Real IP not working?

Alexander Kolesen a_kolesen at wargaming.net
Sun Dec 4 21:42:21 UTC 2011


> Alexander Kolesen Wrote:
> -------------------------------------------------------
> ....
> > in your location section with 'proxy_pass'
> > directive 
> > (or 'fastcgi_pass' or whatever you use).
> > 
> > Like the following:
> > 
> >     location / {
> > ....
> >         proxy_pass                
> > http://<backend_ip>:<backend_port>;
> >         proxy_set_header           Host           
> >  $host;
> > +       proxy_set_header           X-Real-IP      
> >  $remote_addr;
> > ....
> >     }
> > 
> > Your mod_rpaf config have already correctly set up
> > to handle X-Real-IP header 
> > and consider it as the end user's IP.
> > 
> > Also, you shouldn't use the RPAFsethostname option
> > turned 'On' unless you
> > set X-Host header in the nginx config before
> > passing request to backend. Just turn it 'Off'.
> 
> 
> 
> 
> Thanks Alexander.  But this does not work. 
> 
> I commented all the "set_real_ip_from" in nginx config. Restarted nginx.
> 
> 
> Now the "REMOTE_ADDR" in my php code inside Apache is just my server's
> IP. So the real IP is not being passed. 
> 
> If I enable the "set_real_ip_from" inside nginx config, then my php code
> sees the right REMOTE_ADDR. But the log messages inside Apache are wrong
> even then....all from my own server IP. 
> 
> Anyway, my nginx "proxy.inc" is this: 
> 
> 
> <code>
> proxy_cache_bypass          $http_pragma  $http_authorization;
> proxy_no_cache              $http_pragma  $http_authorization;
> proxy_temp_file_write_size  512k;
> proxy_pass_header           Set-Cookie;
> proxy_redirect              off;
> proxy_hide_header           Vary;
> proxy_set_header            Accept-Encoding '';
> proxy_set_header            Referer $http_referer;
> proxy_set_header            Host   $host;
> proxy_set_header            Cookie $http_cookie;       
> proxy_set_header            X-Real-IP  $remote_addr;
> proxy_set_header            X-Forwarded-Host $host;
> proxy_set_header            X-Forwarded-Server $host;
> proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
> </code>
> 
> 
> Any ideas? 
> 
> 
> 
> PS: I turned that RPAFsethostname off in apache. This seems harmless
> enough.
>

Seems like you're using Apache httpd >=2.0, but your <IfModule> checks for the 1.3 version.
Just try this:

 LoadModule rpaf_module /usr/lib64/httpd/modules/mod_rpaf-2.0.so
+<IfModule mod_rpaf-2.0.c>
-<IfModule mod_rpaf.c>
     RPAFenable On
     RPAFproxy_ips  0.0.0.0  127.0.0.1  [...my server IPs...]
     RPAFsethostname On
     RPAFheader X-Real-IP
 </IfModule>



More information about the nginx mailing list