清漆 - 绕过 IP 地址缓存 [英] Varnish - Bypass Cache for IP Address
问题描述
我们使用的是 Varnish 3.0.3.Varnish 位于负载均衡器的后面.
We're using Varnish 3.0.3. Varnish is behind a load balancer.
我们希望绕过特定 IP 地址的 Varnish 缓存.经过研究,我发现了以下内容.不幸的是,它不起作用.
We would like to bypass the Varnish cache for a particular IP address. After doing research, I found the following. Unfortunately, it is not working.
acl passem { "7x.xxx.xxx.xxx"; }
sub vcl_recv {
if (!(client.ip ~ passem)) {
return (pass);
}
}
这出现在varnishlog
6 VCL_acl c NO_MATCH passem"
我不确定出了什么问题.我唯一能想到的是 Varnish 没有看到传入的 IP 地址.这是我在 varnishlog
中看到的.
I'm not sure what is wrong. The only thing I can think of is Varnish is not seeing the incoming IP address. This is what I see in varnishlog
.
6 RxHeader c X-Real-IP: "7x.xxx.xxx.xxx"
6 RxHeader c X-Forwarded-For: "7x.xxx.xxx.xxx"
6 SessionOpen c 10.10.10.4 58143 0.0.0.0:80
6 ReqStart c 10.10.10.4 58143 1026834560
RxHeader 正在接收正确的 IP 并匹配 acl passem
,但我不知道 acl passem
是否引用了 SessionOpen
> IP 地址,即负载均衡器的 IP 地址.
The RxHeader is receiving the correct IP and matches the acl passem
, but I don't know if acl passem
is instead referencing the SessionOpen
IP address, which is the IP address of the load balancer.
推荐答案
在 Varnish 中,"X-Real-IP"
和 "http.x-forwarded-for"
是字符串,"client.ip"
是一个对象.
In Varnish, "X-Real-IP"
and "http.x-forwarded-for"
are strings and "client.ip"
is an object.
需要额外的代码将 "X-Forwarded-For"
标头中的 IP 地址复制到 Varnish 的 client_ip 结构中.
Extra code is required to copy the IP address from the "X-Forwarded-For"
header into Varnish's client_ip structure.
以下是使其工作所需的条件.这工作成功.归功于 http://zcentric.com/2012/03/16/varnish-acl-with-x-forwarded-for-header/
Below is what was required to make it work. This worked successfully. Credit goes to http://zcentric.com/2012/03/16/varnish-acl-with-x-forwarded-for-header/
C{
#include <netinet/in.h>
#include <string.h>
#include <sys/socket.h>
#include <arpa/inet.h>
}C
acl passem { "7x.xxx.xxx.xxx"; }
sub vcl_recv {
C{
struct sockaddr_storage *client_ip_ss = VRT_r_client_ip(sp);
struct sockaddr_in *client_ip_si = (struct sockaddr_in *) client_ip_ss;
struct in_addr *client_ip_ia = &(client_ip_si->sin_addr);
char *xff_ip = VRT_GetHdr(sp, HDR_REQ, "\020X-Forwarded-For:");
if (xff_ip != NULL) {
inet_pton(AF_INET, xff_ip, client_ip_ia);
}
}C
if (!(client.ip ~ passem)) {
return (pass);
}
}
这篇关于清漆 - 绕过 IP 地址缓存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!