Hi,



> Thanks for your reply.
>
> I have already tried
> http://nginx.org/en/docs/http/ngx_http_geoip_module.html#geoip_proxy
>
> But this needs a list of subnets / networks to be whitelisted first as a
> trusted source. I do not (Can not) have a list of such networks as they can
> be intermediate proxy of any company. Eg : Google chrome on smartphone uses
> Google compression proxy in between before reaching the actual server where
> website is hosted. Opera mini also does the same and similarly don't know
> who all does it. So I can not have a list of all trusted networks.

You cannot trust X-F-F headers of untrusted third party networks and proxies,
otherwise everyone can spoof whatever remote IP they want.

Don't do this.



Lukas


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx