realip module broken?

Wed Aug 13 12:23:27 MSD 2008

Igor Sysoev wrote:
> I will look how to resolve the issue. Right now you may disable 
> keepalive on nginx side.

I'll keep it at 0.0.0.0/0 for now. The 'set_real_ip_from' directive 
doesn't add much security anyway:

a) The loadbalancer overwrites any existing X-Real-IP headers.

b) Even if a) would not be done, the header would be accepted because 
all requests come from the loadbalancer IP.

It would be nice if the realip module could be fixed though. It's a 
matter of semantics, but I believe an X-Real-IP (or X-Forwarded-For) 
header should only influence the request, not the entire connection.

Thanks.
-- 
Posted via http://www.ruby-forum.com/.