Reaching out to others! Free & Open Source Software, Kannada, L10n, L18n Data Science, Cloud Computing & more…

Loging Varnish client IP in Apache logs

When you have a varnish server infront of your Apache server, you will be reverse proxying the requests. This will mark your varnish’s servers ip as the client in apache logs. To let apache know the real client’s ip we can user mod_rpaf module needs to be loaded. Use the following steps to install mod_rpaf module on your apache server.

tar xvfz mod_rpaf-0.6.tar.gz
cd mod_rpaf-0.6
sed -ie ‘s/apxs2/apxs/’ Makefile
make rpaf-2.0
make install-2.0

Once the installation is done, we need to add the following configuration apache configuration file to enable the module.

LoadModule rpaf_module modules/

RPAFenable On
RPAFsethostname On
RPAFheader X-Forwarded-For

RPAFproxy_ips can be multiple IP address and it’s IP from your reverse proxy.


Replace with your varnish servers ips.

Add the following LogFormat to apache configuration file (httpd.conf)

LogFormat “%{X-Forwarded-For}i %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” varnishcombined

In the VirtualHost entry of your domain use varnishcombined as logformat for access logs.

In varnish (3.0.x) default.vlc file under vlc_recv{} add following lines:

if (req.restarts == 0) {
if (req.http.X-Forwarded-For) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For + “, ” + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;

restart apache and httpd to finish with.

You should now start seeing the actual client’s ip in apache logs as well.

Source: varnish, stackoverflow, etc

Weird the way we find solutions: Story of CloudFlare, CSF, DAAP, Nagios and Myself

Strange the way I was continuously blocked by my server for port scanning. Never realized that a tiny little extension of attached to Google Chrome could be this much heart throbbing. Little did I realize that the settings to check for updates set to 1 mins could kick me off from the shell permanently. that keeps a check on intruders found the owner himself to catch this time.

It was really crazy day-by-day and started recreating the issue by hopping into logs, figuring that the request coming back to a specific port on my desktop has been the route cause.

Hey listen, I don’t download things with torrent so often. Then what else that could be bothering so much? The google search points to a harmless creative entertainer on my desktop ‘banshee’s plugin and there I go, disabled and even removed the extensions connecting to external world.

No go at all! Here it blocks again. Lets block the incoming port on my desktop. -uff yeah , never used to turn it on before but no go. Put a red signal and say – never come back again. It was just about to scream out louder. Realized that the name that I use to connect no more pings back to my server. It goes on to the and lives for ever on . – Yes, the tiny little change that was made to my domain. has taken over my DNS and I no more control the way my names work.

All that I had to do is to provide the ip instead of random dns name to get off the hook of CSF and continue browsing.

– Finding it funny and not clear – I was in the same condition when I started fixing this issue. You might figure it out little later. Keep reading.

Tags: , , , , , ,