Behavior of realip module with this config
pnickerson at cashstar.com
Fri Feb 10 18:29:59 UTC 2017
On Fri, Feb 10, 2017 at 11:05 AM, Maxim Dounin wrote:
> Note that my answer ("with the configuration in question nginx
> will use the first address in X-Forwarded-For provided") only
> applies to the particular configuration with "set_real_ip_from
> 0.0.0.0/0", and it is incorrect to assume it can be used as an
> universal answer to all questions.
Ah, OK, I see. Everything is making sense now. I somehow didn't see "with
the configuration in question" in your reply.
So "set_real_ip_from 0.0.0.0/0" brings in a special case, where the
leftmost / first IP address is used. It sounds like that's because it
recursively searches back through the list for an untrusted IP, and if it
doesn't find one, then it keeps whatever was the last one checked, which
would be the leftmost IP.
This is matching what I'm seeing, and I now know how to test out a
different configuration. Thank you for the help, Maxim!
~ Paul Nickerson
The attached information is PRIVILEGED AND CONFIDENTIAL and is intended
only for the use of the addressee named above. If the reader of this
message is not the intended recipient or the employee or agent responsible
for delivering the message to the intended recipient, please be aware that
any dissemination, distribution or duplication of this communication is
strictly prohibited. If you receive this communication in error, please
notify us immediately by telephone, delete the message and destroy any
printed copy of the message. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx