From 0a7e1e0c03e3dd72a14f073946abe21e561c8033 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Wed, 5 Apr 2017 23:51:12 +0000
Subject: [PATCH] Client.ip is unusable due to proxies, look at forwarded-for

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/varnish/templates/kojipkgs.vcl.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/varnish/templates/kojipkgs.vcl.j2 b/roles/varnish/templates/kojipkgs.vcl.j2
index 60534e49a8..350cc23cc7 100644
--- a/roles/varnish/templates/kojipkgs.vcl.j2
+++ b/roles/varnish/templates/kojipkgs.vcl.j2
@@ -43,7 +43,7 @@ sub vcl_recv {
         return(purge);
     }
 
-    if (req.url ~ "^/repo/" && !(client.ip ~ repoallowed)) {
+    if (req.url ~ "^/repo/" && !(req.http.x-forwarded-for ~ repoallowed)) {
         return(synth(403, "Access denied."));
     }
     if (req.url ~ "^/mash/") {