Hello !
I’m new to Nginx.
I installed Nginx (on Gentoo) instead of Apache behind a Cisco
LoadBalancer.
My problem is that the directive $http_x_forwarded_for always write
local IP of the LoadBalancer instead of Real IP.
But I have the good IP in the header HTTP_X_FORWARD.
I’ve tried lot of configurations but no one is good…
Do you have any idea ?
Thanks by advance,
Tib1
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223259#msg-223259
2012/3/2 Tib1 [email protected]:
But I have the good IP in the header HTTP_X_FORWARD.
perhaps something like this:
set_real_ip_from load_balancer_ip;
real_ip_header X-Forwarded-For;
ref: http://nginx.org/en/docs/http/ngx_http_realip_module.html
Nope, I’ve tried this but without success…
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223261#msg-223261
How can I get the full request header ?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223280#msg-223280
Problem solved.
It’s the name of real_ip_header that was wrong in my CISCO system.
Thanks.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223283#msg-223283
2012/3/2 Tib1 [email protected]:
Nope, I’ve tried this but without success…
I suggest posting the full request header sent by load balancer.
02 марта 2012, 15:01 от Edho A. [email protected]:
But I have the good IP in the header HTTP_X_FORWARD.
perhaps something like this:
set_real_ip_from load_balancer_ip;
real_ip_header X-Forwarded-For;
Replace X-Forwarded-For with X-Forward and that shouldl work.
You may want to update your Cisco ACE loadbalancing policy
map configuration to insert the standard X-Forwarded-For
instead of the X-Forward header by doing something like this
in Exec mode:
host1/Admin# show running-config policy-map
You should see something like this:
policy-map type loadbalance http first-match L7_LB_POLICY
class L7_LB_CLASS
serverfarm SERVER_FARM_1
insert-http x-forward header-value “%is”
Then just replace the header:
Host1/Admin# configure terminal
Host1/Admin(config)# policy-map type loadbalance first-match
L7_LB_POLICY
host1/Admin(config-pmap-lb)# class L7_LB_CLASS
host1/Admin(config-pmap-lb-c)# no insert-http X-Forward header-value
“%is”
host1/Admin(config-pmap-lb-c)# insert-http X-Forwarded-For header-value
“%is”
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config)# exit
If everything works as expected just save your configuration and that’s
it:
host1/Admin# copy running-config startup-config
Max
Thank you very much Max !
In fact, it was the name of the header that was wrong.
And I didn’t make the connection between the value in the Cisco ACE and
the value of the Nginx real_ip_header. I thought it was a constant.
So thank you again 
Have a good day !
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223273,223284#msg-223284
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs