nginx and thttpd + cgi, remote_addr =

Francis Daly francis at
Wed Oct 26 13:02:58 UTC 2011

On Wed, Oct 26, 2011 at 02:17:37AM +0400, Кирюшкин Владимир wrote:
> 26.10.2011, 02:10, "Francis Daly" <francis at>:
> > On Wed, Oct 26, 2011 at 01:11:40AM +0400, Кирюшкин Владимир wrote:

Hi there,

> > That should cause two variables HTTP_X_REAL_IP and HTTP_X_FORWARDED_FOR
> > to be visible in the CGI output.
> alas, no. the full output is (when using proxy):

Ah, this thttpd doesn't expose the full http header as HTTP_* environment
variables. So scratch that as a test.

> > That patch looks like it will write the value of the X-Forwarded-For
> > header into something internal to thttpd.
> yes, it is intended to change X-Forwarded-For into Remote-Addr, but seems that it doesn't work.

Test the thttpd side:

curl -H 'X-Forwarded-For:' http://[thttpd-server]/env.cgi

If you don't see REMOTE_ADDR=, then your thttpd is not acting
as you expect. Nothing nginx can do can help you in that case.

And note what

curl -H 'X-Forwarded-For:,' http://[thttpd-server]/env.cgi

shows that is different.

If thttpd directly works (as above) and through nginx doesn't, then check
the nginx debug log to see what exactly nginx is sending to thttpd --
it'll be the line with

http script copy: "X-Forwarded-For: "

and the next line will show the value.

Test using 

curl http://[nginx-server]/env.cgi

and possibly

curl -H 'X-Forwarded-For:' http://[nginx-server]/env.cgi

> > If they are not what you expect, check what nginx is doing.
> how could i do that?

debug log.

Overall, when I test here, it all works as expected, by which I mean:

when I access nginx on which proxy_pass'es to thttpd on, I see REMOTE_ADDR=

when I access nginx on through any other proxy,
so that X-Forwarded-For is set before it gets to nginx, I see

This patch to thttpd seems to require that X-Forwarded-For contains
exactly one address, which means that you must not set it in nginx using

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

You'll instead want something like

proxy_set_header X-Forwarded-For $remote_addr;

with some careful thought about what to do if X-Forwarded-For was set
in the request to nginx.

Good luck,

Francis Daly        francis at

More information about the nginx mailing list