Tweet So I did a setup like this once nginx -> varnish -> backend apaches I did the nginx in front of varnish to handle SSL termination since varnish doesn’t do SSL. So the issue is you can do this for subnet checking in your varnish config acl vpn { "192.168.0.0"/16; } sub vcl_recv { if (client.ip ~ vpn) { # something here } return(pass); } So the issue with this is varnish thinks the client.