<div dir="ltr">Hello,<div><br></div><div>I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being set, using (snippet):</div><div><br></div><div>http {</div><div>set_real_ip_from <a href="http://167.114.56.190/32" target="_blank">167.114.56.190/32</a>;</div><div>[..]<br>set_real_ip_from <a href="http://167.114.56.191/32" target="_blank">167.114.56.191/32</a>;<br>real_ip_header X-Forwarded-For;<br></div><div>server {</div><div>location ~ .* {<br></div><div>[..]</div><div>proxy_set_header X-Forwarded-For $http_x_forwarded_for;<br></div><div>proxy_set_header X-Real-IP $remote_addr;</div><div>}</div><div>}</div><div><br></div><div>However, when I receive a direct request, which does not include X-Forwarded-For,  $http_x_forwarded_for, $proxy_add_x_forwarded_for, $http_x_real_ip are empty, and I'm unable to set the header to $remote_addr (which shows the correct IP). If I try adding this in the server {} block:</div><div><br></div><div>if ($http_x_forwarded_for = '') {<br>    set $http_x_forwarded_for $remote_addr;<br>}<br><br></div><div>I get:</div><div><br></div><div>nginx: [emerg] the duplicate "http_x_forwarded_for" variable in /usr/local/openresty/nginx/conf/nginx.conf:131<br>nginx: configuration file /usr/local/openresty/nginx/conf/nginx.conf test failed<br></div><div><br></div><div>The above works to set $http_x_real_ip, but then I end up with direct connections passing Apache the client IP through X-Real-IP, and proxied connections (from Cloudflare) set X-Forwarded-For.</div><div><br></div><div>The log format I'm using to verify both $http_x_forwarded_for and $http_x_real_ip is:</div><div><br></div><div>log_format json_combined escape=json<br>  '{'<br>    '"id":"$zid",'<br>    '"upstream_cache_status":"$upstream_cache_status",'<br>    '"remote_addr":"$remote_addr",'<br>    '"remote_user":"$remote_user",'<br>    '"stime":"$msec",'<br>    '"timestamp":"$time_local",'<br>    '"host":"$host",'<br>    '"server_addr":"$server_addr",'<br>    '"server_port":"$proxy_port",'<br>    '"request":"$request",'<br>    '"status": "$status",'<br>    '"body_bytes_sent":"$body_bytes_sent",'<br>    '"http_referer":"$http_referer",'<br>    '"http_user_agent":"$http_user_agent",'<br>    '"http_x_forwarded_for":"$http_x_forwarded_for",'<br>    '"http_x_real_ip":"$http_x_real_ip",'<br>    '"request_type":"$request_type",'<br>    '"upstream_addr":"$upstream_addr",'<br>    '"upstream_status":"$upstream_status",'<br>    '"upstream_connect_time":"$upstream_connect_time",'<br>    '"upstream_header_time":"$upstream_header_time",'<br>    '"upstream_response_time":"$upstream_response_time",'<br>    '"country":"$country_code",'<br>    '"request_time":"$request_time"'<br>  '}';<br></div><div><br></div><div>How can I consistently pass the backend service an X-Forwarded-For header, with the client IP, regardless of it being a direct request or proxied through Cloudflare/some other CDN?</div><div><br></div><div>Thanks!</div></div>