Varnish VCL Client IP issue

# Default backend definition.  Set this to point to your content
# server.
backend mysite {
    .host = "www.mysite.com";
    .port = "8085";
    .connect_timeout = 600s;
    .first_byte_timeout = 600s;
    .between_bytes_timeout = 600s;
}

acl purge {
	# For now, I'll only allow purges coming from localhost
	"127.0.0.1";
	"localhost";
}

# Handle the HTTP request received by the client
sub vcl_recv {
#  if (req.restarts == 0) {
# 		if (req.http.X-Forwarded-For) {
# 	    		set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
#	 	} else {
#			set req.http.X-Forwarded-For = client.ip;
#	 	}
#     	}
# unset req.http.X-Forwarded-For;

# Add a unique header containing the client address
#       remove req.http.X-Forwarded-For;
#      set    req.http.X-Forwarded-For = client.ip;
#
# 	Rename the incoming XFF header to work around a Varnish bug.
#  if (req.http.X-Forwarded-For) {
#	Append the client IP
#   // set req.http.X-Real-Forwarded-For = req.http.X-Forwarded-For ", " regsub(client.ip, ":.*", "");
#    unset req.http.X-Forwarded-For;
#  }
#  else {
    // Simply use the client IP
   // set req.http.X-Real-Forwarded-For = regsub(client.ip, ":.*", "");
#  }


#lize the header, remove the port (in case you're testing this on various TCP ports)
	set req.http.Host = regsub(req.http.Host, ":[0-9]+", "");

	# Allow purging
	if (req.request == "PURGE") {
		if (!client.ip ~ purge) {
			# Not from an allowed IP? Then die with an error.
			error 405 "This IP is not allowed to send PURGE requests.";
		}

		# If you got this stage (and didn't error out above), do a cache-lookup
		# That will force entry into vcl_hit() or vcl_miss() below and purge the actual cache
		return (lookup);
        }

	# Only deal with "normal" types
     	if (req.request != "GET" &&
       		req.request != "HEAD" &&
      	 	req.request != "PUT" &&
       		req.request != "POST" &&
       		req.request != "TRACE" &&
       		req.request != "OPTIONS" &&
      	 	req.request != "DELETE") {
         		/* Non-RFC2616 or CONNECT which is weird. */
         		return (pipe);
     	}

	if (req.request != "GET" && req.request != "HEAD") {
         	# We only deal with GET and HEAD by default
         	return (pass);
     	}

    # mysite.com - With any subdomain support
    if (req.http.host ~ "^(.*\.)?mysite\.com$") {
            set req.backend = mysite;
            //return (pass);  // Means never cache anything from this domain
    }

# A configuration file specific for Drupal 7

# Either the admin pages or the login
if (req.url ~ "/admin/?") {
        # Don't cache, pass to backend
        return (pass);
}

if (req.url ~ "/user?") {
    # don't cache
    return (pass);
}

#if (req.http.Cookie ~ "(FITNESS_LOGGED)") {
#        return (pass);
#}

# Remove the "has_js" cookie
set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");

# Remove any Google Analytics based cookies
set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");

# Remove the Quant Capital cookies (added by some plugin, all __qca)
set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");

# Are there cookies left with only spaces or that are empty?
if (req.http.cookie ~ "^ *$") {
        unset req.http.cookie;
}

# Static content unique to the theme can be cached (so no user uploaded images)
if (req.url ~ "^/themes/" && req.url ~ "\.(css|js|png|gif|jp(e)?g)") {
        unset req.http.cookie;
}

# Normalize Accept-Encoding header (straight from the manual: https://www.varnish-cache.org/docs/3.0/tutorial/vary.html)
if (req.http.Accept-Encoding) {
        if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
                # No point in compressing these
                remove req.http.Accept-Encoding;
        } elsif (req.http.Accept-Encoding ~ "gzip") {
                set req.http.Accept-Encoding = "gzip";
        } elsif (req.http.Accept-Encoding ~ "deflate") {
                set req.http.Accept-Encoding = "deflate";
        } else {
                # unkown algorithm
                remove req.http.Accept-Encoding;
        }
}

