2009/4/21 Igor Sysoev <is at rambler-co.ru>: > No, you should not allow to override client address from all. > Just from frontends: > > set_real_ip_from fb-ip1; > set_real_ip_from fb-ip2; Yeah that's what I said - it was a bit roundabout. "only trust the header from your load balancer etc, w hich you probably want to do, set the netmask appropriately" :)