Hi,
We are using Akamai for site acceleration and wish to block traffic from
a set of IPs.
Can I just do something like
if $TRUE-CLIENT-IP ~ IP {
deny all;
}
or do I need to search the HTTP_Header
This is not a variable defined in the HTTP core module.
Sameer
Posted at Nginx Forum:
Thanks for the reply vesperto but the real IP of the client is not the
same as $REMOTE_IP. I already tried the AccessModule and that didn’t do
the job.
In my scenario $REMOTE_IP is the IP of the proxy serving which is
forwarding the request and $TRUE-CLIENT-IP is a field in the HTTP head
which contains the requesting IP which I wish to block.
Sameer
Posted at Nginx Forum:
While I’m not 100% sure (prolly Igor or Maxim can confirm/deny) if the
module changes the clients ip before other modules/internals
(like Access) but you could use the RealIP module
http://wiki.nginx.org/NginxHttpRealIpModule
And bassicaly add just the required header:
real_ip_header TRUE-CLIENT-IP;
rr
----- Original Message -----
From: “sameer” [email protected]
To: [email protected]
Sent: Thursday, October 15, 2009 4:00 PM
Subject: Re: Blocking user behind proxy
On Thu, Oct 15, 2009 at 04:36:30PM +0300, Reinis R. wrote:
While I’m not 100% sure (prolly Igor or Maxim can confirm/deny) if the module changes the clients ip before other modules/internals
(like Access) but you could use the RealIP module http://wiki.nginx.org/NginxHttpRealIpModuleAnd bassicaly add just the required header:
real_ip_header TRUE-CLIENT-IP;
Yes, there are two ways to block some addresses:
real_ip_header TRUE-CLIENT-IP;
deny 192.168.1.1;
deny 192.168.1.2;
deny 192.168.1.3;
…
allow all;
geo $http_true_client_ip $forbidden {
default 0;
192.168.1.1 1;
…
}
if ($forbidden) {
return 403;
}
On Tue, Oct 20, 2009 at 07:44:53AM -0400, sameer wrote:
Hi,
Sorry for the delayed response.
@Igor I tried putting the deny statement after the real_ip_header True-Client-IP line and didn’t do the job.
Any other suggestions?
Could you show the configuration ?
Hi,
Sorry for the delayed response.
@Igor I tried putting the deny statement after the real_ip_header
True-Client-IP line and didn’t do the job.
Any other suggestions?
Sameer
Posted at Nginx Forum:
server {
listen 80 default;
server_name www.foo-bar.com;
location / {
real_ip_header True-Client-IP;
error_log logs/error.log;
access_log logs/access.log main;
deny 121.243.22.187;
root /usr/local/apache/htdocs;
}
}
geo $http_true_client_ip $forbidden {
default no;
121.243.22.187 0;
}
if ($forbidden) {
return 403;
}
I tried the geo directive inside the server section and during the
config check I keep getting an error
: “geo” directive is not allowed here in
/usr/local/nginx/conf/nginx.conf
I tried recompiling --with-http_geo_module and got an error.
Using nginx version 0.7.62
Sameer
Posted at Nginx Forum:
On Tue, Oct 20, 2009 at 08:34:09AM -0400, sameer wrote:
}
What is in access and error logs for 121.243.22.187 ?
geo $http_true_client_ip $forbidden {
default no;
121.243.22.187 0;
default no;
121.243.22.187 0;
default 0;
121.243.22.187 1;
} if ($forbidden) { return 403; }I tried the geo directive inside the server section and during the config check I keep getting an error
: “geo” directive is not allowed here in /usr/local/nginx/conf/nginx.conf
http {
geo ...
server {This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs