Jump to content

Varnish and "Your current IP address does not match the one in our records"


Recommended Posts

Hi All,

I was asking the guys from support about this and they directed me towards the forums.

We have recently setup a varnish server in front of our server which has wordpress, IPB, and a few other apps,

We had quite a few issues with Wordpress which we've almost eliminated.

I can't use the admin cp, every second click I get brought back to the login screen with message "Your current IP address does not match the one in our records" (see attached)

We also seem to be getting a lot of 503 errors in the backend of wordpress but i'm not sure if it's related.

Link to comment
Share on other sites

Sounds like you've followed a half baked tutorial on varnish reverse proxy...

You're missing this module in apache
http://stderr.net/apache/rpaf/
Additionally, make sure varnish is passing the variable X-Forwarded-For in its header.

I don't know what's causing your 503's.

Link to comment
Share on other sites

I checked and we do have rpaf installed, I did some 'google research' and we may have been missing gcc as a dependency,

I installed just to be sure, we're still having the getting logged out issue as above,

the 503 are harder to replicate.

Link to comment
Share on other sites

I think I'm getting closer to the issue,

if the ip forwarding was not working at all then I wouldn't be getting logged out as the ip address wouldn't change, it would stay as the varnish server's ip address.

I checked the log and it seems to be fluctuating between my ip address and the varnish server's ip address every second reload or so.

I checked the vcl(s) we have three default.vcl, wordpress.vcl and wordpress2.vcl, the only reference to http.X-Forwarded is commented out in default vcl


# sub vcl_recv {

#	 if (req.restarts == 0) {

#	   if (req.http.x-forwarded-for) {

#		   set req.http.X-Forwarded-For =

#			   req.http.X-Forwarded-For + ", " + client.ip;

#	   } else {

#		   set req.http.X-Forwarded-For = client.ip;

#	   }



does varnish do the forwarding built in?

Link to comment
Share on other sites

I don't know if it does by default, but I would suggest not leaving it to chance and just defining it.

Also, you can have additional methods of passing correct IP to invision. You can just write in your configuration...

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];


and it will get the value from the pass even without mod_rpaf.

Note... I may have gotten the spelling/punctuation incorrect for above vars. Should double check from your phpinfo. ^^;

Link to comment
Share on other sites


thanks all,



By the way, one of the guy that fixed it told me that it was because we were using pipe mode and pass mode,



anyone more about this?


maybe get the guy to elaborate on what he meant and where pipe/pass were being used in the vcl incorrectly ?
Link to comment
Share on other sites

  • 4 weeks later...
  • 5 months later...

Ok All I thought I might come back to this and provide some more info on how this ended up.

We've minimised the 503 errors, as far we could tell this was being caused by the built-in timeout mechanism of varnish and the solution was not to increase the timeout (tried and it didn't work) but rather to move the site to a better server that could respond faster.

The second issue was the constant being logged out, this was because of incorrect install of the rpaf mod, there are some guides out there in the google-verse that you can find for setting things right on both servers (if you are indeed using separate servers for varnish and your website). Once this was done correctly then IPB worked correctly.

Anyone have any questions let me know

Link to comment
Share on other sites

I don't know if it does by default, but I would suggest not leaving it to chance and just defining it.

Also, you can have additional methods of passing correct IP to invision. You can just write in your configuration...

$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];


and it will get the value from the pass even without mod_rpaf.

Note... I may have gotten the spelling/punctuation incorrect for above vars. Should double check from your phpinfo. ^^;

Please don't do stuff like this, it allows people to tell your server they are using any IP address they want.

EDIT: Wow, just quoted this post after reading up, nice thread revival from June lol.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...