1

I've been running varnish (3.0.1) in front of Apache and during a spike in traffic two days ago all visitors to the site started to receive a 403 error. From Googling about I've found one thread which says this is caused by Varnish's IP being passed to Apache instead of the user's who's making the request. (see https://www.varnish-cache.org/lists/pipermail/varnish-misc/2011-March/005730.html)

The suggestion was "You could try passing the ip as x-forwarded-for"... I'm not sure what IP is being referred to (the client's?) or in fact how I'd go about doing that. Has anyone seen this before or knows how to achieve what is being suggested?

zcourts
  • 149
  • 1
  • 1
  • 7

1 Answers1

1

It is likely that your backend is only returning 403 once, but then Varnish is caching it for future requests. Yes, Varnish will cache even things you don't want it to cache such as error pages if you don't configure the VCL to do otherwise.

I can't really comment on whether your back end is rate limiting or not, but you should probably try to figure that out first before you start messing with Varnish headers to provide a solution for a problem you haven't figured out yet.

However, to answer your question, you can set the x-forwarded-for header in Varnish like so:

in vlc_recv

req.http.x-forwarded-for = client.ip
jdw
  • 3,855
  • 2
  • 17
  • 21
  • Thank you for the reply. I'll be looking into whether Apache is in fact rate limited...I don't believe varnish is serving a cached error I'll review my config when I get the chance to know for sure. – zcourts Oct 05 '11 at 04:57
  • If you want to know for sure, put this code into your vcl_deliver and then look at the X-Varnish-Cache headers. That will tell you for sure if you're getting a page from the cache or not. I would post the code here but there's no formatting in comments so it will be unreadable. Therefore I've put it in a never-expiring paste here: http://pastebin.com/x1bQ3uv9 – jdw Oct 05 '11 at 11:57