Usage of $proxy_add_x_forwarded_for on edge proxies
me at nanaya.pro
Tue Jan 12 14:14:50 UTC 2021
Should there be warning in documentation on usage of $proxy_add_x_forwarded_for for X-Forwarded-For proxy header on edge proxies?
I keep seeing config examples with proxy settings like this:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Which doesn't make sense on edge servers as there's no way to trust the client-provided value. At best it just adds unnecessary complexity trying to figure out the last "trustworthy" entry.
The correct value should be just $remote_addr (and thus drop client-provided values).
I think $proxy_add_x_forwarded_for should only be used for proxies located behind another proxy.
(or someone please correct me on this)
More information about the nginx