How to get varnish client.ip behind ELB

How to get varnish client.ip behind ELB
I needed to filter access by IP using varnish acl, but when your varnish is behind a Amazon ELB Load Balancer, by default it doesn’t work, so here is the solution! Tested using Linux Amazon Linux AMI release 2015.03
We will need to install a libvmod-ipcase https://github.com/lkarsten/libvmod-ipcast
The installation can be a little harder then it seems, because it requires a varnish complied.
#Pre-Requiste Installs
yum install libtool pcre-devel libedit-devel.x86_64
#Compiling varnish
mkdir /root/sources && /root/sources
wget http://repo.varnish-cache.org/source/varnish-3.0.5.tar.gz
cd varnish-3.0.5/
./configure –prefix /root/sources/
make
#Finally installing the libvmod
wget ‘https://github.com/lkarsten/libvmod-ipcast/archive/master.zip’
./autogen.sh
./configure VARNISHSRC=/root/sources/varnish-3.0.5/ VMODDIR=/usr/lib64/varnish/vmods/
make
make install
#Configuring varnish vcl
acl in {
“127.0.0.1”;
“119.87.12.140”; ### Embratel
}
sub vcl_recv {
set req.http.xff = regsub(req.http.X-Forwarded-For, “^(^[^,]+),?.*$”, “\1”);
if (ipcast.ip(req.http.xff, “198.51.100.255”) == “198.51.100.255”) {
error 400 “Bad request”;
}
if (ipcast.ip(req.http.xff, “198.51.100.255”) !~ in) {
error 403 “Forbidden”;
}
…