Synopsis

This module allows to change the client's IP address to value from request header (e. g. X-Real-IP or X-Forwarded-For).

It is useful if nginx works behind some proxy of L7 load balancer, and the request comes from a local IP, but proxy add request header with client's IP.

This module isn't built by default, enable it with the configure option

--with-http_realip_module

Example:

set_real_ip_from   192.168.1.0/24;
set_real_ip_from   192.168.2.1;
real_ip_header     X-Real-IP;

Directives

set_real_ip_from

ERROR in secure-include.php: could not read the given src URL http://wiki.nginx.org/nginx.org/ngx_http_realip_module/set_real_ip_from.txt

This directive describes the trusted addresses, which transfer accurate address for the replacement. Since 0.8.22 Unix sockets can also be trusted.

real_ip_header

ERROR in secure-include.php: could not read the given src URL http://wiki.nginx.org/nginx.org/ngx_http_realip_module/real_ip_header.txt

This directive sets the name of the header used for transferring the replacement IP address.

In case of X-Forwarded-For, this module uses the last ip in the X-Forwarded-For header for replacement.

References

Original Documentation

trac ticket #2