FAQ

Page Discussion History

HttpRealipModule

Revision as of 07:36, 20 December 2013 by Yukotan (Talk | contribs)

WARNING: this article is obsoleted. Please refer to http://nginx.org/en/docs/ for the latest official documentation.

Contents

Synopsis

This module allows to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).

It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client's IP.

This module isn't built by default, enable it with the configure option

--with-http_realip_module

Example:

set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

Directives

set_real_ip_from

Syntax: set_real_ip_from address | CIDR | unix:
Default:
Context: http
server
location
Reference:set_real_ip_from


real_ip_header

Syntax: real_ip_header field | X-Real-IP | X-Forwarded-For
Default: X-Real-IP
Context: http
server
location
Reference:real_ip_header


This directive sets the name of the header used for transferring the replacement IP address.

In case of X-Forwarded-For, this module uses the last ip in the X-Forwarded-For header for replacement.

real_ip_recursive

Syntax: real_ip_recursive on | off
Default: off
Context: http
server
location
Appeared in: 1.3.0
1.2.1
Reference:real_ip_recursive


If recursive search is disabled, the original client address that matches one of the trusted addresses is replaced by the last address sent in the request header field defined by the real_ip_header directive.

If recursive search is enabled, the original client address that matches one of the trusted addresses is replaced by the last non-trusted address sent in the request header field.

References

Original Documentation

trac ticket #2