[PATCH] Improve X-Forwarded-For handling in realip
Michael Shadle
mike503 at gmail.com
Thu Dec 2 06:26:49 MSK 2010
On Wed, Dec 1, 2010 at 7:23 PM, Omar Kilani <omar.kilani at gmail.com> wrote:
> The problem is that nginx doesn't do the "first IP in the header which
> is not trusted" part -- it always returns the last IP in the
> X-Forwarded-For header, no matter what.
we have an issue where our CDN gives us the reverse XFF header - we
really want the LAST ip, not the first one (or vice versa) and nginx
gives us the first one which doesn't help :(
making the realip behavior more configurable gets a big +1 from me.
not sure if this is as configurable as it could be though.
More information about the nginx
mailing list