Log $http_x_forwarded_for behind Cisco ACE LB

Max nginxyz at mail.ru
Fri Mar 2 12:55:29 UTC 2012

02 марта 2012, 15:01 от Edho Arief <edho at myconan.net>:
> 2012/3/2 Tib1 <nginx-forum at nginx.us>:
> > Hello !
> >
> > I'm new to Nginx.
> >
> > I installed Nginx (on Gentoo) instead of Apache behind a Cisco
> > LoadBalancer.
> >
> > My problem is that the directive $http_x_forwarded_for always write
> > local IP of the LoadBalancer instead of Real IP.
> >
> > But I have the good IP in the header HTTP_X_FORWARD.
> >
> perhaps something like this:
> set_real_ip_from load_balancer_ip;
> real_ip_header X-Forwarded-For;

Replace X-Forwarded-For with X-Forward and that shouldl work.

You may want to update your Cisco ACE loadbalancing policy
map configuration to insert the standard X-Forwarded-For
instead of the X-Forward header by doing something like this
in Exec mode:

host1/Admin# show running-config policy-map

You should see something like this:

policy-map type loadbalance http first-match L7_LB_POLICY
  class L7_LB_CLASS
    serverfarm SERVER_FARM_1
    insert-http x-forward header-value "%is"

Then just replace the header:

Host1/Admin# configure terminal
Host1/Admin(config)# policy-map type loadbalance first-match L7_LB_POLICY
host1/Admin(config-pmap-lb)# class L7_LB_CLASS
host1/Admin(config-pmap-lb-c)# no insert-http X-Forward header-value "%is"
host1/Admin(config-pmap-lb-c)# insert-http X-Forwarded-For header-value "%is"
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config)# exit

If everything works as expected just save your configuration and that's it:
host1/Admin# copy running-config startup-config


More information about the nginx mailing list