Http headers ip address

casper_the_ghost · April 19, 2009, 6:24pm

hi
i get the clients ip address in this http header: X-FB-USER-REMOTE-ADDR.
how
do i configure nginx so that this is set as the ip address of client for
a
fastcgi app?

thanks a lot!

casper_the_ghost · April 19, 2009, 6:57pm

make sure nginx has the “realip” module (nginx -V, look for
–with-http_realip_module) - you could try it and run nginx -t to
check the conf file to see if it’s in your compile too.

Double check the header isn’t a different case like
X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
capitalized, but also prefixed with SERVER so maybe it is always
capped)

Lastly this is all you need. The first line is if you want to only
trust that header from another proxy / load balancer / etc, which you
probably do, so you can set it to the appropriate netmask.

set_real_ip_from 0.0.0.0/0;
real_ip_header X-FB-USER-REMOTE-ADDR;

casper_the_ghost · April 19, 2009, 10:52pm

Hi Michael,
Thanks a lot for this.

I want to do this only if this header is available. IF it is not
available,
it should the client ip should be the default one.
how can i do that?

thanks again

casper_the_ghost · April 21, 2009, 12:55pm

On Sun, Apr 19, 2009 at 01:43:45PM -0700, [email protected] wrote:

Hi Michael,
Thanks a lot for this.

I want to do this only if this header is available. IF it is not available,
it should the client ip should be the default one.
how can i do that?

If the header is not available client address is not changed.

casper_the_ghost · April 21, 2009, 12:54pm

On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

trust that header from another proxy / load balancer / etc, which you
probably do, so you can set it to the appropriate netmask.

set_real_ip_from 0.0.0.0/0;

No, you should not allow to override client address from all.
Just from frontends:

set_real_ip_from fb-ip1;
set_real_ip_from fb-ip2;

casper_the_ghost · April 21, 2009, 12:56pm

On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

make sure nginx has the “realip” module (nginx -V, look for
–with-http_realip_module) - you could try it and run nginx -t to
check the conf file to see if it’s in your compile too.

Double check the header isn’t a different case like
X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
capitalized, but also prefixed with SERVER so maybe it is always
capped)

nginx tests header name as case insentive string.

casper_the_ghost · April 21, 2009, 5:37pm

2009/4/21 Igor S. [email protected]:

No, you should not allow to override client address from all.
Just from frontends:

set_real_ip_from fb-ip1;
set_real_ip_from fb-ip2;

Yeah that’s what I said - it was a bit roundabout. “only trust the
header from your load balancer etc, w hich you probably want to do,
set the netmask appropriately”