Welcome! Log In Create A New Profile

Advanced

RE: set_real_ip_from behavior

Previous Message Next Message
Forum List Message List New Topic Print View
Reinis Rozitis
July 02, 2019 07:00AM
> I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of
> Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being > set, using (snippet):

Imo your approach is too complicated (unless I missed something).

If your setup is Cloudflare -> nginx -> apache then if you configure the real ip module on nginx you can just always pass the $remote_addr to the Apache backend:

http {
set_real_ip_from 167.114.56.190/32;
[..]
set_real_ip_from 167.114.56.191/32;
real_ip_header X-Forwarded-For;

proxy_set_header X-Forwarded-For $remote_addr;


In case the request is direct $remote_addr will contain client ip (and it will be passed to Apache), if the request comes from trusted proxies the realip module will automatically overwrite $remote_addr variable with the one in the X-Forwarded-For header

(if you still want to log the original client ip you can use $realip_remote_addr (http://nginx.org/en/docs/http/ngx_http_realip_module.html#variables) ).


rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

set_real_ip_from behavior

Andrei July 02, 2019 05:14AM

RE: set_real_ip_from behavior

Reinis Rozitis July 02, 2019 07:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 303
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready