Can real_ip_header's behavior be altered slightly?
Michael Shadle
mike503 at gmail.com
Wed Dec 30 00:32:48 MSK 2009
Currently there's a slight annoyance (not sure I'd call it a bug) -
we're behind a CDN and the wrong IP is being assigned from
real_ip_header, because we're getting multiple IP addresses. Can the
behavior be altered for this kind of case?
in PHP, when dumping $_SERVER:
["HTTP_VIA"]=>
string(127) "1.1 proxy1.company1.com, 1.1
somehost2.cdncompany.net:8000 (EdgePrism/3.7.2.8), 1.1
somehost1.cdncompany.net:80 (EdgePrism/3.7.2.8)"
["HTTP_X_FORWARDED_FOR"]=>
string(31) "14.13.13.70, 20.11.18.105"
["REMOTE_ADDR"]=>
string(15) "20.11.18.105"
It shows the right address first in the X-Forwarded-For, but the other
addresses second, but nginx is grabbing the LAST ip in the list.
Can we make the real_ip_header trust the FIRST ip only? something like
if the header supplied in "real_ip_header" includes "," to take only
the string up to the ","?
In PHP (pseudocode) it'd be something like:
if(strstr($_SERVER['HTTP_X_FORWARDED_FOR'], ',')) {
$ip = substr($_SERVER['HTTP_X_FORWARDED_FOR'], 0,
strpos($_SERVER['HTTP_X_FORWARDED_FOR'], ','));
}
I think it can be almost mapped directly to C, since some of those
functions are in directly C, I think :)
More information about the nginx
mailing list