limit_req is not working with dynamically extracted user address
nginx-forum at forum.nginx.org
Fri Mar 18 14:48:56 UTC 2016
thank you for quick response.
> How did you found that limit_req uses a wrong element?
We don't know if this is limit_req - in reality we were just looking into
logs and I guess that's what confused us. We observed those IPs and rolled
back the changes as we assumed that all requests from CDN or DDOS Service
The only way to I guess to verify that our current schema works is to use
some arbitrary IP and see if our requests are blocked rather then CDN
service IP is blocked.
We've looked into http://nginx.org/en/docs/http/ngx_http_realip_module.html
and not sure if it is going to work.
As you saw one of the examples we have other services in front of us.
There are 2 cases:
User -> DDOS Service -> Our NGINX - X-Forwarded-For ex:
User -> CDN -> DDOS Service -> Our NGINX - X-Forwarded-For ex:
5184.108.40.206, 4220.127.116.11, 518.104.22.1687, 322.214.171.124
Will realip module able to identify real IP of end user?
Should we set CIDR of both DDOS Service and CDN Service as real ip tables:
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,265461,265491#msg-265491
More information about the nginx