4 Nov 2012

Varnish, Ispconfig and apache2's access-log

My web server that hosts this site, is running on Debian GNU/Linux with Apache2, Varnish and the management software Ispconfig.

This combination means that the default access log, logged 127.0.0.1 as the remote address (Varnish's IP). This simple change to the file /etc/apache2/sites-available/ispconfig.conf

Change:

LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig

To:

SetEnvIf X-Forwarded-For "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$" is-forwarder

LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig_forwarded
LogFormat "%v %h %l %u %t \"%r\" %>s %B \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig env=!is-forwarder
CustomLog "| /usr/local/ispconfig/server/scripts/vlogger -s access.log -t \"%Y%m%d-access.log\" -d \"/etc/vlogger-dbi.conf\" /var/log/ispconfig/httpd" combined_ispconfig_forwarded env=is-forwarder

And add these lines to
/etc/varnish/default.vcl

sub vcl_fetch {
    ## Remove the X-Forwarded-For header if it exists.
    remove req.http.X-Forwarded-For;

    set    req.http.X-Forwarded-For = client.ip;
...

Tags: