GeoIP FirstNonPrivateXForwardedForIP
Lukas Tribus
luky-37 at hotmail.com
Mon Jun 16 07:12:47 UTC 2014
Hi,
> Thanks for your reply.
>
> I have already tried
> http://nginx.org/en/docs/http/ngx_http_geoip_module.html#geoip_proxy
>
> But this needs a list of subnets / networks to be whitelisted first as a
> trusted source. I do not (Can not) have a list of such networks as they can
> be intermediate proxy of any company. Eg : Google chrome on smartphone uses
> Google compression proxy in between before reaching the actual server where
> website is hosted. Opera mini also does the same and similarly don't know
> who all does it. So I can not have a list of all trusted networks.
You cannot trust X-F-F headers of untrusted third party networks and proxies,
otherwise everyone can spoof whatever remote IP they want.
Don't do this.
Lukas
More information about the nginx
mailing list