realip module broken?

Igor Sysoev is at rambler-co.ru
Tue Aug 12 18:49:31 MSD 2008 

On Tue, Aug 12, 2008 at 04:07:39PM +0200, Spil Games wrote:

> We have been using (and relying) on the realip module for a while now to
> extract 'X-Real-IP' headers from our loadbalancers so our backends get
> REMOTE_ADDR variables. Everything seemed to work fine.
> 
> However today I was tracing some of my own debugging on a live server
> (lots of rps) and was surprised by the output I got. Because I was doing
> HEAD requests and all the other requests are GET's, a simple grep was
> enough to filter out my debugging requests from the access_log
> 
> www.mydomain.com 200.199.140.205 - - [12/Aug/2008:09:57:04 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 200.199.140.205 - - [12/Aug/2008:09:57:06 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 88.80.254.219 - - [12/Aug/2008:09:57:10 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 88.80.254.219 - - [12/Aug/2008:09:57:12 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 66.153.141.107 - - [12/Aug/2008:09:57:55 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 72.187.80.90 - - [12/Aug/2008:09:58:16 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> www.mydomain.com 72.187.80.90 - - [12/Aug/2008:09:58:30 -0400] HEAD /
> HTTP/1.1 "403" 0 "-" "curl/7.16.3 (i686-pc-cygwin) libcurl/7.16.3
> OpenSSL/0.9.8g zlib/1.2.3 libssh2/0.15-CVS"
> 
> 
> But hold on... Why am I getting al those random source IP's?
> 
> After confirming (using a strace) that the correct headers are being
> sent to Nginx, the only conclusion I can draw is that the realip module
> is mixing up IP adresses. Zipping throught the logs seems to confirm
> this, when I do a request I either see my own IP address (correct) or
> the IP address from the request right before me (incorrect).
> 
> Does this ring a bell for anyone? It seems to me like the realip module
> is seriously broken (at least in 0.6.32). I had a look at the source
> code, but cannot come with anything obvious.

What loadbalancer (that sets X-Real-IP) do you use ?


-- 
Igor Sysoev
http://sysoev.ru/en/

More information about the nginx mailing list