set_real_ip_from behavior

Reinis Rozitis r at roze.lv
Tue Jul 2 10:58:46 UTC 2019


> I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of 
> Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being > set, using (snippet):

Imo your approach is too complicated (unless I missed something).
 
If your setup is Cloudflare -> nginx -> apache then if you configure the real ip module on nginx you can just always pass the $remote_addr to the Apache backend:

http {
set_real_ip_from 167.114.56.190/32;
[..]
set_real_ip_from 167.114.56.191/32;
real_ip_header X-Forwarded-For;

proxy_set_header X-Forwarded-For $remote_addr;


In case the request is direct $remote_addr will contain client ip (and it will be passed to Apache), if the request comes from trusted proxies the realip module will automatically overwrite $remote_addr variable with the one in the X-Forwarded-For header 

(if you still want to log the original client ip you can use $realip_remote_addr (http://nginx.org/en/docs/http/ngx_http_realip_module.html#variables) ).


rr



More information about the nginx mailing list