GeoIP FirstNonPrivateXForwardedForIP

Lukas Tribus luky-37 at
Mon Jun 16 07:12:47 UTC 2014


> Thanks for your reply.
> I have already tried
> But this needs a list of subnets / networks to be whitelisted first as a
> trusted source. I do not (Can not) have a list of such networks as they can
> be intermediate proxy of any company. Eg : Google chrome on smartphone uses
> Google compression proxy in between before reaching the actual server where
> website is hosted. Opera mini also does the same and similarly don't know
> who all does it. So I can not have a list of all trusted networks.

You cannot trust X-F-F headers of untrusted third party networks and proxies,
otherwise everyone can spoof whatever remote IP they want.

Don't do this.



More information about the nginx mailing list