Blocking user behind proxy
Igor Sysoev
is at rambler-co.ru
Thu Oct 15 18:12:22 MSD 2009
On Thu, Oct 15, 2009 at 04:36:30PM +0300, Reinis Rozitis wrote:
> While I'm not 100% sure (prolly Igor or Maxim can confirm/deny) if the module changes the clients ip before other modules/internals
> (like Access) but you could use the RealIP module http://wiki.nginx.org/NginxHttpRealIpModule
>
> And bassicaly add just the required header:
>
> real_ip_header TRUE-CLIENT-IP;
Yes, there are two ways to block some addresses:
1) real_ip_header TRUE-CLIENT-IP;
deny 192.168.1.1;
deny 192.168.1.2;
deny 192.168.1.3;
...
allow all;
2) geo $http_true_client_ip $forbidden {
default 0;
192.168.1.1 1;
...
}
if ($forbidden) {
return 403;
}
> ----- Original Message -----
> From: "sameer" <nginx-forum at nginx.us>
> To: <nginx at sysoev.ru>
> Sent: Thursday, October 15, 2009 4:00 PM
> Subject: Re: Blocking user behind proxy
>
>
> > Thanks for the reply vesperto but the real IP of the client is not the same as $REMOTE_IP. I already tried the AccessModule and
> > that didn't do the job.
> >
> > In my scenario $REMOTE_IP is the IP of the proxy serving which is forwarding the request and $TRUE-CLIENT-IP is a field in the
> > HTTP head which contains the requesting IP which I wish to block.
> >
> > Sameer
> >
> > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,13912,13945#msg-13945
> >
> >
> >
> >
>
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list