Log $http_x_forwarded_for behind Cisco ACE LB

Hello !

I’m new to Nginx.

I installed Nginx (on Gentoo) instead of Apache behind a Cisco
LoadBalancer.

My problem is that the directive $http_x_forwarded_for always write
local IP of the LoadBalancer instead of Real IP.

But I have the good IP in the header HTTP_X_FORWARD.

I’ve tried lot of configurations but no one is good…

Do you have any idea ?

Thanks by advance,

Tib1

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223259#msg-223259

2012/3/2 Tib1 [email protected]:

But I have the good IP in the header HTTP_X_FORWARD.

perhaps something like this:

set_real_ip_from load_balancer_ip;
real_ip_header X-Forwarded-For;

ref: http://nginx.org/en/docs/http/ngx_http_realip_module.html

Nope, I’ve tried this but without success…

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223261#msg-223261

How can I get the full request header ?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223280#msg-223280

Problem solved.
It’s the name of real_ip_header that was wrong in my CISCO system.

Thanks.

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223259,223283#msg-223283

2012/3/2 Tib1 [email protected]:

Nope, I’ve tried this but without success…

I suggest posting the full request header sent by load balancer.

02 марта 2012, 15:01 от Edho A. [email protected]:

But I have the good IP in the header HTTP_X_FORWARD.

perhaps something like this:

set_real_ip_from load_balancer_ip;
real_ip_header X-Forwarded-For;

Replace X-Forwarded-For with X-Forward and that shouldl work.

You may want to update your Cisco ACE loadbalancing policy
map configuration to insert the standard X-Forwarded-For
instead of the X-Forward header by doing something like this
in Exec mode:

host1/Admin# show running-config policy-map

You should see something like this:

policy-map type loadbalance http first-match L7_LB_POLICY
class L7_LB_CLASS
serverfarm SERVER_FARM_1
insert-http x-forward header-value “%is”

Then just replace the header:

Host1/Admin# configure terminal
Host1/Admin(config)# policy-map type loadbalance first-match
L7_LB_POLICY
host1/Admin(config-pmap-lb)# class L7_LB_CLASS
host1/Admin(config-pmap-lb-c)# no insert-http X-Forward header-value
“%is”
host1/Admin(config-pmap-lb-c)# insert-http X-Forwarded-For header-value
“%is”
host1/Admin(config-pmap-lb-c)# exit
host1/Admin(config)# exit

If everything works as expected just save your configuration and that’s
it:
host1/Admin# copy running-config startup-config

Max

Thank you very much Max !

In fact, it was the name of the header that was wrong.

And I didn’t make the connection between the value in the Cisco ACE and
the value of the Nginx real_ip_header. I thought it was a constant.

So thank you again :slight_smile:

Have a good day !

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,223273,223284#msg-223284