Tracking your origin's name, IP, and port

Being able to track information related to your origin can be helpful in troubleshooting errors and making sure requests are processed as expected. Fastly provides three VCL variables that allow you to see and track origin information:

You can create VCL Snippets that use these variables to capture information about an origin and then set up remote log streaming to save that information.

Retrieve the origin information

Create a regular VCL Snippet to retrieve the origin information:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click Edit configuration and then select the option to clone the active version.
  4. Click VCL snippets.

  5. Click Create snippet.

  6. Fill out the Create a VCL snippet fields as follows:

    • In the Name field, enter an appropriate name (for example, Retrieve-Origin-Information).
    • From the Type menu, select within subroutine.
    • From the Select subroutine menu, select fetch (vcl_fetch).
    • In the VCL field, add the following VCL logic:
    1
    2
    3
    # save the variables for access in deliver
    set beresp.http.Your-Backend-Name = beresp.backend.name;
    set beresp.http.Your-Backend-IP-Port = beresp.backend.ip ":" beresp.backend.port;
  7. Click Create to create the snippet.

Change the response header to a request header

Create another regular VCL Snippet that changes the response header to a request header before logging the information:

  1. Click VCL snippets.

  2. Click Create snippet.

  3. Fill out the Create a VCL snippet fields as follows:

    • In the Name field, enter an appropriate name (for example, Remove-Origin-Information).
    • From the Type controls, select within subroutine.
    • From the Select subroutine menu, select deliver (vcl_deliver).
    • In the VCL field, add the following VCL logic:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    if (fastly_info.state ~ "(MISS|PASS)") {
    # only on a miss or pass
    # save the responses back to req.request because
    # request headers are not sent back to the client
    set req.http.Your-Backend-Name = resp.http.Your-Backend-Name;
    set req.http.Your-Backend-IP-Port = resp.http.Your-Backend-IP-Port;
    }
    # remove the identifying information from the response
    unset resp.http.Your-Backend-Name;
    unset resp.http.Your-Backend-IP-Port;
  4. Click Create to create the snippet.

NOTE

If a response header like beresp.http.Your-Backend-Name exists in vcl_fetch when VCL is processed, then a corresponding response header resp.http.Your-Backend-Name will exist in vcl_deliver and will be logged by default. This means that response headers will be included in response output, exposing origin information (e.g., IP address, port number, or origin name) in the process. Fortunately, request headers are not passed back to the client, but their information remains accessible from vcl_log.

Set up remote log streaming

Once your snippets are created, you can set up remote log streaming for tracking purposes. Do this by adding req.http.Header-Name to the Log format field in the logging endpoint you configured in the remote log streaming guide. Using the example above, you would add req.http.Your-Backend-Name and req.http.Your-Backend-IP-Port. Once you've reviewed the changes you've made, click the Activate button to deploy these configuration changes for your service.

NOTE

When you configure remote log streaming to capture this information, remember the VCL is executed twice, once on the shield node and again on the edge node. This means that the first log (from the shield node) will have the origin's information and the second log (from the edge node) will have the shield's information.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.