Confused about X-Forwarded-For

Rt Ibmer rtibmx at
Sun Apr 27 08:07:17 MSD 2008

I am using nginx as a load balancing proxy to pass requests using proxy_pass to upstream servers running my web app.

These requests may or may not come in with X-Forwarded-For, depending on whether the visitor is using a proxy.

On those upstream servers, within my web app, I need to get the IP address of the client browser.

Without nginx in the picture, my logic would be as follows:
  - if X-Forwarded-For is set in the header, get the FIRST IP address in the list from X-Forwarded-For
  - if there is no X-Forwarded-For in the header, use the REMOTE_ADDR environment variable.

Now once I put nginx into the mix in front of the upstream servers, this is where I am getting confused.  I have seen examples that show this:

  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Real-IP $remote_addr;

HOWEVER, I think I would then have to change my logic to look for X-Forwarded-For, and if not found, look for X-Real-IP.

What I would like to do instead is to just to have nginx add the real IP ($remote_addr) to the X-Forwarded-For header. This way my app can just always look for the first entry in the X-Forwarded-For list of IPs to get the IP I need.

So, I would like to know if the following would work to do this trick:

  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header  X-Forwarded-For $remote_addr;

Would that give me the result I am looking for by putting the real IP in the X-Forwarded-For header? And if that header is present, would it add it to the list or clobber previous entries? Perhaps instead it needs to be written instead as:
  proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for,$remote_addr;

but in the event there was nothing in the X-Forwarded-For header it would wind up giving me a: "X-Forwarded-For ,x.y.z.a" and that leading comma would mess me up.

Ideas? Thank you!


Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

More information about the nginx mailing list