Real IP not working?
Alexander Kolesen
a_kolesen at wargaming.net
Sun Dec 4 21:42:21 UTC 2011
> Alexander Kolesen Wrote:
> -------------------------------------------------------
> ....
> > in your location section with 'proxy_pass'
> > directive
> > (or 'fastcgi_pass' or whatever you use).
> >
> > Like the following:
> >
> > location / {
> > ....
> > proxy_pass
> > http://<backend_ip>:<backend_port>;
> > proxy_set_header Host
> > $host;
> > + proxy_set_header X-Real-IP
> > $remote_addr;
> > ....
> > }
> >
> > Your mod_rpaf config have already correctly set up
> > to handle X-Real-IP header
> > and consider it as the end user's IP.
> >
> > Also, you shouldn't use the RPAFsethostname option
> > turned 'On' unless you
> > set X-Host header in the nginx config before
> > passing request to backend. Just turn it 'Off'.
>
>
>
>
> Thanks Alexander. But this does not work.
>
> I commented all the "set_real_ip_from" in nginx config. Restarted nginx.
>
>
> Now the "REMOTE_ADDR" in my php code inside Apache is just my server's
> IP. So the real IP is not being passed.
>
> If I enable the "set_real_ip_from" inside nginx config, then my php code
> sees the right REMOTE_ADDR. But the log messages inside Apache are wrong
> even then....all from my own server IP.
>
> Anyway, my nginx "proxy.inc" is this:
>
>
> <code>
> proxy_cache_bypass $http_pragma $http_authorization;
> proxy_no_cache $http_pragma $http_authorization;
> proxy_temp_file_write_size 512k;
> proxy_pass_header Set-Cookie;
> proxy_redirect off;
> proxy_hide_header Vary;
> proxy_set_header Accept-Encoding '';
> proxy_set_header Referer $http_referer;
> proxy_set_header Host $host;
> proxy_set_header Cookie $http_cookie;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> </code>
>
>
> Any ideas?
>
>
>
> PS: I turned that RPAFsethostname off in apache. This seems harmless
> enough.
>
Seems like you're using Apache httpd >=2.0, but your <IfModule> checks for the 1.3 version.
Just try this:
LoadModule rpaf_module /usr/lib64/httpd/modules/mod_rpaf-2.0.so
+<IfModule mod_rpaf-2.0.c>
-<IfModule mod_rpaf.c>
RPAFenable On
RPAFproxy_ips 0.0.0.0 127.0.0.1 [...my server IPs...]
RPAFsethostname On
RPAFheader X-Real-IP
</IfModule>
More information about the nginx
mailing list