Welcome! Log In Create A New Profile

Advanced

Re: Reverse Proxy Security

任晓磊
April 22, 2010 11:50PM
You may choose a unusual Header name.

On Fri, Apr 23, 2010 at 6:09 AM, karmaboy <nginx-forum@nginx.us> wrote:
> When using nginx as reverse proxy, to determine the actual client IP address I would need to rely on the X-Real-IP header. Since this is just an HTTP header than can be faked, is it possible for a visitor to include an X-Real-IP header value of their own, passing a fake IP to the back-end server? Does nginx always overwrite this value with the one it detects?
>
> Thx
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,78144,78144#msg-78144
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
>



--
Ren Xiaolei

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Reverse Proxy Security

karmaboy April 22, 2010 02:15PM

Re: Reverse Proxy Security

任晓磊 April 22, 2010 11:50PM

Re: Reverse Proxy Security

Alejandro Mery April 23, 2010 02:36AM

Re: Reverse Proxy Security

Igor Sysoev April 23, 2010 02:44AM

Re: Reverse Proxy Security

karmaboy April 24, 2010 03:26PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 264
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready