Behavior of realip module with this config

[Paul Nickerson]

On Fri, Feb 10, 2017 at 11:05 AM, Maxim Dounin wrote:
> Note that my answer ("with the configuration in question nginx
> will use the first address in X-Forwarded-For provided") only
> applies to the particular configuration with "set_real_ip_from
> 0.0.0.0/0", and it is incorrect to assume it can be used as an
> universal answer to all questions.

Ah, OK, I see. Everything is making sense now. I somehow didn't see "with
the configuration in question" in your reply.

So "set_real_ip_from 0.0.0.0/0" brings in a special case, where the
leftmost / first IP address is used. It sounds like that's because it
recursively searches back through the list for an untrusted IP, and if it
doesn't find one, then it keeps whatever was the last one checked, which
would be the leftmost IP.

This is matching what I'm seeing, and I now know how to test out a
different configuration. Thank you for the help, Maxim!

 ~ Paul Nickerson

-- 


*CONFIDENTIALITY NOTICE*

The attached information is PRIVILEGED AND CONFIDENTIAL and is intended 
only for the use of the addressee named above.  If the reader of this 
message is not the intended recipient or the employee or agent responsible 
for delivering the message to the intended recipient, please be aware that 
any dissemination, distribution or duplication of this communication is 
strictly prohibited. If you receive this communication in error, please 
notify us immediately by telephone, delete the message and destroy any 
printed copy of the message. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170210/99b0f692/attachment.html>