LOG IN SIGN UP
Documentation

Tracking your origin's name, IP, and port

Fastly provides three values captured in vcl_fetch that allow you to see and track origin information:

While these three values are immensely useful, you may want to use this information within vcl_deliver for things like response information or remote log streaming. You can do this by:

  1. Creating cache headers that capture the origin information.
  2. Adding a response header to the log format to capture the response output.

Capturing the Origin Information

To track your origin's name, IP, and port, you need to create two separate headers: one that captures the origin name and another that captures the origin's IP and port (e.g., 80, 443).

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Edit configuration button and then select Clone active. The service version page appears.
  4. Click the Content tab. The Content page appears.
  5. Click the Create header button to create a header that captures the name of your origin. The Create a new header page appears.

    the Create a new header page

  6. Fill out the Create a new header fields as follows:

    • From the Type menu, select Cache, and from the Action menu, select Set.
    • In the Destination field, type http.Backend-Name (or preferred header variable).
    • In the Source field, type beresp.backend.name.
    • From the Ignore if set menu, select Yes.
    • In the Priority field, type 10.
    • In the Description field, type Backend Name (or preferred name). This name is displayed in the Fastly web interface.
  7. Click the Create button. The new header appears on the Content page.

  8. Click the Create header button to create a header that captures the IP and port of your origin. The Create a new header page appears.

    the Create a new header page with the second header

  9. Fill out the Create a new header fields as follows:

    • From the Type menu, select Cache, and from the Action menu, select Set.
    • In the Destination field, type http.Backend-IP-Port (or preferred header variable).
    • In the Source field, type beresp.backend.ip "," beresp.backend.port.
    • From the Ignore if set menu, select Yes.
    • In the Priority field, type 10.
    • In the Description field, type Backend IP and Port (or preferred name). This name is displayed in the Fastly interface.
  10. Click the Create button. The new header appears on the Content page.

  11. Click the Activate button to deploy your configuration changes.

Adding a Response Header to the Log Format

The values captured in a header within vcl_fetch will flow to vcl_deliver. For example, there will exist a resp.http.Backend-Name header in vcl_deliver that corresponds to beresp.http.Backend-Name in vcl_fetch. By default, the response header will be included in the response output.

Unfortunately, with remote log streaming, you cannot add the vcl_fetch header, beresp.http.Header-Name, to the log format. However, you can add its cousin in vcl_deliver, resp.http.Header-Name.

Add resp.http.Header-Name to the log format that you configured by following the instructions in the Remote Log Streaming guide. Using the example above, you would add resp.http.Backend-Name and resp.http.Backend-IP-Port.

Important Notes

Regarding Shielding

Notice within the example the field Ignore if set is set to Yes. With shielding, the VCL is executed twice, once on the shield and again on the edge node. This setting will display the original information from the origin without overriding it on the edge node.

You can also set the field Ignore if set to No with shielding enabled. In this scenario, the edge node captures the shield's information within beresp.backend.name, beresp.backend.ip, and beresp.backend.port.

If remote log streaming is configured, remember it is executed twice. Thus the first log (from the shield node) will have the origin's information and the second log (from the edge node) will have the shield's information.

Regarding Security

For security purposes, you may want to track the information in logging but not display all or some of it in the response. This is possible but requires custom VCL to strip the information after sending the log line from the edge node.

Don't forget to read our guide to using custom VCL before you begin. Remember to include the entire boilerplate if you do not intend to override the Fastly default settings.

Then add the following snippet within vcl_deliver with the headers you want to strip. Using our example above, we continue to send the value of the origin's name within the response. We strip the origin's IP and port from the response information.

sub vcl_deliver {
#FASTLY deliver

  if (!req.http.Fastly-FF) {
    unset resp.http.Backend-IP-Port;
  }

  return(deliver);
}

Back to Top