I have a web stack which consists of CloudFront->Origin->Varnish->Apache and am running into some issues with the way IP addresses are being modified on the way through. One of our requirements is to do some work based on the users geographic region. For this I am using the GeoIP plugin for varnish which was doing a great job (https://github.com/varnish/libvmod-geoip).
With CloudFront in the mix, I am now seeing the X-Forwarded-For header being appended to with what I assume is the cloudfront IP address. This is causing the IP lookup to fail. Is there a way to stop CloudFront from appending to that header or is there a way in the VCL to split the IP addresses by comma and iterate through them? This would at least allow me to handle lookup success with some fallback logic. At the moment I am just calling
if (req.http.x-forwarded-for) {
set req.http.X-Country-Code = geoip.country_code(req.http.X-Forwarded-For);
}
Thanks!
