear this up, if
>>> x-forwarded-for is automatically set by varnish before executing the
>>> vcl_recv from my custom .vcl-file, or if the given snippet is required to
>>> set the real user ip for x-forwarded-for.
>>>
>>>
>>>
>>> Thank you very much!
>>>
>>>
>>>
>>> Greetings, Niklas
>>>
>>>
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc@varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Thank you.
I will look your link, maybe I have other useless code in my configuration
files



Le 16 févr. 2017 11:14 PM, "Reza Naghibi" <reza@varnish-software.com> a
écrit :

> Hey Nicolas,
>
> This is done before vcl_recv is called in varnishd code:
>
> https://github.com/varnishcache/varnish-cache/blob/varnish-4.0.0/bin/
> varnishd/cache/cache_req_fsm.c#L719-L728
>
> --
> Reza Naghibi
> Varnish Software
>
> On Thu, Feb 16, 2017 at 4:42 PM, Nicolas Delmas <colas.delmas@gmail.com>
> wrote:
>
>> Hello,
>>
>> Why is this part if code useless ?
>> Is that because this code is in the builtin.vcl ?
>>
>> Thanks
>>
>> Le 14 févr. 2017 10:10 AM, "Guillaume Quintard" <
>> guillaume@varnish-software.com> a écrit :
>>
>>> Hi,
>>>
>>> The snippet is legacy code for v3, and it's now
>>> useless/counter-productive in v4.
>>>
>>> --
>>> Guillaume Quintard
>>>
>>> On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas <
>>> Niklas.Donath@lvdigital.de> wrote:
>>>
>>>> Hi there,
>>>>
>>>>
>>>>
>>>> actually, i am in a migration project from varnish 3 to varnish 4.0,
>>>> and i was confused about the x-forwarded-for header settings in varnish 4.0:
>>>>
>>>> in the official doc, it says that x-forwarded-for is automatically set,
>>>> like it is obvious in the source code: https://github.com/varnishcach
>>>> e/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724
>>>>
>>>>
>>>>
>>>> But a lot of people are adding a snippet for vcl_recv like
>>>>
>>>>
>>>>
>>>> if (req.restarts == 0) {
>>>>
>>>> if (req.http.X-Forwarded-For) {
>>>>
>>>> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", "
>>>> + client.ip;
>>>>
>>>> } else {
>>>>
>>>> set req.http.X-Forwarded-For = client.ip;
>>>>
>>>> }
>>>>
>>>> }
>>>>
>>>>
>>>>
>>>> Which, from my point of view, is the same implementation as it already
>>>> should exist as the docs say. I currently do not have a LB/proxy
>>>> infrastructure to test it, so maybe someone can clear this up, if
>>>> x-forwarded-for is automatically set by varnish before executing the
>>>> vcl_recv from my custom .vcl-file, or if the given snippet is required to
>>>> set the real user ip for x-forwarded-for.
>>>>
>>>>
>>>>
>>>> Thank you very much!
>>>>
>>>>
>>>>
>>>> Greetings, Niklas
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> varnish-misc mailing list
>>>> varnish-misc@varnish-cache.org
>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>
>>>
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc@varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
>

Hi,

On 14.02.2017 09:41, Guillaume Quintard wrote:
> Hi,
>
> The snippet is legacy code for v3, and it's now
> useless/counter-productive in v4.

why is the x-forwarded-for-handling now in the source-code? I still use
v3 and have modified it in the vcl-code. If I want to use v4 how can I
modify it?

