Questions about real ip module

Fri Jul 29 20:13:52 UTC 2022

I have a few questions about the real ip module (tried on nginx/1.22.0):

1. is there no way to reset the list of `set_real_ip_from` for a specific subsection? For example to have a completely different set of trusted addresses for a specific server

2. does setting `real_ip_header '';` in a section effectively disable the module for the section?

3. documentation says `real_ip_header` is allowed in location block but it doesn't seem to do anything?

This still uses address from X-Real-Ip instead of X-Other for allow check and log:

http {
  real_ip_header X-Real-Ip;
  ...
  server {
    location /data/ {
      real_ip_header X-Other;
      allow 10.0.0.1; # <- checks against value from X-Real-Ip
      deny all;
      access_log /var/log/nginx/data.log; # <- logs address from X-Real-Ip
    }
  }
}

Similarly I tried this version as well and it behaves the same:

location /da {
  real_ip_header X-Other;
  location /data/ {
    allow 10.0.0.1;
    deny all;
    access_log /var/log/nginx/data.log;
  }
}