nginx directives geo and map behind proxy
Francis Daly
francis at daoine.org
Sat Mar 16 09:33:12 UTC 2019
On Fri, Mar 15, 2019 at 10:34:40AM -0400, gogan wrote:
Hi there,
> In both situations I see real client IP addresses in server log on
> webservers and proxy/loadbalancer.
>
> In situation 1 traffic is general limited without exceptions.
> In situation 2 traffic is limited as expected, all is fine.
> geo $limited {
> default 0;
> x.x.x.x 1;
> }
>
> map $limited $botlimit {
> 1 '';
> 0 $remote_addr;
> }
That config says that requests with $remote_addr set to x.x.x.x should
not be limited, and everything else should be limited.
> # get x-real-ip from myracloud
> set_real_ip_from x.x.x.x;
>
> real_ip_header CF-Connecting-IP;
The comment mentions x-real-ip, but the code says CF-Connecting-IP.
Does myracloud set the Cloudflare header?
If you temporarily add the config stanza to nginx at server level:
location = /iptest {
return 200 "CF-Connecting-IP: $http_cf_connecting_ip;\nX-Real-IP: $http_x_real_ip\n;remote_addr: $remote_addr;\nreal remote: $realip_remote_addr;\ngeo: $limited;\nbotlimit: $botlimit\n";
}
and make some requests for /iptest, which lines show the address x.x.x.x
and which lines show the real client IP address?
That might help show what the actual incoming requests look like.
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list