Thanks and regards

Olli

>
> --
> Guillaume Quintard
>
> On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas
> <Niklas.Donath@lvdigital.de <mailto:Niklas.Donath@lvdigital.de>> wrote:
>
> Hi there,____
>
> __ __
>
> actually, i am in a migration project from varnish 3 to varnish 4.0,
> and i was confused about the x-forwarded-for header settings in
> varnish 4.0:____
>
> in the official doc, it says that x-forwarded-for is automatically
> set, like it is obvious in the source code:
> https://github.com/varnishcache/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724
> <https://github.com/varnishcache/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724>____
>
> __ __
>
> But a lot of people are adding a snippet for vcl_recv like____
>
> __ __
>
> if (req.restarts == 0) {____
>
> if (req.http.X-Forwarded-For) {____
>
> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ",
> " + client.ip;____
>
> } else {____
>
> set req.http.X-Forwarded-For = client.ip;____
>
> }____
>
> }____
>
> __ __
>
> Which, from my point of view, is the same implementation as it
> already should exist as the docs say. I currently do not have a
> LB/proxy infrastructure to test it, so maybe someone can clear this
> up, if x-forwarded-for is automatically set by varnish before
> executing the vcl_recv from my custom .vcl-file, or if the given
> snippet is required to set the real user ip for x-forwarded-for.____
>
> __ __
>
> Thank you very much!____
>
> __ __
>
> Greetings, Niklas____
>
> __ __
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org <mailto:varnish-misc@varnish-cache.org>
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
> <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
>
>
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>


--
Dipl. Inf. (FH) Oliver Joa
Systems, Zeitbeauftragter | Web Technology Systems | vwd group

vwd Vereinigte Wirtschaftsdienste GmbH
Karl-G?tz-Stra?e 5 | 97424 Schweinfurt
Telefon: +49 9721 499895-62 | Telefax: +49 9721 499895-77
ojoa@vwd.com | www.vwd.com
__________________________________________________________________
vwd Vereinigte Wirtschaftsdienste GmbH
Sitz der Gesellschaft: Tilsiter Stra?e 1 | 60487 Frankfurt am Main
Handelsregister: B Frankfurt am Main HRB 100445
Gesch?ftsf?hrung: Martin Gijssel (CEO), Udo Kersting

**********************************************************************************************

Der Inhalt dieser E-Mail ist ausschlie?lich f?r den bezeichneten Adressaten bestimmt.
Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen Vertreter sein
sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme, Ver?ffentlichung,
Vervielf?ltigung oder Weitergabe des Inhalts dieser E-Mail unzul?ssig ist. Wir bitten
Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu setzen.

The content of this e-mail is meant exclusively for the person to whom it is addressed.
If you are not the person to whom this e-mail is addressed or his/her representative,
please be informed that any form of knowledge, publication, duplication or distribution
of the content of this e-mail is inadmissible. In such cases we kindly ask you to contact
the sender of this e-mail.

**********************************************************************************************

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc

You can modify it as you normally would in vcl_recv, by setting
req.http.X-Forwarded-For. Note the header may contain two IP addresses
depending on your stack, and only one should typically be passed to the
backend for proper logging.

On Fri, Feb 17, 2017 at 12:32 AM, Oliver Joa <ojoa@vwd.com> wrote:

