Can real_ip_header's behavior be altered slightly?

Michael Shadle mike503 at gmail.com
Wed Dec 30 00:32:48 MSK 2009


Currently there's a slight annoyance (not sure I'd call it a bug) -
we're behind a CDN and the wrong IP is being assigned from
real_ip_header, because we're getting multiple IP addresses. Can the
behavior be altered for this kind of case?

in PHP, when dumping $_SERVER:

["HTTP_VIA"]=>
string(127) "1.1 proxy1.company1.com, 1.1
somehost2.cdncompany.net:8000 (EdgePrism/3.7.2.8), 1.1
somehost1.cdncompany.net:80 (EdgePrism/3.7.2.8)"

["HTTP_X_FORWARDED_FOR"]=>
string(31) "14.13.13.70, 20.11.18.105"

["REMOTE_ADDR"]=>
string(15) "20.11.18.105"

It shows the right address first in the X-Forwarded-For, but the other
addresses second, but nginx is grabbing the LAST ip in the list.

Can we make the real_ip_header trust the FIRST ip only? something like
if the header supplied in "real_ip_header" includes "," to take only
the string up to the ","?

In PHP (pseudocode) it'd be something like:

if(strstr($_SERVER['HTTP_X_FORWARDED_FOR'], ',')) {
 $ip = substr($_SERVER['HTTP_X_FORWARDED_FOR'], 0,
strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ','));
}

I think it can be almost mapped directly to C, since some of those
functions are in directly C, I think :)



More information about the nginx mailing list