LOG IN SIGN UP
Documentation

Tracking your origin's name, IP, and port

  Last updated August 09, 2018

Fastly provides three values captured in vcl_fetch that allow you to see and track origin information:

While these three values are immensely useful, you may want to use this information within vcl_deliver for things like response information or remote log streaming. You can do this by:

  1. Creating cache headers that capture the origin information.
  2. Adding a response header to the log format to capture the response output.

Capturing the origin information

To track your origin's name, IP, and port, you need to create two separate headers: one that captures the origin name and another that captures the origin's IP and port (e.g., 80, 443).

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Configuration button and then select Clone active. The Domains page appears.
  4. Click the Content link. The Content page appears.
  5. Click the Create header button to create a header that captures the name of your origin. The Create a header page appears.

    the Create a header page

  6. Fill out the Create a header fields as follows:
    • In the Name field, type Backend Name (or preferred name). This name is displayed in the Fastly web interface.
    • From the Type menu, select Cache, and from the Action menu, select Set.
    • In the Destination field, type http.Backend-Name (or preferred header variable).
    • In the Source field, type beresp.backend.name.
    • From the Ignore if set menu, select Yes.
    • In the Priority field, type 10.
  7. Click the Create button. The new header appears on the Content page.
  8. Click the Create header button to create a header that captures the IP and port of your origin. The Create a header page appears.

    the Create a header page with the second header

  9. Fill out the Create a header fields as follows:
    • In the Name field, type Backend IP and Port (or preferred name). This name is displayed in the Fastly interface.
    • From the Type menu, select Cache, and from the Action menu, select Set.
    • In the Destination field, type http.Backend-IP-Port (or preferred header variable).
    • In the Source field, type beresp.backend.ip "," beresp.backend.port.
    • From the Ignore if set menu, select Yes.
    • In the Priority field, type 10.
  10. Click the Create button. The new header appears on the Content page.
  11. Click the Activate button to deploy your configuration changes.

Adding a response header to the log format

The values captured in a header within vcl_fetch will flow to vcl_deliver. For example, there will exist a resp.http.Backend-Name header in vcl_deliver that corresponds to beresp.http.Backend-Name in vcl_fetch. By default, the response header will be included in the response output.

Unfortunately, with remote log streaming, you cannot add the vcl_fetch header, beresp.http.Header-Name, to the log format. However, you can add its cousin in vcl_deliver, resp.http.Header-Name.

Add resp.http.Header-Name to the log format that you configured by following the instructions in the Remote Log Streaming guide. Using the example above, you would add resp.http.Backend-Name and resp.http.Backend-IP-Port.

Important notes

Regarding shielding

Notice within the example the field that Ignore if set is set to Yes. With shielding, the VCL is executed twice, once on the shield and again on the edge node. This setting will display the original information from the origin without overriding it on the edge node.

You can also set the field Ignore if set to No with shielding enabled. In this scenario, the edge node captures the shield's information within beresp.backend.name, beresp.backend.ip, and beresp.backend.port.

If remote log streaming is configured, remember it is executed twice. Thus the first log (from the shield node) will have the origin's information and the second log (from the edge node) will have the shield's information.

Regarding security

For security purposes, you may want to track the information in logging but not display some or all of it in the response. You can create a VCL Snippet to remove any headers you don't want sent. Adding to the example above, continue to send the value of the origin's name and IP within the response by stripping the origin's port from the response information.

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Configuration button and then select Clone active. The Domains page appears.
  4. Click the VCL Snippets link. The VCL Snippets page appears.
  5. Click Create Snippet. The Create a VCL snippet page appears.

    vcl snippet window

  6. In the Name field, type an appropriate name (e.g., Remove Backend IP).
  7. From the Type controls, select within subroutine.
  8. From the Select subroutine menu, select deliver (vcl_deliver).
  9. In the VCL field, add the following conditions:

     if (!req.http.Fastly-FF) {
       unset resp.http.Backend-IP-Port;
     }
    
  10. Click Create to create the snippet.
  11. Click the Activate button to deploy your configuration changes.

Back to Top