# Don't cache the install, update or cron files in Drupal
if (req.url ~ "install\.php|update\.php|cron\.php|members/") {
	return (pass);
}

# Uncomment this to trigger the vcl_error() subroutine, which will HTML output you some variables (HTTP 700 = pretty debug)
#error 700;

# Anything else left?
if (!req.http.cookie) {
        unset req.http.cookie;
}

  // Rename the incoming XFF header to work around a Varnish bug.
#  if (req.http.X-Forwarded-For) {
    // Append the client IP
    #set req.http.X-Real-Forwarded-For = req.http.X-Forwarded-For ", " regsub(client.ip, ":.*", "");
   # unset req.http.X-Forwarded-For;
#  }
#  else {
    // Simply use the client IP
    #set req.http.X-Real-Forwarded-For = regsub(client.ip, ":.*", "");
#  }

set req.http.X-Forwarded-For =  regsub(client.ip, ":.*", "");
set req.http.X-Real-Forwarded-For = regsub(client.ip, ":.*", "");

# Try a cache-lookup
# return (lookup);

if (req.http.Authorization || req.http.Cookie) {
  # Not cacheable by default
   return (pass);
}

	return (lookup);
}

sub vcl_pipe {
     	# Note that only the first request to the backend will have
     	# X-Forwarded-For set.  If you use X-Forwarded-For and want to
     	# have it set for all requests, make sure to have:
     	# set bereq.http.connection = "close";
     	# here.  It is not set by default as it might break some broken web
     	# applications, like IIS with NTLM authentication.

	set bereq.http.connection = "close";
	return (pipe);
}

sub vcl_pass {
	return (pass);
}

# The data on which the hashing will take place
sub vcl_hash {
     	hash_data(req.url);
     	if (req.http.host) {
         	hash_data(req.http.host);
     	} else {
         	hash_data(server.ip);
     	}

	# If the client supports compression, keep that in a different cache
    	if (req.http.Accept-Encoding) {
        	hash_data(req.http.Accept-Encoding);
	}

	return (hash);
}

sub vcl_hit {
	# Allow purges
	if (req.request == "PURGE") {
		purge;
		error 200 "Purged.";
	}

	return (deliver);
}

sub vcl_miss {
	# Allow purges
	if (req.request == "PURGE") {
		purge;
		error 200 "Purged.";
	}

	return (fetch);
}

# Handle the HTTP request coming from our backend
sub vcl_fetch {
	# I can use direct matching on the host, since I normalized the host header in the VCL Receive
  if (req.http.host ~ "^(.*\.)?fitnessrepublic\.com$") {

    # The vcl_fetch routine, when the request is fetched from the backend

    # For static content related to the theme, strip all backend cookies
    if (req.url ~ "^/themes/" && req.url ~ "\.(css|js|png|gif|jp(e?)g)") {
	   unset beresp.http.cookie;
    }

    # A TTL of 30 minutes
    set beresp.ttl = 1800s;
	}

	# Temporarily removed
	#if (beresp.ttl <= 0s || beresp.http.Set-Cookie || beresp.http.Vary == "*") {
	#	set beresp.ttl = 120s;
	#	return (hit_for_pass);
	#}
     	return (deliver);
}

# The routine when we deliver the HTTP request to the user
# Last chance to modify headers that are sent to the client
sub vcl_deliver {
	if (obj.hits > 0) {
		set resp.http.X-Cache = "cached";
	} else {
		set resp.http.x-Cache = "uncached";
	}

	# Remove some headers: PHP version
	unset resp.http.X-Powered-By;

	# Remove some headers: Apache version & OS
	unset resp.http.Server;

	return (deliver);
}

sub vcl_error {
	if (obj.status == 700) {
		# Include a general error message handler for debugging purposes
	 include "/etc/varnish/conf.d/_error.vcl";

	} elseif (obj.status == 701) {
		# Redirect error handler
		set obj.http.Location = "http://" + obj.response + req.url;
		# Change this to 302 if you want temporary redirects
		set obj.status = 301;
		return (deliver);

	}

     	return (deliver);
}

sub vcl_init {
 	return (ok);
}

sub vcl_fini {
 	return (ok);
}