]] Poul-Henning Kamp > I've been thinking about something like this: > > remote.ip // [IP Other end of TCP connection > remote.port // [INT Our sockets peer-address > > local.ip // [IP own end of the TCP connection > local.port // [INT sockets local address > > > client.ip // [IP] Which IP$ client to connected to our end from. > // if proto == PROXY > // set from PROXY.hdr > // else > // set from remote.ip > > server.ip // [IP] Which IP# client connected to in our end. > server.port // [INT] > // if proto == PROXY > // set from PROXY.hdr > // else > // set from our.*
These work for me. > client.identity // Best case ultimate client identity > // if X-F-F: > // set from X-F-F > // else > // set from client.ip > > I'm somewhat tempted to make client.identity a STRING, rather than > an IP, to make it clear to people that running it through an ACL > is a bad idea. client.identity is already a string, and I don't think we should set it from X-F-F, but rather just client.ip. It can be trivially overridden if the sysadmin wants that. -- Tollef Fog Heen Technical lead | Varnish Software AS 📞: +47 21 98 92 64 We Make Websites Fly! _______________________________________________ varnish-dev mailing list [email protected] https://www.varnish-cache.org/lists/mailman/listinfo/varnish-dev
