Keeping your Nginx limit_* Anti-DDoS behind CloudFlare's servers
Reinis Rozitis
r at roze.lv
Tue Sep 13 12:24:14 UTC 2016
> But that book says it is to reduce the memory footprint ?
Correct, but that is for that specific varible.
You can't take $http_cf_connecting_ip which is a HTTP header comming from
Cloudflare and prepend $binary_ just to "lower memory footprint".
There is no such functionality.
What you might do is still use $binary_remote_addr but in combination with
RealIP module ( http://nginx.org/en/docs/http/ngx_http_realip_module.html ):
real_ip_header CF-Connecting-IP;
Detailed guide from Cloudflare:
(
https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-
)
Theoretically it should work but to be sure you would need to test it or ask
a nginx dev for confirmation if the realip module takes precedence and
updates also the ip binary variable before the limit_req module.
rr
More information about the nginx
mailing list