This module lets to change the client's IP address to value from request header (e. g. X-Real-IP
or X-Forwarded-For
).
It is useful if nginx works behind some proxy of L7 load balanver, and request come from local IP, but proxy add request header with client's IP.
This module isn't built by default, enable it with the configure option
--with-http_realip_module
User Note: "You will build a list of trusted proxies (see below) and the first IP in the header which is not trusted will be used as the client IP." Source: README of the Apache module mod_extract . Quite informative, about why and how this security feature is helpful.
Example:
set_real_ip_from 192.168.1.0/24;
set_real_ip_from 192.168.2.1;
real_ip_header X-Real-IP;
syntax:*set_real_ip_from [the address|CIDR]*
default: none
context:*http, server, location*
This directive describes the trusted addresses, which transfer accurate address for the replacement.
syntax:*real_ip_header [X-Real-IP|X-Forwarded-For]*
default:*real_ip_header X-Real-IP*
context:*http, server, location*
This directive sets the name of the header used for transferring the replacement IP address.