realip module broken?
lists at ruby-forum.com
Wed Aug 13 12:23:27 MSD 2008
Igor Sysoev wrote:
> I will look how to resolve the issue. Right now you may disable
> keepalive on nginx side.
I'll keep it at 0.0.0.0/0 for now. The 'set_real_ip_from' directive
doesn't add much security anyway:
a) The loadbalancer overwrites any existing X-Real-IP headers.
b) Even if a) would not be done, the header would be accepted because
all requests come from the loadbalancer IP.
It would be nice if the realip module could be fixed though. It's a
matter of semantics, but I believe an X-Real-IP (or X-Forwarded-For)
header should only influence the request, not the entire connection.
Posted via http://www.ruby-forum.com/.
More information about the nginx