[PATCH] Improve X-Forwarded-For handling in realip

Michael Shadle mike503 at gmail.com
Thu Dec 2 06:26:49 MSK 2010

On Wed, Dec 1, 2010 at 7:23 PM, Omar Kilani <omar.kilani at gmail.com> wrote:

> The problem is that nginx doesn't do the "first IP in the header which
> is not trusted" part -- it always returns the last IP in the
> X-Forwarded-For header, no matter what.

we have an issue where our CDN gives us the reverse XFF header - we
really want the LAST ip, not the first one (or vice versa) and nginx
gives us the first one which doesn't help :(

making the realip behavior more configurable gets a big +1 from me.
not sure if this is as configurable as it could be though.

More information about the nginx mailing list