Http headers ip address


#1

hi
i get the clients ip address in this http header: X-FB-USER-REMOTE-ADDR.
how
do i configure nginx so that this is set as the ip address of client for
a
fastcgi app?

thanks a lot!


#2

make sure nginx has the “realip” module (nginx -V, look for
–with-http_realip_module) - you could try it and run nginx -t to
check the conf file to see if it’s in your compile too.

Double check the header isn’t a different case like
X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
capitalized, but also prefixed with SERVER so maybe it is always
capped)

Lastly this is all you need. The first line is if you want to only
trust that header from another proxy / load balancer / etc, which you
probably do, so you can set it to the appropriate netmask.

set_real_ip_from 0.0.0.0/0;
real_ip_header X-FB-USER-REMOTE-ADDR;


#3

Hi Michael,
Thanks a lot for this.

I want to do this only if this header is available. IF it is not
available,
it should the client ip should be the default one.
how can i do that?

thanks again


#4

On Sun, Apr 19, 2009 at 01:43:45PM -0700, removed_email_address@domain.invalid wrote:

Hi Michael,
Thanks a lot for this.

I want to do this only if this header is available. IF it is not available,
it should the client ip should be the default one.
how can i do that?

If the header is not available client address is not changed.


#5

On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

trust that header from another proxy / load balancer / etc, which you
probably do, so you can set it to the appropriate netmask.

set_real_ip_from 0.0.0.0/0;

No, you should not allow to override client address from all.
Just from frontends:

set_real_ip_from fb-ip1;
set_real_ip_from fb-ip2;


#6

On Sun, Apr 19, 2009 at 09:48:54AM -0700, Michael S. wrote:

make sure nginx has the “realip” module (nginx -V, look for
–with-http_realip_module) - you could try it and run nginx -t to
check the conf file to see if it’s in your compile too.

Double check the header isn’t a different case like
X-FB-User-Remote-Addr or something (if you saw this in PHP it would be
capitalized, but also prefixed with SERVER so maybe it is always
capped)

nginx tests header name as case insentive string.


#7

2009/4/21 Igor S. removed_email_address@domain.invalid:

No, you should not allow to override client address from all.
Just from frontends:

set_real_ip_from fb-ip1;
set_real_ip_from fb-ip2;

Yeah that’s what I said - it was a bit roundabout. “only trust the
header from your load balancer etc, w hich you probably want to do,
set the netmask appropriately”

:slight_smile: