Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers
r at roze.lv
Tue Sep 13 12:24:14 UTC 2016
> But that book says it is to reduce the memory footprint ?
Correct, but that is for that specific varible.
You can't take $http_cf_connecting_ip which is a HTTP header comming from
Cloudflare and prepend $binary_ just to "lower memory footprint".
There is no such functionality.
What you might do is still use $binary_remote_addr but in combination with
RealIP module ( http://nginx.org/en/docs/http/ngx_http_realip_module.html ):
Detailed guide from Cloudflare:
Theoretically it should work but to be sure you would need to test it or ask
a nginx dev for confirmation if the realip module takes precedence and
updates also the ip binary variable before the limit_req module.
More information about the nginx