nginx directives geo and map behind proxy

gogan nginx-forum at
Fri Mar 15 14:34:40 UTC 2019


thanks for the response.

I try it with a short view.

Situation 1)

             Proxy (external, myracloud)		<--- Connect official way
           LB/Proxy (internal)
    w-1  w-2  w-3  ..  w10

Situation 2)

           LB/Proxy (internal)		<--- directly connect
    w-1  w-2  w-3  ..  w10

In both situations I see real client IP addresses in server log on
webservers and proxy/loadbalancer.

In situation 1 traffic is general limited without exceptions. 
In situation 2 traffic is limited as expected, all is fine.

====== server.conf=====

limit_req_zone $botlimit zone=req_limit_per_login:10m rate=4r/s;


location ~ ^(/userzentrum/login).*$ {
    limit_req zone=req_limit_per_login;
    proxy_pass xxx_application;
    include /etc/nginx/proxy_params;

====nginx conf====

geo $limited {
  default 0;
  x.x.x.x 1;
map $limited $botlimit {
  1 '';
  0 $remote_addr;


# get x-real-ip from myracloud
set_real_ip_from x.x.x.x;

real_ip_header   CF-Connecting-IP;
real_ip_recursive on;

Posted at Nginx Forum:,283352,283396#msg-283396

More information about the nginx mailing list