> Hi,
>
> On 14.02.2017 09:41, Guillaume Quintard wrote:
>
>> Hi,
>>
>> The snippet is legacy code for v3, and it's now
>> useless/counter-productive in v4.
>>
>
> why is the x-forwarded-for-handling now in the source-code? I still use
> v3 and have modified it in the vcl-code. If I want to use v4 how can I
> modify it?
>
> Thanks and regards
>
> Olli
>
>
>> --
>> Guillaume Quintard
>>
>> On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas
>> <Niklas.Donath@lvdigital.de <mailto:Niklas.Donath@lvdigital.de>> wrote:
>>
>> Hi there,____
>>
>> __ __
>>
>> actually, i am in a migration project from varnish 3 to varnish 4.0,
>> and i was confused about the x-forwarded-for header settings in
>> varnish 4.0:____
>>
>> in the official doc, it says that x-forwarded-for is automatically
>> set, like it is obvious in the source code:
>> https://github.com/varnishcache/varnish-cache/blob/4.0/bin/
>> varnishd/cache/cache_req_fsm.c#L724
>> <https://github.com/varnishcache/varnish-cache/blob/4.0/bin/
>> varnishd/cache/cache_req_fsm.c#L724>____
>>
>> __ __
>>
>> But a lot of people are adding a snippet for vcl_recv like____
>>
>> __ __
>>
>> if (req.restarts == 0) {____
>>
>> if (req.http.X-Forwarded-For) {____
>>
>> set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ",
>> " + client.ip;____
>>
>> } else {____
>>
>> set req.http.X-Forwarded-For = client.ip;____
>>
>> }____
>>
>> }____
>>
>> __ __
>>
>> Which, from my point of view, is the same implementation as it
>> already should exist as the docs say. I currently do not have a
>> LB/proxy infrastructure to test it, so maybe someone can clear this
>> up, if x-forwarded-for is automatically set by varnish before
>> executing the vcl_recv from my custom .vcl-file, or if the given
>> snippet is required to set the real user ip for x-forwarded-for.____
>>
>> __ __
>>
>> Thank you very much!____
>>
>> __ __
>>
>> Greetings, Niklas____
>>
>> __ __
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org <mailto:varnish-misc@varnish-cache.org
>> >
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>> <https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc>
>>
>>
>>
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>>
>
> --
> Dipl. Inf. (FH) Oliver Joa
> Systems, Zeitbeauftragter | Web Technology Systems | vwd group
>
> vwd Vereinigte Wirtschaftsdienste GmbH
> Karl-Götz-Straße 5 | 97424 Schweinfurt
> Telefon: +49 9721 499895-62 | Telefax: +49 9721 499895-77
> ojoa@vwd.com | www.vwd.com
> __________________________________________________________________
> vwd Vereinigte Wirtschaftsdienste GmbH
> Sitz der Gesellschaft: Tilsiter Straße 1 | 60487 Frankfurt am Main
> Handelsregister: B Frankfurt am Main HRB 100445
> Geschäftsführung: Martin Gijssel (CEO), Udo Kersting
>
> ************************************************************
> **********************************
>
> Der Inhalt dieser E-Mail ist ausschließlich für den bezeichneten
> Adressaten bestimmt.
> Wenn Sie nicht der vorgesehene Adressat dieser E-Mail oder dessen
> Vertreter sein
> sollten, so beachten Sie bitte, dass jede Form der Kenntnisnahme,
> Veröffentlichung,
> Vervielfältigung oder Weitergabe des Inhalts dieser E-Mail unzulässig ist.
> Wir bitten
> Sie, sich in diesem Fall mit dem Absender der E-Mail in Verbindung zu
> setzen.
>
> The content of this e-mail is meant exclusively for the person to whom it
> is addressed.
> If you are not the person to whom this e-mail is addressed or his/her
> representative,
> please be informed that any form of knowledge, publication, duplication or
> distribution
> of the content of this e-mail is inadmissible. In such cases we kindly ask
> you to contact
> the sender of this e-mail.
>
> ************************************************************
> **********************************
>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>

Hello,

Joining the discussion a bit late, but still...

On Tue, Feb 14, 2017 at 9:20 AM, Donath, Niklas
<Niklas.Donath@lvdigital.de> wrote:
> Hi there,
>
> actually, i am in a migration project from varnish 3 to varnish 4.0, and i
> was confused about the x-forwarded-for header settings in varnish 4.0:

I strongly recommend moving directly to 4.1, it's the same amount of
effort if you come from 3.0 anyway, with better support.

> in the official doc, it says that x-forwarded-for is automatically set, like
> it is obvious in the source code:
> https://github.com/varnishcache/varnish-cache/blob/4.0/bin/varnishd/cache/cache_req_fsm.c#L724
>
>
>
> But a lot of people are adding a snippet for vcl_recv like

Yes, people sometimes miss changes, especially during a migration or
when docs for older versions are better referenced.

> Which, from my point of view, is the same implementation as it already
> should exist as the docs say. I currently do not have a LB/proxy
> infrastructure to test it, so maybe someone can clear this up, if
> x-forwarded-for is automatically set by varnish before executing the
> vcl_recv from my custom .vcl-file, or if the given snippet is required to
> set the real user ip for x-forwarded-for.

You nailed the core code that does it, why even doubt? If you really
need to clear your doubts run varnishlog, capture a transaction, and
you will see that xff is set before entering vcl_recv for 4.0+.

Dridi

_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc