Forum: NGINX http headers ip address

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
(Guest)
on 2009-04-19 20:24
(Received via mailing list)
hi
i get the clients ip address in this http header: X-FB-USER-REMOTE-ADDR.
how
do i configure nginx so that this is set as the ip address of client for
a
fastcgi app?

thanks a lot!
Michael S. (Guest)
on 2009-04-19 20:57
(Received via mailing list)
make sure nginx has the "realip" module (nginx -V, look for
--with-http_realip_module) - you could try it and run nginx -t to
check the conf file to see if it's in your compile too.

Double check the header isn't a different case like
X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
capitalized, but also prefixed with SERVER so maybe it is always
capped)

Lastly this is all you need. The first line is if you want to only
trust that header from another proxy / load balancer / etc, which you
probably do, so you can set it to the appropriate netmask.

set_real_ip_from 0.0.0.0/0;
real_ip_header X-FB-USER-REMOTE-ADDR;
(Guest)
on 2009-04-20 00:52
(Received via mailing list)
Hi Michael,
Thanks a lot for this.

I want to do this only if this header is available. IF it is not
available,
it should the client ip should be the default one.
how can i do that?

thanks again
Igor S. (Guest)
on 2009-04-21 14:54
(Received via mailing list)
On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

> trust that header from another proxy / load balancer / etc, which you
> probably do, so you can set it to the appropriate netmask.
>
> set_real_ip_from 0.0.0.0/0;

No, you should not allow to override client address from all.
Just from frontends:

set_real_ip_from fb-ip1;
set_real_ip_from fb-ip2;
Igor S. (Guest)
on 2009-04-21 14:55
(Received via mailing list)
On Sun, Apr 19, 2009 at 01:43:45PM -0700, removed_email_address@domain.invalid 
wrote:

> Hi Michael,
> Thanks a lot for this.
>
> I want to do this only if this header is available. IF it is not available,
> it should the client ip should be the default one.
> how can i do that?

If the header is not available client address is not changed.
Igor S. (Guest)
on 2009-04-21 14:56
(Received via mailing list)
On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

> make sure nginx has the "realip" module (nginx -V, look for
> --with-http_realip_module) - you could try it and run nginx -t to
> check the conf file to see if it's in your compile too.
>
> Double check the header isn't a different case like
> X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
> capitalized, but also prefixed with SERVER so maybe it is always
> capped)

nginx tests header name as case insentive string.
Michael S. (Guest)
on 2009-04-21 19:37
(Received via mailing list)
2009/4/21 Igor S. <removed_email_address@domain.invalid>:

> No, you should not allow to override client address from all.
> Just from frontends:
>
> set_real_ip_from fb-ip1;
> set_real_ip_from fb-ip2;

Yeah that's what I said - it was a bit roundabout. "only trust the
header from your load balancer etc, w hich you probably want to do,
set the netmask appropriately"

 :)
This topic is locked and can not be replied to.