ngx_http_realip_module

The ngx_http_realip_module module lets the user change the address of the client header X-Real-IP and X-Forwarded-For.

This module's not built by default, enable it with the configure option --with-http_realip_module.

User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract. Quite informative, about why and how this security feature is helpful.

Example: 

        set_real_ip_from   192.168.1.0/24;
        set_real_ip_from   192.168.2.1;
        real_ip_header     X-Real-IP;

Directives

set_real_ip_from

syntax: set_real_ip_from [the address|CIDR]

default: none

context: http, server, location

This directive describes the trusted addresses, which transfer accurate address for the replacement.

real_ip_header

syntax: real_ip_header [X-Real-IP|X-Forwarded-For]

default: real_ip_header X-Real-IP

context: http, server, location

This directive sets the name of the header used for transferring the replacement IP address.

References

Original Documentation

NginxHttpRealIpModule (last edited 2006-10-19 13:52:35 by OlleJonsson)