set_real_ip_from behavior

Reinis Rozitis r at
Tue Jul 2 10:58:46 UTC 2019

> I'm having some issues with getting X-Forwarded-For set consistently for upstream proxy requests. The server runs Nginx/OpenResty in front of 
> Apache, and has domains hosted behind Cloudflare as well as direct. The ones behind Cloudflare show the correct X-Forwarded-For header being > set, using (snippet):

Imo your approach is too complicated (unless I missed something).
If your setup is Cloudflare -> nginx -> apache then if you configure the real ip module on nginx you can just always pass the $remote_addr to the Apache backend:

http {
real_ip_header X-Forwarded-For;

proxy_set_header X-Forwarded-For $remote_addr;

In case the request is direct $remote_addr will contain client ip (and it will be passed to Apache), if the request comes from trusted proxies the realip module will automatically overwrite $remote_addr variable with the one in the X-Forwarded-For header 

(if you still want to log the original client ip you can use $realip_remote_addr ( ).


More information about the nginx mailing list