GeoIP FirstNonPrivateXForwardedForIP

Keyur nginx-forum at nginx.us
Mon Jun 16 05:17:54 UTC 2014


Hi Lukas,

Thanks for your reply.

I have already tried
http://nginx.org/en/docs/http/ngx_http_geoip_module.html#geoip_proxy

But this needs a list of subnets / networks to be whitelisted first as a
trusted source. I do not (Can not) have a list of such networks as they can
be intermediate proxy of any company. Eg : Google chrome on smartphone uses
Google compression proxy in between before reaching the actual server where
website is hosted. Opera mini also does the same and similarly don't know
who all does it. So I can not have a list of all trusted networks.

I've also come across an issue where someone sitting behind a proxy. (Eg:
Squid on local network) and browse internet then the first IP from left is
LAN IP (Private network address) and then the public IP follows. Here GeoIP
country detection fails.

Eg : 10.0.0.50, <Some Public IP>  - - [12/Jun/2014:17:09:28 +0530] "GET /
HTTP/1.1" 200 50675

I need a way where I can tell nginx that it should do GeoIP on the First
Public IP from left. Currently due to private address at the first place
GeoIP fails and country is not detected.

Do suggest what can be done.

Regards,
Keyur

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250823,250871#msg-250871



More information about the nginx mailing list