Nginx real_ip_recursive

ianjoneill nginx-forum at
Mon Sep 15 13:41:21 UTC 2014

Thanks for your reply.

If I uncomment that line, the X-Forwarded-For header contains all of the IP
addresses, as shown below:

$ sudo /usr/sbin/tcpdump -i lo -A -s 0 'tcp port 8080 and (
((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
14:37:24.303617 IP localhost.50999 > localhost.8080: Flags [P.], seq
17884206, ack 1454594695, win 4099, options [nop,nop,TS val 2599031 ecr
, length 215
E...."@. at ............7".*.
.'.w.'.vHEAD / HTTP/1.0
Host: localhost
Connection: close
User-Agent: curl/7.30.0
Accept: */*

i.e. I am getting the spoofed addresses and the real one. As I understood
it, I should only get the real ip, i.e.

Posted at Nginx Forum:,253247,253250#msg-253250

More information about the nginx mailing list