set_real_ip_from behavior
Reinis Rozitis
r at roze.lv
Tue Jul 2 10:58:46 UTC 2019
> I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of
> Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being > set, using (snippet):
Imo your approach is too complicated (unless I missed something).
If your setup is Cloudflare -> nginx -> apache then if you configure the real ip module on nginx you can just always pass the $remote_addr to the Apache backend:
http {
set_real_ip_from 167.114.56.190/32;
[..]
set_real_ip_from 167.114.56.191/32;
real_ip_header X-Forwarded-For;
proxy_set_header X-Forwarded-For $remote_addr;
In case the request is direct $remote_addr will contain client ip (and it will be passed to Apache), if the request comes from trusted proxies the realip module will automatically overwrite $remote_addr variable with the one in the X-Forwarded-For header
(if you still want to log the original client ip you can use $realip_remote_addr (http://nginx.org/en/docs/http/ngx_http_realip_module.html#variables) ).
rr
More information about the nginx
mailing list