https://bugzilla.wikimedia.org/show_bug.cgi?id=53806
Andrew Otto <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #4 from Andrew Otto <[email protected]> --- Ok, so Adam and Christian and I just went through the VCL logic a bit. I don't think I have a full handle on all the steps varnish takes to tag things, but it doesn't seem like this particular issue is caused by a mistaken XFF problem. vcl_recv calls spoof_clientip (which conditionally replaces the client_ip with a value from XFF) BEFORE it calls tag_carrier. At this point, it doesn't actually matter if the client_ip was not set correctly by spoof_clientip. Whatever client_ip is set to, tag_carrier should use that to conditionally set the X-CS header. We're checking examples where the client_ip in the varnishncsa logs does belong to the tagged X-CS acl. And we have no idea how that could happen. Ja, there might be some weird logic happening in spoof_clientip that is not working with XFF properly, but that seems irrelevant to this problem. How could X-CS not match the client_ip? -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
